It seems like the industry is going to be forced to rediscover and implement capability based security models and process isolation by consumer demand.
It is impossible for the average user to reason about a different security model for each app, the only way for anyone to be confident about what a program is not doing is to move to a world where apps don't work by default, and a list of boxes need to be checked which enable network or file access and cause features to work.
Apple is the closest to the right answer here, but enabled-by-default and opt-out has to go away.
It is impossible for the average user to reason about a different security model for each app, the only way for anyone to be confident about what a program is not doing is to move to a world where apps don't work by default, and a list of boxes need to be checked which enable network or file access and cause features to work. Apple is the closest to the right answer here, but enabled-by-default and opt-out has to go away.