Norbert Bollow wrote:
Jeroen Massar jeroen@unfix.org wrote:
Operating Systems give us the freedom to deploy any kind of application, this though also allows any stupid person to simply click on that .exe in that email, or "download that new version of Flash" and other nice tricks. For these tricks there is not much any software author can do about, as from the OS point of view, people are just installing yet another normal program. Nothing special.
I think that some worthwhile measures are possible:
- By default install programs from unknown/untrusted sources in a kind of sandbox where the amount of harm which a hostile program can do is limited by restrictions like "no access to any files on the disk outside the sandbox, except when access is explicitly requested by the user" and "no direct access to the network".
Most applications need network access nowadays, heck even Google silently installs a "updater" that starts providing them with more details of where you are today. (Yes, they might not transmit who you are, but who cares, they have a unique ID + software version + IP address, that is good enough to match you up to all the other data they have on file of you and then sell directly or summarized).
If 'real' applications do that, others will also just install some background process and connect to the Internet. Users will then just like those applications just press "ok, I am fine with that".
Education can solve that, but only in little bits.
This is actually more a user-interface/presentation-layer problem than a network/computer issue though. And as you can make a screenshot of those buttons and show them as an image, or what they used to do just popup a new one, and thus show that image, one can easily train people to start ignoring them.
- Ensure that functionality which the operating system provides for installing software can be used only in ways which make it very clear to the user that software is being installed.
People loved the Vista popups, guess where the above will go.
Although these ideas sound good, I don't think they will fly in practice as several attempts have already shown.
And then of course if M$ would push signed applications there is always the propaganda about 'freedom' and 'being restricted' etc.
As long as the administrations of computers are able to create signatures for any program which allows that program to be used (or used without the "sandbox" restriction that I'm suggesting) on the machines of which they are in charge, there is no problem regarding the aspect of freedom.
The 'administration' is the person who doesn't know about computers.
These people will then also just click what is told in the screen. Remember those nice "password protected zip files" in your mailbox with the nice virus in them? Or for that matter how pishing works?
"Please provide your Windows username and password so that we can provide you with this super fancy new WoW mount".
Furthermore, regarding the aspect of widespread distrust of MS and operating system software vendors in general (which is IMO not at all irrational), that could and IMO should be addressed by means of putting a vendor-neutral organization with strong transparency and due-process constraints in charge of approving programs for signatures for which the corresponding public keys are publicly distributed with the operating system.
There goes the freedom of the Internet. No sane computer user will ever accept that. The problem then also doesn't lie with that group of people (though some think they know everything and then it is even more fun when they get hit [which reminds me to rethink my setups once ;) ] )
Also, take as an example again Nokia S60 or Apple iPhone both use this scheme already and you know what happens: websites which can create the certificates for you (S60) and Jailbreaking (iPhone). Not even going to the simple thing of software bugs and exploitable vulnerabilities (in which case signatures don't really help) or even easier: "My Cool Beer Application", which is actually a very nice trojan but which is correctly signed by your single organization (who added some code to monitor all the users). And we of course all have heard how often applications are rejected from the Apple AppStore...
Don't forget that there is no such thing as a "neutral organization with strong transparency" every single one of them has an agenda, even the anarchists are organized and have a (couple of) leaders and do the rest of the anarchists truly know what they are up to and how they are doing silly things for in the end?
Greets, Jeroen