2010 Will Be the Year of Sandboxing Apps 203
Trailrunner7 writes "In a guest editorial on Threatpost, Mac hacker and security researcher Dino Dai Zovi writes that 2010 will be the year that software vendors get religion about sandboxing untrusted data in desktop apps. 'Instead of the usual top ten lists that are all-too-common with predictions for the new year, I have just one: 2010 will be the year of desktop applications handling untrusted data in sandboxed processes, and it will be about time. The largest Internet security threats now arrive through malicious web pages or e-mail attachments. This is because attackers are opportunistic and these are the weakest links especially because they easily pass through every firewall. Security is not and never was about SYN packets, it is about data: the software attack surface that attacker-controlled data interacts with and what sensitive data the attacker can get a hold of if they can exploit vulnerabilities in that software.'"
Re:And the year of.. (Score:5, Informative)
and what exactly is the point of having RAM go unused?
File cache. RAM unused by bloated applications gets used by (most) operating systems to cache files, resulting in quicker disk access.
Re:Already here. It's on my family PC.. (Score:3, Informative)
"Windows 64-bit: Full support for 64-bit is available in recent beta versions of Sandboxie. Click here"
Looks like they are working on that. :)
Sorry. The WWW is now a huge API (Score:5, Informative)
Web servers don't serve html documents any more, they serve remote procedure calls from javascript front ends.
Re:Instead of validating inputs (Score:3, Informative)
We have tried the "validating" approach for 20 years and it is still failing at a tremendous rate.
Maybe it is time to try something else?
Re:How about reducing the surface area? (Score:3, Informative)
applications running in sanboxes have to be able to write files, read files, load and install plugins, execute helper applications,
No, they don't.
They can be made so that only way to access file system is by File Dialog (see Java Web Start / JNLP).