Linked by Thom Holwerda on Wed 31st Mar 2010 21:59 UTC, submitted by poundsmack
Graphics, User Interfaces "What if all software was open source? Anybody would then be able to add custom features to Microsoft Word, Adobe Photoshop, Apple iTunes or any other program. A University of Washington project may make this possible." Yeah I know, odd headline - couldn't find anything better.
Thread beginning with comment 416288
To read all comments associated with this story, please click here.
Comment by darknexus
by darknexus on Wed 31st Mar 2010 22:21 UTC
darknexus
Member since:
2008-07-15

Anyone else see, in addition to its usefulness, a massive potential for malware here? I'm sure malware authors would drool over this, think of the possibilities. They could replace word's edit box with an identical one that forwards all data, or modify any links word displays to redirect to other malware, or change the iTunes buy song buttons to send them your iTunes account info. Being able to change any part of a program on the fly like this could be a disaster waiting to happen.

Reply Score: 7

RE: Comment by darknexus
by coreyography on Thu 1st Apr 2010 02:19 in reply to "Comment by darknexus"
coreyography Member since:
2009-03-06

I can envision some DMCA activity here, too, from some ego-damaged company.

Reply Parent Score: 3

RE[2]: Comment by darknexus
by darknexus on Thu 1st Apr 2010 02:39 in reply to "RE: Comment by darknexus"
darknexus Member since:
2008-07-15

I can envision some DMCA activity here, too, from some ego-damaged company.

Wouldn't that qualify as Malware? ;)

Reply Parent Score: 4

RE: Comment by darknexus
by bert64 on Thu 1st Apr 2010 08:18 in reply to "Comment by darknexus"
bert64 Member since:
2007-04-23

Or more usefully, it could hijack the login process to online banks which make you enter certain chars from your password... Aside from keylogging the entry, it could tell the blackhat which position each character goes in.

Reply Parent Score: 3

RE: Comment by darknexus
by abstraction on Thu 1st Apr 2010 11:36 in reply to "Comment by darknexus"
abstraction Member since:
2008-11-27

If programs were all open source it does not neccessary mean they are easier exploitable through malware. It is because of the operating system's security model.

If you look at say Linux which is open source it does not have malware problems and that is _probably_ due to a better security model compared to say Windows which is famous for its malware. I say probably because I'm not sure of how the Windows security model exactly operates but I'm pretty sure you have the ability to install programs as a normal user which is the main reason behind the problem.

Reply Parent Score: 1

RE[2]: Comment by darknexus
by siride on Thu 1st Apr 2010 13:36 in reply to "RE: Comment by darknexus"
siride Member since:
2006-01-02

Yes, you aren't sure of Windows' security model. It's similar to Unix, although a little bit more orthogonal. All kernel and system objects are protected by access control lists. Permissions cascade for hierarchical object systems. It has user, group and everybody permissions as well, just like Unix (although the UI makes it look more complicated).

As a normal user on any NT-based version of Windows, you can't install software, unless given permission to do so. The problem pre-Vista was that the default user was usually the administrator (=root). As such, regular end users (as opposed to user accounts) could install software with out privilege escalation. Thankfully, this policy has been reversed for Vista and 7.

Reply Parent Score: 2