How to keep users from doing bad things - don't.
Plan for bad things instead.The problem as simply as I can restate it is that users with the power
to do what they want will also do bad things unintentionally even if they have to work at it.  Bunnies Happen! What
if the UAC was not activated for tasks, but rather for activity along
with the risk it exposes the user to. With ZoneAlarm (which I used to
recommend) you get a learning phase and then an alarm for unusual
network activity. The same thing could be applied to every file access
and the parameters of normal interaction based on internet collected
data. I imagine a whitelist sandbox OS where any application can be
downloaded and installed, but the system would allow a sandboxed image
of the installation and when completed, it would download information
about the application, instances of immediate uninstall, instances of
virus flagging and potential interactions. Something along the lines of
Choosing to discard would remove and delete the system snapshot. Choosing to activate would result in the user running in an instance of the system which would be using a differencing snapshot image. Choosing to activate permanently would discard the differencing snapshot and make the changes permanent. Two of the actions described are already basically available with varying methods, but I've never seen them brought together into a single system. Microsoft's virtual server seems to (I'm almost certain) do differencing snapshots as described here. Jotti uses multiple scanning tools to identify the AV systems that flag a file as a virus. The third major component, (tracking the usage, acceptance and rejection of software) would become available through the vendor tracking databases which mostly already exist if not in this exact form. Recognising what an application would be capable of would require a robust sandboxing system, which I realise is a challenge but don't think is insurmountable one. |