Comment: Re:Bitfrost (Score 1) 387
The proper solution is to model what damage a trojan can do, figure out what privileges it would need to do that damage, and make sure that a program lacks those privileges without the user's knowledge.
The problem here is it lacks transparency for the user. Here's the problem you need to solve:
The user wants to get X done on their computer. Every time you prompt the user to validate or confirm something that isn't doing X, you are taking time away from the user. And every time you take time away from the user, you annoy them. And every time you annoy them, you make it less likely that they will pay attention to the prompt that you provide the next time, and the time after that. Eventually you get to the point where the user just hits "OK" on whatever prompt you provide them just so that they can get on with doing their work.
This issue is made worse by the fact that consumer level computer security is different from corporate / server level security. A user owns all their files, and they want their applications to use their files. That a malicious application can't get root privileges and install a rogue ftp server is beside the point because the user doesn't care about that, they care about the files that any app running with the user's permissions can (by design and by necessity) access.
Sure android tried to solve this with their "confirm permissions on download" but seriously, have you ever read through the list of permissions some apps ask for? What user is going to even understand half of those? Even worse are the fact that the descriptions are nearly useless, you get crap like "this permission gives the app the ability to read your location, but it could also be used to track you, your kids and your little dog too". They're useless descriptions that essentially tell the user nothing about WHY the application wants those permissions, which is the important information.
