Kindness(?) of Strangers

We often need new applications and utilities and there is much free code out there from sources we may not know. Even trusted sources of code may produce code whose behavior is not what they think, or not what they thought to tell you. We are often advised to “be careful” about the programs that we run as if this were some simple precaution any user could take. There are no directions on the steps needed to be cautious. This is actually a strategy to blame the user when the system’s security features are deficient. Apple wants you to run programs only from their “App Store”. Of course they get a cut on those sales. Apple has no assurance that these programs are safe. There are simple tests that Apple can do and does do. Their sandbox features is a small step in the direction of capability security. Android has a similar plan.

We imagine here the process of installing an application from an untrusted source. We install the code using level 3 tools. We start the application. If it should begin reading our files we will see it scanning for file names in our directory. Depending on decisions we have not made yet it will see an empty directory or we will get a report from the VR hack that our new guest just asked for the names of all the files and directories in what would be the user’s directory in Linux. There being no such directory in the new world, by default, we may at this point decide to maintain the fiction that we have no files, or if such a query is a legitimate for the reasons we installed the app, we now have the option of choosing a directory of ours, and granting the app its wish.

This pattern is repeated several times for the voluble application.

If you want to use a bank app provided by your bank then you may be more concerned with your money than your computer. In that case a bank teller or VP might hand you a card with a hash of the app. The trusted installer will compute the hash of the app. You enter the hash from the card and the install will proceed only if the hashes match. This variation is due the fact that we need to be sure that the program does the right things with the authority that it legitimately needs. In this case we consider what we are trusting:

There are a few more.