Robert Diao
New Member
The current Windows is too vulnerable!
For example, the Windows can be damaged even if I just clicked an attached file in a email.
The root reason is that all the applications(or exec files) inherit the total privilege from login user's !!!!! We can't define a privilege to some special apps. In the modern OS, the access management basing on application level(not user level) is much needed.
As an network security engineer, I have been looking forward the function for many many years. As I know, the function has been supported by Linux group. The AppArmor and Selinux in Linux are a good method to achieve the OS's security.
So, my suggestion as below:
1. The application level access lists can be supported. (Just like AppArmor, or Selinux)
2. In order to customers to use it, the default configuration as below:
* Windows Kernel can access any folder and resource
* Formally installed Application can access its home folder and privileged resource when it is installed.
* Uninstalled Application or exec files, they only access an temporary folder.
3. Using a management tool, above access lists can be modified for every applications or exec files.
For example, the Windows can be damaged even if I just clicked an attached file in a email.
The root reason is that all the applications(or exec files) inherit the total privilege from login user's !!!!! We can't define a privilege to some special apps. In the modern OS, the access management basing on application level(not user level) is much needed.
As an network security engineer, I have been looking forward the function for many many years. As I know, the function has been supported by Linux group. The AppArmor and Selinux in Linux are a good method to achieve the OS's security.
So, my suggestion as below:
1. The application level access lists can be supported. (Just like AppArmor, or Selinux)
2. In order to customers to use it, the default configuration as below:
* Windows Kernel can access any folder and resource
* Formally installed Application can access its home folder and privileged resource when it is installed.
* Uninstalled Application or exec files, they only access an temporary folder.
3. Using a management tool, above access lists can be modified for every applications or exec files.
Last edited: