Slashdot Mirror

← Back to Stories (view on slashdot.org)

2010 Will Be the Year of Sandboxing Apps

Posted by timothy on from the layers-within-layers dept.

Trailrunner7 writes "In a guest editorial on Threatpost, Mac hacker and security researcher Dino Dai Zovi writes that 2010 will be the year that software vendors get religion about sandboxing untrusted data in desktop apps. 'Instead of the usual top ten lists that are all-too-common with predictions for the new year, I have just one: 2010 will be the year of desktop applications handling untrusted data in sandboxed processes, and it will be about time. The largest Internet security threats now arrive through malicious web pages or e-mail attachments. This is because attackers are opportunistic and these are the weakest links especially because they easily pass through every firewall. Security is not and never was about SYN packets, it is about data: the software attack surface that attacker-controlled data interacts with and what sensitive data the attacker can get a hold of if they can exploit vulnerabilities in that software.'"

3 of 203 comments (clear)

  1. Re:Already here. It's on my family PC.. by sakdoctor · · Score: 5, Funny

    Whoa! Your daughter is off the rails, and your soft approach to parenting is not helping.
    Install linux on her system right now, and don't give her the root password until she's 18!

  2. Re:This is the year of wishes being predicitons by csartanis · · Score: 5, Funny

    I predict this will be the year of Kari Bryon on the desktop!

  3. Re:you mean like an operating system is supposed t by jpmorgan · · Score: 5, Insightful

    This isn't a Windows specific problem. The fundamental problem is the user/process model that's been popular since the inception of UNIX (maybe even earlier, I don't know enough about Multics to say): the idea that only users have identities and programs run under the identity (and permissions) of the user who runs it. If I'm running a game, there's no reason why it needs access to my tax spreadsheets, etc...

    All software should be running under its own identity and access to user documents should be through standardized user interfaces... i.e., the 'File Open' dialog is actually a part of the OS not the application, and also grants temporary permissions in addition to just selecting a file.

    We talk about the principle of 'least privilege' but in practice (with a few notable exceptions) the 'low-privilege' processes have the most important privileges of all: access to all our stuff.