Hi Neemobeer,
I totally understand the requirement is kind of challenge to Windows DEV team, as it is very complicated.
The Linux Group has to change their Linux Kernel in order to support the AppArmor and SeLinux. I think the Windows OS has to change its design and lower libraries to support the feature.
However, I still think the feature is a critical requirement for the modern OS.
Let's look back the history of OS.
The first successful OS is Unix. During that period 1960 to 1980, the most scenario as below:
* Multiple Users shared one physical computer, as the computer was so expensive.
*The most users were specialists or software developer.
If considering above two facts, the Unix was designed to control resource by USER level, not execute file level.
However, the scenario has been changed by today
*One User can have multiple computers
*The most users are family user. They don't have deep background of software developing.
So, the resource control basing on USER level is not enough any more. The application level become critical.
As a network security engineer, I totally understand that it is an very big challenge to make a new perfect solution to meet the requirement.
In my dream, I think the next generation OS should provide below functions:
* The privilege basing on the Application Level. (We have discussed before)
* The privilege agent interface to application. (For example: An application of "Python" is privileged to resource A,B,C. Python can restrict the script_1 to the resource A)
* The lower level system call can identify whether the request is from the Desktop or just a background program.
I believe the Windows team have strong ability to provide more security new OS to customers.
Thanks a lot.
Best Regards
Robert Diao