[kibibyte]

Dumb question: since modern CPUs and operating systems support virtual memory, shouldn't it be impossible for processes to access memory of other processes, since processes no longer have to deal with shared memory?

...unless you're alluding to security exploits that manage to subvert that mechanism.

[bcoates]

Windows subverts that mechanism by providing APIs that unprivileged apps can use to access each other's memory.

On Windows, any programs sharing a desktop are within the same security boundary and are not protected from each other by design.

[kibibyte]

Huh...I never knew that. I wonder why the APIs were designed this way; there has to be legitimate uses for this, right?

[arnnr]

I think the answer here is compatibility. But we finally are in a turning point. OSX's new apps and windows metro apps are sandboxed.

But until running mostly apps becomes the norm in a desktop system beware that not having admin privileges doesn't not mean you can NOT: load programs at startup, read most of registry settings, passwords, read memory of/close programs of same sec level. A malware doesnt need admin rights to do evil.

Still I believe AV products are useless even for inexperienced users.

[Dylan16807]

In the end, instead of using debug features, the files could be altered before starting a process. Programs on the same user account have no protection from each other, and windows isn't going to give you a false sense of security.

If you want apps to be blocked from touching each other, they need individual user accounts or equivalent. Operating systems for phones do this, but this kind of system hasn't been ported to a normal desktop.

[lmz]

debuggers?