[josephg]

Yeah - I’ve had this rant more times than I can count. Modern PC security is stupid because it protects users from other users (what other users?) but it doesn’t protect users from bad software they run on their own account. When the computer only has 1 user anyway, there isn’t much practical difference between the root user and my user account. But the elephant in the room is software supply chain attacks and malware. The fact any program I run can do anything it wants with all my files is ridiculous and appalling.

Phones get it right. The Facebook app on my phone can’t read Gmail’s data. And Gmail can’t access my photos without permission. On desktop any program can read or write to any of my files. And my files - photos, work, code - matter a lot more to me than anything my OS works hard to protect.

There’s no good technical reason, either. It’s a problem of pure inertia.

[vondur]

Apple kind of does this with the MacOS now. It will continuously ask you for each app to give it permissions to specific folders (downloads, home directory) plus can the app use the camera, the microphone etc.. I feel like most people blindly just tap yes to get it out of the way and use the app they just installed.

[josephg]

Its certainly a start.

People like to hate on the permission dialog boxes on MacOS - but each app only needs to ask you once for permission. I don't think I've seen one of these dialog boxes for months. And they add a remarkably large amount of security to the overall system given how little they inconvenience users in the steady state of system execution.

But they're a very coarse brush. Once an application has permission to access some folder, it can do anything it wants there. And only certain folders and permissions are protected. (I think any app can read / write any data in ~/Library).

I think the desktop security environment would work extremely differently if it were designed today. I'd love to see more people experimenting with ideas.