Virus free desktop
Stuart D. Gathman
stuart at bmsi.com
Tue Nov 18 19:21:37 GMT 2003
On Tue, 18 Nov 2003, Timo Sirainen wrote:
> For a while now I've been thinking about how to make computers actually
> work the way people expect them to - mostly related to security.
> So, how about changing the operating system to allow or even encourage
> such behaviour? "Sure, just run anything, it's safe. If it's a virus,
> operating system clearly warns about it."
Yes, this is called a "sandbox". This is what Java delivered for applets.
Linux can also deliver this for native code by creating a "sandbox"
user that does not have direct access to either the system or
user files. For programs that display eye candy or run a stand alone
application, a work directory with quota is all we need. If it is desired to
give untrusted programs limited access to user files, there can be an agent
process which runs SUID to the user, and provides restricted access to user
files. A standard API with library provides access to the user agent.
Stuart D. Gathman <stuart at bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"[Microsoft] products are even less buggy than others, in terms of
per capita usage." - Steve Balmer, Microsoft Corporation
More information about the kde