Software is a fact of modern life, but not all of it is safe to use. The real problem is that there is no way for us to tell if a program is good or not. There is no software vetting process, no “seal of approval” that our programs are good, so all we can do is trust and hope that the programs we run on our computers are good. There are three strikes against us:
- All programs have defects (bugs). If a vendor tells you their software doesn’t have defects, they are ignorant or lying.
- Most programs will do some things that, if you were told they did it, you would question why they needed to do it (data collection, advertising, etc.)
- A small percentage of programs are intentionally deceptive and malicious, causing damage, stealing data, stealing passwords, attempting fraud, etc.
If we run a program when we are logged in as “John Smith”, we are hoping that:
- The software defects aren’t bad enough to hurt us.
- The data collection won’t jeopardize our privacy, and the advertising won’t be too annoying.
- The program isn’t intentionally deceptive and malicious.
That is true most of the time, but not all of the time. And, when we run a program when we are logged in as “John Smith”, it has FULL CONTROL of ALL of our data files.
Because of this, we really need all programs to run in a security sandbox. The sandbox needs to be big enough so programs can do what is reasonable that they should do, but small enough to protect the confidentiality and integrity of our data (more relevant concepts here: http://en.wikipedia.org/wiki/Information_security). Certainly, the sandbox needs to be small enough so the programs can’t do any damage.
Joanna Rutkowska, someone much more knowledgeable about this than I am, has come to the same conclusion.
To learn more about security sandboxes, check out:
- What is a security sandbox?
- All Your Programs Can Access Your Quicken Data
- How to Protect Your Quicken Data from All Your Programs
- Security Sandboxes: A Great Reason to Upgrade
- How to Implement Security Sandboxes
- Security Sandboxes and Virtualization
- Virtual Machines Aren’t Perfect Sandboxes
Recent Comments