[throwaway290]

> A sane system should not be compromised no matter where the executable is from.

So, you're saying a sane system should not run arbitrary code I tell it to run? Which is different from iOS security model how?

(If not, please explain how your hypothetical magic OS resists compromise without limiting instructions it would execute)

[kaba0]

You are running code on your CPU in ring 0 all the time? No. The same way a sandbox gives a whitelist approach to security — this app by default should have no filesystem access. It does want to open a file — ask the user whether it should be able to or not.

Security is upheld, user control is given, everyone is happy.

[throwaway290]

Well if we are talking sandboxing, Windows has it and this malware specifically has sandbox escape functionality for that purpose.

[kaba0]

What kind of sandbox does Windows have? All I could find was about a pro/enterprise feature but even that has to be explicitly started and I doubt minecraft users used that.

Not having admin rights is almost uselessly crude as a “sandbox”.

[andersa]

There is the one called "windows sandbox" but it's not persistent making it useless.

More recently, I've been following https://github.com/microsoft/win32-app-isolation which seems incredibly interesting! If they can pull it off, we will have mobile-os like security on windows, finally, after all these years.

It has been my #1 feature request for windows for so long... I almost can't believe it's actually happening.

[throwaway290]

Idk https://news.ycombinator.com/item?id=36238459