logoalt Hacker News

AlienRobottoday at 8:02 PM1 replyview on HN

To be fair, this is partly because of the internet.

If you install random apps and it destroys your PC, you can fix that by having backups. By contrast on work computers with important data, everything is supposed to be locked down and you can't install random apps. But then we started to increasingly connect devices to the internet.

Now gaining access over a smartphone essentially means being able to send payments via the banking apps. People are sending money with crypto so they are susceptible to simple clipboard swap attacks that are almost impossible for the user to detect until it happens. Then there is all the personal data that can be stolen that can be used for other attacks in the future.

Essentially the amount of damage you can take by losing access has increased much faster than the security devices meant to prevent.

To make matters worse, the security devices that are marketed to the average user tend to be exploitative rather than trustworthy (e.g. OneDrive).

It feels like instead of protecting users developers seem more interested in creating something that only does half of the job and then blaming the user for not knowing how to do the other half, so a comprehensive solution for the problem is never created.

Replies

ryandraketoday at 8:17 PM

I think there are a lot of things that users can be protected from:

1. Protect users from attackers external to the computer

2. Protect users from attackers who are other users on the computer

3. Protect users from applications run by other users on the computer

4. Protect users from applications they themselves run on the computer

5. Protect unprivileged (non-root) users from their own actions

6. Protect privileged (sudo/root) users from their own actions

OSes have been historically OK at 1-3. Not great or even good. There have been a lot of remote code vulnerabilities and local vulnerabilities over the years.

OSes have pretty much ignored 4 until maybe a decade ago, and are making token progress toward it, but I don't think many of them take it very seriously.

OSes have instead started to crack down on 5-6, which I'd argue isn't even the job of an OS.