Hacker News new | past | comments | ask | show | jobs | submit login

An I wrong in thinking this sounds like app armor for Linux? A good thing if implemented properly.



Seems so: "In Mac OS X v10.7 and later, placing your application in an app sandbox is a great way to minimize the potential damage caused by successful exploits"

http://developer.apple.com/library/mac/#documentation/Genera...


Putting my applications in a sandbox doesn't really prevent my application from doing exploits because my applications are not malware to begin with. Well behaved applications that are not malware are already not malware. The real issue is what about malware, will this stop them. Well, obviously malware authors are not going to put their applications in a sandbox. They will continue releasing them as before.

And so, obviously, this system won't work unless all software is sandboxed, not just the normal innocuous non-malware that didn't need to be in the first place.

It's the same principal where you can't stop gun crime by banning only law abiding citizens from having guns. You have to completely eliminate all guns or it doesn't work. All or nothing.

To me, this tell me where this is headed. Obviously total sandboxing of everything has to be done for this to be effective at all. And with total sandboxing of everything we no longer have a desktop computer that can be used for general productivity, we have an information appliance that provides a nice consumer experience.


Putting your applications in a sandbox prevents you application from being exploited. A bug in you chat software can't be used to get access to your private files anymore. It also prevents that chat software from installing malware on you mac.


Any application that interacts with untrusted data is a potential vector for malware. Ignoring that is the worst kind of arrogance a developer can display.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: