Re: About time
"Application whitelisting is a step in the right direction"
Can someone kindly explain *why* it's a step in the right direction?
Why can't the *OS itself* provide (ideally, impregnable) protection on *data*, regardless of what particular application is trying to access it? By all means add whitelisting on top, but when almost anything can turn into code whether it's authorised or not, whitelisting is not a sensible rock on which to build, surely?
And why the ridiculour trend (on both Android and Window boxes) for the false assumption that allowing any access to a data item means allowing total access to that item (ie why is it suddenly no longer considered necessary to distinguish between read-only access, and read/write (or even delete) access?)
E.g. "Do you want xxx to be able to make changes to your system"
Has everything from the world of multi-user multi-tasking computers+OSes got to be re-invented from scratch by bright young things and "security researchers", before today's multi-user multi-tasking devices+networks are moderately safe to use? It would appear that way.