[4767] in WWW Security List Archive
Re: Why do you think you can trust PC software? (was Re: Latest Java hole is Netscape/Sun only)
daemon@ATHENA.MIT.EDU (Bob Denny)
Tue Mar 11 14:42:00 1997
From: "Bob Denny" <rdenny@dc3.com>
Date: Tue, 11 Mar 1997 10:18:06 -0800
In-Reply-To: Jay Heiser <Jay@homecom.com>
"Re: Why do you think you can trust PC software? (was Re: Latest Java hole is Netscape/Sun only)" (Mar 11, 9:41)
To: jay@homecom.com, WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> If you want to trust your bank's digital signature, you should be able
> to let the bank's Java applet selectively modify data on your
> PC--without concern that it could ever pollute anything else on your PC.
>
> Given that current desktop operating systems do not provide this
> capability, we have to rely on kludgy add-ons. The idea of an
> intrinsically safe operating system is very appealing.
Well, the desktop operating systems you refer to must be Win95 and the MacOS.
Because the unix flavors and WindowsNT all have this capability. And the Java
SecurityManager is a flexible thing, it happens that both Netscape and
Microsoft ratchet it down to the minimum (and rightly so for now). The
SecurityManager is another place to hook controls into for those less
fortunate desktop OSs. Make the settings easy, like a choice between "hardened
criminals", "juvenile offenders", "casual acquaintences", "friends and
family", and "me". Five levels ought to be enough.
-- Bob
