> > > To secure a machine from malware introduced by a naive user it is > > required that naive users not have the privilege to introduce > > software that can be executed by them or by other naive users. > > I would disagree. There's nothing wrong with allowing naïve users to > introduce software they or others can execute - provided its execution > is appropriately sandboxed. > > Trouble is, _that_ is hard. Java in web-browsers tried it, > and gave us > bugs in the jvm sandbox. Also, what the sandboxes should permit the > sandboxed software to do varies from site to site, and in some cases > from machine to machine, and some of those sites don't have anyone > competent to figure out what the restrictions should be for them, much > less correctly configure the sandbox to implement them. >
I'd go futher - I think it is extremley rare that anyone configures their sandbox properly. I "do" Java development, and I would guess that less than 10% of application server deployments are done with the Java security manager enabled. I'm not aware of any statistics in this area (Java deployments using the sandbox vs not using it), and I'd be very interested any any hard numbers. Nick
