Jeroen Massar jeroen@unfix.org wrote:
Operating Systems give us the freedom to deploy any kind of application, this though also allows any stupid person to simply click on that .exe in that email, or "download that new version of Flash" and other nice tricks. For these tricks there is not much any software author can do about, as from the OS point of view, people are just installing yet another normal program. Nothing special.
I think that some worthwhile measures are possible:
- By default install programs from unknown/untrusted sources in a kind of sandbox where the amount of harm which a hostile program can do is limited by restrictions like "no access to any files on the disk outside the sandbox, except when access is explicitly requested by the user" and "no direct access to the network".
- Ensure that functionality which the operating system provides for installing software can be used only in ways which make it very clear to the user that software is being installed.
And then of course if M$ would push signed applications there is always the propaganda about 'freedom' and 'being restricted' etc.
As long as the administrations of computers are able to create signatures for any program which allows that program to be used (or used without the "sandbox" restriction that I'm suggesting) on the machines of which they are in charge, there is no problem regarding the aspect of freedom.
Furthermore, regarding the aspect of widespread distrust of MS and operating system software vendors in general (which is IMO not at all irrational), that could and IMO should be addressed by means of putting a vendor-neutral organization with strong transparency and due-process constraints in charge of approving programs for signatures for which the corresponding public keys are publicly distributed with the operating system.
Greetings, Norbert