Linked by David Adams on Mon 6th Oct 2003 19:34 UTC
Bugs & Viruses It's an oft-repeated maxim that one of the reasons that Windows operating systems are plagued by so many viruses, worms, and security exploits is because they are so popular. Extrapolating on this, many have remarked that if Linux, MacOS, or other OSes become more popular, they will attract the attention of virus writers. That may be true, but the increased attention will not necessarily yield the same quantity of viruses and other exploits, says a Register article. Update: Rebuttal article.
Permalink for comment
To read all comments associated with this story, please click here.
Re: Marcus Sundman (IP: ---.kotikaista.weppi.fi)
by Marcus Sundman on Tue 7th Oct 2003 11:58 UTC

> > Google is your friend.
> > The first hit is an introduction to the subject:
> > http://www.skyhunter.com/marcs/capabilityIntro/
>
> Translation: dynamic ACLs.

That's an extremely bad translation! I suggest you read "Capability myths demolished" to get a clue.

> This approach wouldn't work as it suffers from the big
> problem of dialog-box-overload.

Showing dialog boxes is an implementation issue and has nothing to do with wether the security is based on capabilities or ACLs. As a matter of fact showing lots of dialog boxes even maps better to ACLs where you can have the dialog-box code just behind the access API.
The difference is that the email client won't give the untrusted application capabilities to open windows or network connections. And even if it did it would still be impossible for the untrusted program to be able to get a capability that the email client doesn't have. No dialog boxes needs to be shown. If the untrusted application doesn't have a capability for opening network connections it can't even ask for a connection to be opened so there is no security checking involved (read: there is no security checking in which there could be a bug or some identity-checking that the untrusted program could fake).

> > I also recommend reading "Capability Myths Demolished"
> > available e.g. at http://zesty.ca/capmyths/
>
> A quick read indicates that this document might address
> the myths listed and possibly even demolish them, but it
> doesn't address the problems that would be encountered in
> actual implementation.

So why don't you check out some real implementations then?
Some starting pointers:
- http://www.erights.org/
- http://www.combex.com/tech/
- http://www.cap-lore.com/CapTheory/
- http://www.eros-os.org/mailman/listinfo/

Posts like yours really contribute a lot to the mass ignorance that I mentioned. Sigh..