To me, the biggest failure of the major desktop operating systems is their lack of an easy, it-just-works sandbox environment for running untrusted computations. This omission has allowed browsers to do an end-run around the OS companies to the point where we now have Google attempting to make the OS itself the afterthought.
They have a point. The average user is not capable of judging whether they can trust a piece of downloaded code or not. Hell, generally the sophisticated power user with full access to an application's source code does not have time to make a sound judgement just to try out some new toy. So, people take shortcuts and mistakes happen.
The right answer is to make the initial judgement irrelevant, which is exactly what's happening as web browsers evolve into a general computing platform. As more and more software moves into the browser, the implicit change to a default-deny security model on the client side will help stem the tides of malware while letting us encourage users to try software they (or some big corporation) haven't personally vetted as safe. And in a massively multicore environment where the worst a process can do is launch an (intentional or unintentional) denial of service attack against a few of your cores, why not?
In a world with default deny, at least it becomes clear exactly who you are trusting with your data.
Be the first to reply!
Post a Comment
By submitting a comment you assert that it is your own original work and agree to grant a non-exclusive licence to Brandon Thomson to display it on log.bthomson.com.