The problem as simply as I can restate it is that users with the power
to do what they want will also do bad things unintentionally even if they have to work at it. What if the UAC was not activated for tasks, but rather for activity along with the risk it exposes the user to. With ZoneAlarm (which I used to recommend) you get a learning phase and then an alarm for unusual network activity. The same thing could be applied to every file access and the parameters of normal interaction based on internet collected data. I imagine a whitelist sandbox OS where any application can be downloaded and installed, but the system would allow a sandboxed image of the installation and when completed, it would download information about the application, instances of immediate uninstall, instances of virus flagging and potential interactions. Something along the lines of
Choosing to discard would remove and delete the system snapshot. Choosing to activate would result in the user running in an instance of the system which would be using a differencing snapshot image. Choosing to activate permanently would discard the differencing snapshot and make the changes permanent. Two of the actions described are already basically available with varying methods, but I've never seen them brought together into a single system. Microsoft's virtual server seems to (I'm almost certain) do differencing snapshots as described here. Jotti uses multiple scanning tools to identify the AV systems that flag a file as a virus. The third major component, (tracking the usage, acceptance and rejection of software) would become available through the vendor tracking databases which mostly already exist if not in this exact form. Recognising what an application would be capable of would require a robust sandboxing system, which I realise is a challenge but don't think is insurmountable one. |