Using Windows-based computers can be annoying due to the amount of adware installed on a machine. The Linux community needs to develop a way of making it hard for adware developers to find a home on someone’s Linux box. You might say, “but Dan, there’s no adware on my Linux box,” and you’d most likely be right, now, that is. But it truly is a matter of time before the market gets large enough and people begin to design adware software for Linux. I think that my suggestions will also help us to be ready for trojan horses, viruses and adware. We have a unique opportunity to learn from people who have dealt with security in a very poor manner, namely Microsoft.
Linux does have an advantage in that most of the software that users use has been verified to meet certain requirements by the distros. (This can also be a drawback, viz a vi the latest compromises at Gnome and Debian. On a sidenote, this makes me think we need to get GPG into packages, like Red Hat, pronto!) Occasionally, users want to try out some software that their distros don’t have packaged. And, whether we like it or not, in the future, people might be passing around Linux executables (like they pass around Windows executables these days). There might be some things that might stop this practice from becoming popular such as the fact that Linux runs on a lot more architectures than Windows and it is very difficult to assume which libraries another Linux user has installed on his or her machine, but in a 95% Intel-based world, I can see some dummies trying this out.
I think Linux needs a sandboxing environment. When applications are being installed, there could be some sort of policy allowing only certain directories write access and limiting unnecessary connections to the internet. If it’s in verbose mode, for example, a dialog box could pop up saying, “This installation script is attempting to contact the following URL: http://example.url, Do you want to allow the installation script to contact this site? Installation scripts might send back personal information about you or about your computer! [Yes] [No] [Help]” I would like to see a GUI that makes it easy for users to place restrictions on applications. There are techniques that many power users use that keep programs from being dangerous when they are exploited (or at least mitigating the damage): chrooting, marking packets, and running them inside User Mode Linux. I think that if we make techniques like these easily accessible through a GUI and distros start coming with default policies that make systems have basically the same functionality but keep them safer, we’d be better prepared for the onslaught I foresee.
I’m thinking the underlying technology that we could base all of this on could be SELinux which doesn’t come by default with many distros. I can imagine that if a friendly face was put on top of it, say a GUI configuration program for restrictions to be placed on a particular application, desktop users would benefit greatly from it. Imagine being able to sandbox Internet Explorer. You wouldn’t have to worry about that latest exploit allowing someone to remotely control your computer. Of course, thank God, we don’t have to worry about IE, but there are going to be holes in any browser, and I don’t want my system to be rooted for looking at a webpage.