undefined | Better HN

0 pointsRetric13y ago0 comments

Sandboxing only helps so much. You can run a browser extension in a sandbox that defrauds advertisers.

0 comments

4 comments · 1 top-level

unabridged13y ago· 3 in thread

A fresh verified binary (including all extensions) can be loaded into the sandbox each time the user opens the browser, so the infection would be limited to the current session only.

RetricOP13y ago

The sand-boxing problem is not infecting people with binary's they don't want. It's a social attack where users installing bonzi buddy style addons that have both wanted and unwanted behavior. Or people just clicking yes to download that video viewer software, etc. Because, in the end all sand boxing does is buy's you a popup which people are trained to click on.

unabridged13y ago

What about a sandbox where all programs that came from the internet were locked in except for verified binaries. Then make it difficult to add new certificates, like require the user to enter a password (perhaps different from their login). Have microsoft say no program should require this, and as long they do a decent job of adding certificates themselves most users will not even bother learning how to.

cliffu13y ago

For those users, I guess we'd hope they don't install their own certificates and Microsoft/Apple/Google/Canonical can invalidate the Bonzi Buddy certificates for bad behavior.

You're right that it's a difficult problem and probably unsolvable but IMO that doesn't mean we can't reduce it to much less than it is currently.

j / k navigate · click thread line to collapse