Why modern OS security is based on file permissions? Why not base it on what user passes to a program? If I pass a file to a function, then it has access to it. That way no malware can open backdoor without my explicit actions. It's that simple! Unix designer must be retard, it's good he is dead.
>>5
You would have to `opt-in' to allowing each and every file. In fact the way >>1-san phrased it you wouldn't even get a prompt; you would have to do it manually.
Name:
Anonymous2011-10-16 7:26
>>6 You would have to `opt-in' to allowing each and every file.
Why?
Name:
Anonymous2011-10-16 7:28
>>6 In fact the way >>1-san phrased it you wouldn't even get a prompt; you would have to do it manually.
No. >>1 says that browser has link to C:\Program Files\Browser folder, where it stores all cookies.
Name:
Anonymous2011-10-16 7:30
>>8
The point is that browser has no other links, so it cant store "cookies" inside c:\windows\
Name:
FrozenVoid2011-10-16 7:47
ForzenOS will have the following privilege levels for programs
each access will be checked against the privilege levels for action and can be denied. There will no "Admin user runs a virus" scenario because each privilife level has to be approved by the user himself(Add following privilege for virus.exe? Warning: This will allow the virus.exe to modify raw disk data!)
access to |read| Write/create/Send |Overwrite|Delete|Rename/Move|
_____________________________________________________
Own directory
+Subdirectories
+One Directory level above current
+2 Levels above
+3 levels above
+4 levels above
+5 levels above
All directories
Encrypted files
System files
Read only files
Full Filesystem access
disk sectors
boot loader
boot sector
BIOS data
Firmware
Video memory
Audio output
Audio input
Name:
FrozenVoid2011-10-16 7:56
Network access will be managed by special kernel filter which would also deny access to network for programs which have not been specially written into network access list which would specify what locations(netmasks and DNS regexp) and protocols the program will be allowed to use(e.g. DNS/PING/UDP all/TCP all/HTTP)
with complex rules to make any network access for malicious software impossible without approval.
Name:
Anonymous2011-10-16 8:04
>>10>>11
Sounds like a bloated overengeneered piece of shit. The Spirit of the Right Thing doesnt approve your endeavour.
Name:
FrozenVoid2011-10-16 10:17
>>12
Its better to prepare to fail, rather than fail to prepare. The ability of any software which runs with "admin rights" on Linux/Mac/Windows to deal any form of damage is defective by design. If you can't see that The Right Thing is to deny access to everything by default, rather than allowing the malware to rape your PC by default.
Any performance cost will be negligible compared to reformatting your own disk and restoring backups. Just think about what is your "Spirit of the Right Thing".