Fordi
Group: Members
Posts: 90
Joined: April 2004 |
|
Posted: Mar. 08 2005,20:01 |
|
While it's true that Windows XP is more "vulerable" to spyware and virii - due, and lets admit it, mostly to its prevalence - Linux will eventually be a target as well.
I mean, there's already Spyware for Mac OS X. A boon to interoperability?
Now, in terms of keeping your browser secure, Linux is pretty hard (meaning solid, rather than difficult). You have to manually execute software. Basically, if you run a virus, or a maliciously written script, or anything of that nature, it's your own damn fault.
But wait... Why not give the browser the ability to run arbitrary code anyway?
*ducks under the large number of tomatos incoming from the audience*
No, seriously.
What if you could have a user and a bit of disk set aside for a "Downloaded software jail". A quarantine, if you will. The user has no rights outside the quarantine, and the browser chroots into the quarantine and su's to the user. The quarantine has the symlinked libs and bins of a "basic" x-enabled distro (like, less stuff than DSL - just xdm), an emulated /dev (everything's /dev/null, regardless of its name) and no /proc (no letting it get at the kernel). The q-user's CPU time is limited to 10%.
Meanwhile, the quarantine control daemon watches what this program's doing, looking for warning signs. Is it poking at /proc? why's it trying to write data to /etc/rcS.d/S00Alpha? It just changed its own .xinitrc!
And, if after toying with the program for a few minutes, you like it, and the q-daemon hasn't complained about anything, just type a single command and have it installed properly.
Easy peasy? No. That daemon would be a bear to code. Finding a suitable "Quarantine" distribution might be tricky. Tweaking the browser code to behave in this way wouldn't be much fun either.
Anyway, just an idea for the implementation of the "ease of install" that Windows enjoys without sacrificing security.
|