You may not know it, but ALL your programs can access your Quicken data. Not good. So, what can you do?
One solution to this nasty problem is to run all programs in a security sandbox. Unfortunately, the sandboxes in Windows 8 and Mac OS X Mountain Lion (10.8) are voluntary. Programmers can choose to use the sandbox security model, or they can choose to use the original user-based security model. All that it takes to subvert the new sandboxes is to install a program that is written for the old security model.
McAfee has some very interesting articles about the Windows 8 sandbox.
1) https://blogs.mcafee.com/mcafee-labs/windows-8-metro-brings-new-security-risks
2) https://blogs.mcafee.com/mcafee-labs/metro-interface-improves-windows-8-while-increasing-some-risks
3) http://blogs.mcafee.com/mcafee-labs/stronger-windows-8-still-vulnerable-through-apps-users This blog has one comment that I find really interesting:
“With Windows 8, desktop and Metro applications coexist to maintain backward compatibility with current Windows desktop applications. Windows also allows desktop applications to be installed and executed outside the usual constraints of Metro applications. This presents an interesting situation: Metro apps cannot get out of their sandbox; but desktop apps can enter the sandbox.”
What does this mean? It means that participation in the Metro sandbox security mechanism is voluntary, and that desktop apps don’t play by those rules. So, the Windows 8 sandbox is really easy to subvert – just install a desktop app. So, if you’re counting on sandboxes to keep your information secure, be careful what software you run! [INTERNAL LINK]
Here’s how to implement a security sandbox:
a) For Apple iPads and iPhones: these devices are running iOS, and all programs run in a sandbox. So, you don’t need to worry (as much) about those devices.
b) For Windows, you’re going to need to buy all new software, so you might as well buy a new PC. It must be running Windows 8 or later. Once you have done that, purchase and run only programs that are available from the Windows App store. If you’re not happy with that alternative, let Microsoft know. But, from a security perspective, it looks like they are doing the right thing.
c) For Mac OS X, you’re going to need to buy all new software, so you might as well buy a new Mac OS X computer. It must be running Mac OS X Mountain Lion (10.8) or later. Once you have done that, purchase and run only programs that are available from the Apple App store, or are deemed acceptable by Gatekeeper . If you’re not happy with that alternative, let Apple know. But, from a security perspective, it looks like they are doing the right thing.
I heard from a friend of mine, Paul Adams, who is very knowledgeable about Apple products: His comments:
a) All apps purchased through the app store for Mac OS X are sandboxed. It’s a requirement for developers who submit apps to the store to support it.
b) Look at the “gatekeeper” in Mac OS X 10.8 as well. It checks apps you install from the internet and will only let you run apps from “Trusted Developers” (an online list maintained by Apple), it’s a medium type setting for people who don’t want to be restricted to only the app store downloads but want to have some restrictions from the free-wheeling internet.
To learn more about security sandboxes, check out:
Recent Comments