From: Markku Savela <msa(_at_)anise(_dot_)tte(_dot_)vtt(_dot_)fi>
I think we should "turn around the view" (maybe you were saying this
in another way).
That is, instead of ACL type protection, where a resource is
associated with a list of allowed users and uses, we should have a
list of allowed resources and uses attaced to each program
(exectutable or active object).
And by default, a program could not access any resources at all.
In case of mail attachment containing an executable, we could quite
safely try to run it, and the system would just inform that it tries
to open this or that file (do you want to allow it?), trying to
open TCP connection to port 25 (do you want to allow it?), or tries to
execute another program (do you want to allow it?).
I hope you joke. How many users know what means
"TCP connection to port 25" ?
And how many Windows users know "attached program wants to open
file C:\windows\cpl32.xxx: is it legitimate ?"
Predicted reaction after month or two is - press "OK".
- Leonid Yegoshin.