I’m constantly amazed at the inventiveness and persistence of hackers at creating and distributing virus, worms, fishing attacks, etc. Isn’t amazing that we are still so easily victimized by these scoundrels? The other day I was looking for software that can rip movies off of my DVDs and put them on my iPhone. When searching Google I found literally dozens of programs that promise to do this. I asked a friend, which program I should try and his reply was, “don’t try any of them.” Apparently many of these free and handy utilities are actually Trojan Horses designed to give you the impression of usefulness while infecting your machine with all sorts of nasty critters. How do they do it? They install natively on your machine so that once installed they have access to your entire system including writing root kits.
This is the dilemma: There are a lot of really great and useful applications out there in the wild but there are also a lot of horrible, wicked applications just waiting to be given access to your system. What should we do? I’m a firm believer that the answer lies in quarantining applications from the start so that they can never access resources outside of a specific directory on your hard drive. This is exactly what Curl does by default; it quarantines the Curl applets you download to a specific directory. It’s actually much better than other RIA solutions because, by default, a Curl applet from the wild can have access to substantial amount of secondary and primary memory. A Curl application that is not signed by a valid certificate of authority cannot access any resources beyond the directory you run it out of. Combine this with the network security access file that was first developed by Curl and is now used by Adobe (their own version of it that is) and you have an outstanding security model.
What does this mean? It means you can download any application you want without concern about having your Windows, Mac, or Linux desktop hacked. Applications cannot access operating system resources beyond their quarantined directory and are therefor far safer than any native application. And because they can access disk space beyond a few kilobytes they can store a decent amount of off line data and are a lot more useful.
Imagine if most, if not all, applications were designed to run in a Curl-like quarantine. The Internet would, in my opinion, be a much safer source place.
