From the time of very early viruses, malware has spent effort modifying the tools that make the system transparent to lie to you. So your approach demands that there must be things that are absolutely impossible to change. I have yet to see a system where that is actually true.
replyThat seems ≈impossible in a world where you're running arbitrary, Turing-complete code. A modern consumer machine can do so many different things—often a bunch at a time—that there is always a massive amount of space to hide bad behavior.
replyThere might be some way to design a system from the ground up to avoid this problem (some kind of declarative, capability-based security?), but retrofitting that onto an existing behemoth of a system does not really work.
I agree, however the fundamental problem here is that transparent systems are on the far side of the axis from user focused systems, think about it, the whole point of building a user interface is to hide and remove choice from the user, to change the system from "A steady hand with a magnetic needle" to "point and grunt" the whole point is to build a shiny facade that hides the inner working of the machine. So while you and I and many other people like to see the machine, the inner workings whirling around in grandiose majesty. Millions of man hours have been spent hiding that stuff away keeping it from view, pretending it does not exist. And thus the transparency of our computing environments have suffered correspondingly to this focus on hiding things.
replyIf I log into my system it's safe. If someone reads my password off my screen post-it and logs into my system it's quite thoroughly compromised. How would you demonstrate which of the two sessions are compromised, during the act?
replyWhat does that actually mean?
replySee https://en.wikipedia.org/wiki/Bonneville_Salt_Flats — the salt flats are extremely flat (as the name implies), and because of all the salt, no vegetation can survive. Look at the pictures: there are no trees, no grass, no hiding places at all. Anyone standing (or even lying prone) on the salt flats is visible to anyone else for miles around.
replyGP was saying that systems should be "transparent enough that a compromised system is obvious". I'm not entirely convinced that that's possible (On Trusting Trust should have taught us that compromised systems can create places for the compromise to hide), which means that the salt flats analogy is not a great analogy, IMHO. But at least now you understand the analogy.
I don’t think the analogy was the issue. What does it mean for a system to be so transparent that it’s obvious when it’s compromised?
replyI was thinking it would even go so far as to make the background red if it failed some heuristics.
replyThat what apps have permission to access/record what at what times they use it, shouldn't be hidden or scaterred across several Settings panels.
replyI can’t speak for the ancestor, but I think making every screen recording app prominently visible in the status bar would fit the bill.
reply