In addition, we need a fundamental change in OS security. It's not OK that every application you run has access to all your files and unfiltered internet access by default.
Security mechanisms in most operating systems are good and has continued to evolve rapidly. I would say in Linux there might be too many and this is where the confusion come from.
The problem is really how the very popular recent things on top have been built: Docker, npm, pip.
I personally do not have docker, npm or pip installed on my workstation because I know that any `xxx install` is almost the equivalent of downloading and executing a `.exe` on a Windows 95 back in the days.
Apparently what happened here is a Github employee VScode downloaded a compromised extension and it ran wild in his $HOME (npm, another Microsoft gem is involved here if I remember correctly).
Just prevent VS Code from accessing the entire $HOME.
The idea is that a well-made, modern desktop operating system would extremely limit an executable's access to user files and provide intuitive tools to allow access. Most applications shouldn't even need any access beyond their own configuration directory and maybe something like ~/Document/Source Code for source code editors and IDE. It shouldn't need to access ~/Pictures, ~/Videos, ~/Downloads, etc.
The problem is that Windows would rather sell you OneDrive, and Linux is very far from a well-made modern desktop OS, so a transitive dependency on a linter installed by a VS Code plugin can rm -rf $HOME, I guess.
For linux we have bubblewrap, firejail, apparmor and selinux (popular ones, there are far more). But it is often complicated and annoying to set up. Normally one would expect sw developers would write security rules for their apps but it is difficult due to amount of different sandboxing tools and various distro-specific configuration changes.
It would be nice to have it sorted out somehow. Actually Snap is an interesting example of something done in that regard.
Yes, and I wish Linux developers would see their own hypocrisy.
Linux users love to say that "fragmentation is good" but they also depend fully on root, sudo, users/groups, and RWX file permissions. Those are "standards" enforced by having only 1 way of doing something, the kernel.
Don’t forget that Linux is Unix inspired. And unix were meant to be used on servers and mainframe where root were used by a trained sysadmin. Users were not meant to install applications, and their actions has little impact on the system integrity (if they’re not actively attacking it)
But now with PC, you are root on your local machine, and some abuse that power without even knowing what it entails. You could easily sandbox npm, by creating a user for your js dev persona. But that’s not convenient, so no one does it.
I’ve been using Little Snitch on my Mac for years now because I want to be aware of (and be able to turn off) the connections programs make. Probably the weirdest one I’ve caught was a new seagate hdd that required you to run an executable file to be able to format the drive, which then tried to connect to baidu.
It's so noisy though because of apps' built in update checks and other legitimate things initially, which you then grant a process exception for. Per destination allow rules would also generate a lot of popups. Then the user just grants exceptions for all traffic or suffers alert fatigue
It's useful for apps that should not have any outbound networking
But fundamentally I don't think it moves the needle that much on the bigger picture
The problem is really how the very popular recent things on top have been built: Docker, npm, pip.
I personally do not have docker, npm or pip installed on my workstation because I know that any `xxx install` is almost the equivalent of downloading and executing a `.exe` on a Windows 95 back in the days.
Apparently what happened here is a Github employee VScode downloaded a compromised extension and it ran wild in his $HOME (npm, another Microsoft gem is involved here if I remember correctly).
How was the OS supposed to prevent that?