Comment by pocksuppet
2 days ago
The problem with any secure system is that they're not usable systems. Real applications and users expect to access anything from anywhere. That's the opposite of security.
2 days ago
The problem with any secure system is that they're not usable systems. Real applications and users expect to access anything from anywhere. That's the opposite of security.
One of my friends had his credentials stolen from a trojan infostealer masquerading as a video game, sent from a rando who he mistakenly trusted. If only it had to request user permission to access files outside of its folder. There's a spectrum between full access and full lockdown.
If every app requests that permission, no app requests that permission. Also your passwords would be in your user folder so the app that needs the passwords could read them.
That condition usually doesn't hold in practice. Very few programs have a reason for reading browser history or cookies. Excel has no purpose accessing the Notepad++ appdata folder. Not all-or-nothing.
2 replies →