|
|
On 9/7/2013 1:46 PM, Jim Henderson wrote:
>> Ur.. I would presume "security". See, the way I see it, this measure
>> they took wasn't to improve security at all, it was to damn up gaps in a
>> wall, so they thieves couldn't get out, while still letting them in
>> through the front gate.
>
> That's not a specific implementation, Patrick. Try again. You want to
> say that the current system sucks, fine - but propose something better.
> Dont' just say "security" as if that's a magic bullet. That's not
> something specific to be implemented, it's a concept. You're smarter
> than that.
>
Sigh.. You do realize that when they came up with this absurd solution
it was back with like 98/XP, where half the security they added since
didn't exist at all? So, sorry, but its not nonsensical to suggest
adding things that don't bloody exist *at all* in the OS in the first
place. As I pointed out, a big solution would be, "don't let people run
things without explicitly saying its OK to do so." We can argue whether
the current MS method of just asking, or the *nix version of having to
know what the F you are doing, in order to explicitly set run
permissions is better, and for whom, but the problem, for years, with
windows, and still is, in some cases, that things can either install
without asking, or circumvent safeguards, or, and this is the stupidest
one - nearly every installer under windows triggers the, "Are you sure
you want this thing to alter your machine?", question, which means
people will ignore the safeguard anyway. At best.. some of them might
question why a flash animation needs to, "change you machine
configuration", but seriously...
>> That would, imho, be a damn good start on it. MS didn't want to fix
>> their core problem, so they came up with one that "broke" existing
>> functionality, probably even for more than just that class of
>> applications, then, 10+ years later they "finally" fixed some of the
>> actual security.
>
> Technological implementation details, Patrick. Those are important. Not
> general "just do it" type BS language. How do you tell if a "small"
> program is a botnet or just a simple CLI utility (as is typical in the
> *nix world) that does a specific task?
>
I would say, not even a CLI, if it doesn't come with the OS, should be
allowed to do anything, unless you damn well know what it does, and
explicitly allow it. Or, more to the point, **especially** if its
something that small. But, heh, what the F do I know... And, its always
better to make everything "convenient", than make it safe, unless you
plan to make it a) convenient enough, and b) safe to the point where
doing what you want with it will brick the machine - i.e., most Apple
products.
Post a reply to this message
|
|