7
skiilaa
8y

Malwares are nasty applications, that can spy on you, use your computer as an attacker or encrypt your files and hold them on ransom.

The reason that malware exists, is because how the file system works. On Windows, everything can access everything. Of course, there are security measures, like needing administrator permissions to edit/delete a file, but they are exploitable.

If the malware is not using an exploit, nothing is there to stop a user from unknowingly clicking the yes button, when an application requests admin rights.

If we want to stop viruses, in the first place, we need to create a new file-sharing system.

Imagine, that every app has a partition, and only that app can access it.

Currently, when you download a Word document, you would go ahead, start up Word, go into the Downloads folder and open the file.

In the new file-sharing system, you would need to click "Send file to Word" in your browser, and the browser would create a copy of the file in a transfer-partition. Then, it would signal to Word, saying "Hey! Here's a file that I sent to you, copy it to your partition please!". After that, Word just copies the file to its own partition, signals "Ok! I'm done!", and then the browser deletes the file from the shared partition.

A little change in the interface, but a huge change in security.

The permission system would be a better UAC. The best way I can describe it is when you install an app on Android. It shows what permission the app wants, and you could choose to install it, or not to.

Replace "install" with "grant" and that's what I imagined.

Of course, there would be blacklisted permissions, that only kernel-level processes have access to, like accessing all of the partitions, modifying applications, etc.

What do you think?

Comments
  • 4
  • 1
    @KeyWeeUsr Not quite, but it's similiar

    (never heard of it before btw)
  • 3
    This is very much what iOS does. It could be quite nice, but on iOS at least it's not quite there
  • 0
    @JonStodle I am talking about desktop operating systems :)
  • 1
    @skiilaa yes, I'm just saying something very similar has been implemented in a widely used operating system. But in iOS's case it's not as good as it could be. There's a lot of times I think that a file system would make things a lot easier.
    Or as in Windows 10 Mobile where apps can register as file sources when you want to open a file
  • 1
    It's not a bad idea, but this should be something optional. I see a lot of overhead in a system file like that. Anyways, as you mentioned Windows, in Linux everything by default has no rights to execute by itself unless we chmod it. It's a simple strategy, and has no overhead in the operational system.
  • 4
    Tbh I just moved to fedora and SElinux is already preventing even applications ran as root to open certain files or to execute files. Thats quite new for me.
Add Comment