The WMF exploit makes it more clear why we need to have per-program permissions. This, say, web browser has read permissions to the preferences directory, read-write only to the cache directory, and insert (no read, no overwrite) to the downloads directory. And no permissions, read or write, to anywhere the user (usually a Windows superuser) has access to, unless specific case-by-case authorization by the user by dialog box.
At the same time, more compartmentalized (package-ized) software installs.
No comments :
Post a Comment