Re: About time
the benefit of that is in doubt
Well you're right in everything you say, which probably explains the downvote.
User-based permissions are not terribly useful when there is effectively only one user on the machine. Application whitelisting is a step in the right direction, but of course that's just an invitation to compromise whitelisted applications.
Each application should have a set of authorisations to do just enough to accomplish its job and it needs to get those authorisations transparently and, for the most part, explicitly - for example a user clicking "open" in a file dialog provided by the operating system would authorise access to a specific file - rather than by implicitly inheriting a user's authority and later using it against him. While too much user annoyance could be avoided by sensible defaults (specific locations where preferences, temporary files, etc, can be accessed), better security does depend to some extent on a bit more user inconvenience and I'm not sure this is something users will ultimately accept.
Biting the hand that feeds IT
