upvote

points

by loufe8 hours ago |
comments
upvoteby digiown8 hours ago|
next
[-]
The sandboxing on mobile platforms puts the OS vendor in a special position to enforce a monopoly on apps and features. Apple enforces it aggressively, while Google only reluctantly so far. It also prevents the user from exerting full control of the system. Apple does it by locking things down directly, while Google punishes you for owning your devices with attestation.

There has to be a better way. I think Linux's flatpak is a reasonable approach here, although the execution might be rather poor. I want a basic set of trusted tool that I can do anything with, and run less trusted tools like GUI programs in sandboxes with limited filesystem access.

reply
upvoteby wat100008 hours ago|
parent|
[-]
Those are policy decisions not really connected to the sandboxing technology. They control what sort of signing the system will accept and make it so that it only runs things they approve, and they only approve things that are sandboxed a certain way. The exact same sandboxing could be used with a system where an admin user can decide what gets to run and what kind of sandboxing is required for each thing.
reply
upvoteby malkia7 hours ago|
prev|
next
[-]
There are containers, and one of their users is the Windows Sandbox - https://learn.microsoft.com/en-us/windows/security/applicati...
reply
upvoteby pjmlp7 hours ago|
prev|
next
[-]
UWP, and MSIX on Win32 via Appstore.

There is also sandboxing configuration via Intune for enterprises.

reply
upvoteby newsoftheday7 hours ago|
prev|
[-]
> I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better)

Linux excels over Windows in the area of security by a wide margin, I have no qualms about running an app on Linux versus Windows, any day of the week.

reply
upvoteby 9dev1 hours ago|
parent|
next
[-]
And executable you run has access to any file in your home directory, including SSH private keys, secrets in config files, browser cookies, passkeys—all of it. That includes the thousands of npm modules installed as a transient dependency of at least one tool you use that brings node as a dependency.

Windows at least has a proper ACL system; on Linux it just takes a single compromised executable to loose everything.

reply
upvoteby madspindel4 hours ago|
parent|
prev|
[-]
> Linux excels over Windows in the area of security by a wide margin

No, this is wrong but might be true if you are talking about Linux package manager vs. Random Windows .exe on internet. But if you are talking about Secure Boot, encrypted disk, sudo etc. Windows is more secure but it looks like https://amutable.com/ will make Linux more secure like Windows.

Edit: Some insecure things on Linux: Dbus (kwallet etc.), sudo, fprint, "secure boot".

reply