undefined | Better HN

0 pointsdroithomme14y ago0 comments

Putting my applications in a sandbox doesn't really prevent my application from doing exploits because my applications are not malware to begin with. Well behaved applications that are not malware are already not malware. The real issue is what about malware, will this stop them. Well, obviously malware authors are not going to put their applications in a sandbox. They will continue releasing them as before.

And so, obviously, this system won't work unless all software is sandboxed, not just the normal innocuous non-malware that didn't need to be in the first place.

It's the same principal where you can't stop gun crime by banning only law abiding citizens from having guns. You have to completely eliminate all guns or it doesn't work. All or nothing.

To me, this tell me where this is headed. Obviously total sandboxing of everything has to be done for this to be effective at all. And with total sandboxing of everything we no longer have a desktop computer that can be used for general productivity, we have an information appliance that provides a nice consumer experience.

0 comments

planb14y ago

Putting your applications in a sandbox prevents you application from being exploited. A bug in you chat software can't be used to get access to your private files anymore. It also prevents that chat software from installing malware on you mac.

nknight14y ago

Any application that interacts with untrusted data is a potential vector for malware. Ignoring that is the worst kind of arrogance a developer can display.

j / k navigate · click thread line to collapse