It's not the job of application programmers to maintain the security of a system, that is the sole purpose of the operating system. There exist systems which can do the job, but most people haven't even heard of multi-level secure systems, and most people also believe it impossible to secure a computer.
The model of trust that everything linux, windows, etc. is based on is faulty. The process is given access to everything it's owner is allowed, by default... which was fine for academic computing in the 1970s, but not in the age of the internet.
There is hope... Capability Based Security is on the way, slowly but surely... and then we can kiss virus scanners and the like goodbye.
The model of trust that everything linux, windows, etc. is based on is faulty. The process is given access to everything it's owner is allowed, by default... which was fine for academic computing in the 1970s, but not in the age of the internet.
There is hope... Capability Based Security is on the way, slowly but surely... and then we can kiss virus scanners and the like goodbye.