Hacker News new | ask | show | jobs
by flangola7 1171 days ago
Running arbitrary and proprietary code without being able to review it first was always a mistake but we crossed that bridge over twenty years ago.

Every OS and chip manufacturer is working towards "secure core" architectures now. Executed code will run inside OS and silicon-level sandboxes. Memory spaces will not only be randomized, but encrypted and authenticated through dedicated secure enclaves. Hardened IOMMU modules will negotiate bus communication. System code is partitioned off and verified through hardware root of trust.

Malware as we have known it will be extinct in a few years.
1 comments
saagarjha 1171 days ago
I wish you’re right but I don’t see how what you’ve mentioned stops most malware.
link
flangola7 1170 days ago
In a nutshell, because an application won't be able to do anything evil. We're already halfway there on mobile devices. An Android app cannot access system files or files of other apps, period. "Run as admin" doesn't exist. It can't access shared files like camera photos or documents without explicit user permission.

This is mostly accomplished using SELinux, which is an afterthought slapped onto the original OS architecture.

There are exploits that defeat these walls, but it's getting harder. Walls built from the hardware level up will be almost impenetrable and might require finding an error in the chips' microcircuit designs.

link
saagarjha 1170 days ago
These are, quite frankly, easy protections to put up. I know a lot of work is invested into them but it’s pretty clear that apps shouldn’t be able to scribble all over the address space of other processes, or just have access to all system devices. The hard part is when you actually have a legitimate need to do certain things but not every app should be granted this permission. For accessibility reasons some apps should be able to simulate user input. Obviously, giving this permission to every app is not good. Some apps should be able to know where you are. The one that your spouse installed on your phone secretly to track you? Probably not. This is where the challenge is these days.
link