undefined | Better HN

0 pointserikpukinskis8y ago0 comments

Are you comfortable running arbitrary binaries built by arbitrary people? If not, then I fail to see how an operating system is a sensible general purpose computing platform.

It worked OK when we just wanted to run software written by a handful of trusted parties... Microsoft, Adobe, id Software. But as soon as there were 1000s of companies writing software that we wanted to try, running binaries ceased to be a good idea. I don't really trust any binary software on my machine that isn't written by Apple. But I will open basically anything in a web browser because I don't have to trust it.

Even now, with all the sandboxing, Microsoft and Apple still have to manually review software in their stores. And truthfully, app stores are basically a naive Web of Trust system. It's not safe at all. Applications constantly open up holes and then say "oops! Security bug!" and what... you're owned now? But Apple doesn't believe it was a maliciously placed hole, so it's all good? Hell of a security model!

0 comments

tannhaeuser8y ago

Web apps are hardly a solution to this problem, those being always connected. If regular apps need permissions (for eg. opening photos on your device) then so do web apps. Are you comfortable with web sites sending your location home, or recording audio/video? If anything, web apps are too sandboxed to do anything useful.

gmueckl8y ago

The web isn't a solution to this problem. Drive by attacks are real and easy to place via malicious ads.

The only real "fix" to this situation would be to make software vendors actually liable for the correct functionality of their product. Imagine no more warranty disclaimers or other bullshit in the licenses for "final" products (compiled binaries, executable JS in websites...). All other engineering professions are legally held to their respective standards. It's time we start raising that bar for software as well.

I'd like to see some software company execs soil their pants because they know that their products are lousy crap.

blub8y ago

"But I will open basically anything in a web browser because I don't have to trust it."

That's incredibly funny. I guess sooner or later you'll learn why it's a losing strategy.

The web is probably the largest malware infection vector nowadays.

Brakenshire8y ago

It's the largest malware vector because it's the largest software vector. It still remains true that running a random website is a million miles away from running a random exe.

erikpukinskisOP8y ago

Instead of making fun of me, could you point me at a place to learn? What in-browser malware am I not aware of?

j / k navigate · click thread line to collapse