A proposal

Discussion in 'other software & services' started by Gullible Jones, Jun 7, 2014.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    properties.png

    I know that "anti-executable" is far from perfect, but seriously, this is 2014. Denying a binary access to a bunch of system calls is the sort of thing that an OS should be able to do, on its own, selectively, without any third-party rubbish.
     
  2. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    Not exactly the same but some OSes do have this setting.
     

    Attached Files:

  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    They do, but not the way you think. Your screenshot there is just a setting in Nautilus, it's purely in userspace, and it only applies to scripts, not binaries. It's not kernel level interception of system calls.

    AppArmor and other path-based MAC systems can definitely do this - all you have to do is blanket deny a program exec permission on everything it has access to, and it won't be able to execute binaries. SMACK and SELinux should be able to do it too, though perhaps less easily... Using mandatory access control this way is a bit like using the CD player tray as a cupholder though. :)

    What I'm getting at is, this stuff should be the province of the OS itself, not third-party software. AFAIK Windows NT is the only multiuser OS ever to rely so much on third-party drivers for security.
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That's because Windows is still based on default-permit where anything can run anything else. They chose to make it simple for those who know nothing about computers, consequences be damned. Just wait until automotive electronics become more like PCs or smartphones. If they use the same default-permit policies, someone could design malware that could physically steal the car.
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I'm glad we have 3rd party protection etc. I wouldn't trust MS to do it all !
     
Thread Status:
Not open for further replies.