13

Often when I install applications on my computer, I realize that I need to trust the application because it can do what ever it want with my computer, e.g. accessing files, listen to my keyboard, monitor my network and so on.

This feels unsecure. E.g. on Windows 7, how can I control or restrict what an application that I install can do on my computer? Is there any software tools for this or should I create a new user account every time I install an application or how to handle software installs?

On Android I can see what resources an application needs, before I install it, is there something similar for Windows 7?

Jonas
  • 5,163
  • 7
  • 33
  • 35

2 Answers2

7

Excellent question. Unfortunately, there is no really good way to do what you want.

I don't know of any way to see in advance what resources a desktop application may access. Instead, the only approach is to run it within a sandbox or constrained environment that restricts what it can do. There are two general approaches:

  1. Use a sandbox. You can run the application in a sandbox that limits what it is able to do. However, you may need to specify a policy for the sandbox, or run it using a default policy that is tightly constrained. On Windows, it's hard to find good sandboxing software for running general-purpose software; the best option might be Sandboxie. HP also built a sandboxing system called Polaris, but as far as I know it was never commercially released. On Linux/BSD platforms, check out Plash, Systrace, Capsicum, Subterfugue, and Rainbow.

  2. Use a virtual machine. A simpler and more pragmatic solution is to use a virtual machine and install your application in the virtual machine image (in the guest OS). This will let you run the application, with reasonable confidence that it cannot escape the virtual machine. This may work fine if the application does not legitimately need access to any of your personal information, but if it does need that kind of access, you may find that it is hard to provide the application with partial but not complete access to your data, devices, and other resources.

    On Linux, Qubes and Virtics provide a secure desktop that uses virtual machines to sandbox every application you run, though I believe they are research-quality prototypes, not robust finished products. They might also be worth a look at, if you are willing to deal with less-finished software.

D.W.
  • 98,860
  • 33
  • 271
  • 588
  • 2
    Interesting that this maybe one way that modern mobile OS security architecture is superior to desktops e.g. Android/iOS requiring explicit permissions and user consent for actions. Wonder if Windows 8 will add this – Rakkhi Oct 31 '11 at 05:39
  • 1
    For the record, appArmor and SELinux should be considered too for Linux (particularly as they usually come with the system out of the box) – symcbean Nov 02 '11 at 17:30
  • 1
    It looks like Apple is going in this direction: [Apple to require sandboxing in Mac App Store apps as of March 2012](http://www.tuaw.com/2011/11/02/apple-to-require-sandboxing-in-mac-app-store-apps-as-of-march-20/) - that sounds good, for security. – Jonas Nov 03 '11 at 22:20
1

For native applications it is not possible, however for .Net applications it is.

The .Net framework has specific authorization features for many aspects. I know very well about the existence of these restrictions, because they are too-often the cause of something failing (due to too meager permissions).

Back in the days of .Net 1.1, I remember a .Net evangelist (yes that was really his title, it was even printed on his card!) claim that administrators of the future would demand only managed code because they could manage or restrict the rights of the application. In Administrative Tools or in C:\Windows\Microsoft.NET\Framework\v1.1.4322\ you'd find ConfigWizards.exe with which you could define different security zones. With the mscorcfg.msc Management Console Snap-In you could fine-tune them and even make specific rules for a specific application.

I just tried it on a more recent.Net app (Paint.Net), but this tool does not seem to apply any more. I can't find any replacement aether. Apparently they have changed some things for .Net 4

I'd love to have a nice transparent GUI for configuring this though. I hate the idea of Paint.Net accessing my web-cam whenever it checks for updates ;-) (I'm not saying it does, only that I would not like the idea).

Louis Somers
  • 457
  • 4
  • 14