Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> What I find more saddening is the trend to view any behaviour that could potentially be exploited as a vulnerability, regardless of how useful it could be, which just leads to locked-down user-hostile systems where nothing is possible without going through some sort of ridiculously bureaucratic excess of process.

I'm going to take a viewpoint counter to this. One of the things that constantly frustrates me on my desktop computer is my inability to run untrusted third-party code outside my browser. The desktop was simply not built to do that, and I wish it was. I'm currently judging games made for the 34th Ludum Dare game jam, and the way I do it safely is by creating a completely separate user account in Windows, and playing the games there. This is inconvenient. I'm not going to play the games under my normal account, because I simply don't trust the code, but Windows gives me no other option. I know my paranoia puts me in the minority, because after the jam is over, I uninstall Java and Flash and the other "high-risk" pieces of software, and I'm pretty sure most other people don't do that.

On the other hand, the recent SIP lockdown on OS X and the way it's affected dtrace is not something to be ignored either. But given the choice, I'd rather have a dozen dialogs ask permission rather than one piece of malware slip by uncontested.

Phones may be a nightmare in terms of hackability, but at least I can download a random application without worrying about whether it's CryptoLocker in disguise or something like that.



Dozens of dialogs lead to "dialog blindess" where users blindly accept dialogs to get their thing to work.

I think sudo works because it requires some expertise to use a terminal, even though it's conceptually the same as a windows UAS dialog for example.


Right, but I was responding to the viewpoint that not all exploitable holes should be closed. At least with dialogs, a user has the possibility to make an informed choice. With "vulnerable by default", you don't get to make a choice at all.


I think you should use a virtual machine rather than a separate user, for what it's worth.


Why? That sounds like even more work, does it provide any benefits? (The guest would need solid graphics acceleration.)


Local user to root privilege escalation is generally easier than a VM escape. Though both are possible.


Weighing the risks. Cost of protecting against root escalation versus likelihood of a root escalation exploit on a patched Windows computer, and cost of using a different user to play the games against the likelihood that someone typo'd a script and it wipes out my home directory. If I really wanted security I'd unplug from the network and refuse to run third-party code at all.

See Myth II: http://minimaxir.com/2013/06/working-as-intended/

This is the type of scenario I'm protecting against, as well as unsophisticated but malicious actors.


You could get a perfectly working GPU by reimaging a second partition with a fresh install every time, just like the PCs in high school.

Not that that's any less work!


A VM would be less work because you wouldn't have to install than uninstall Flash each time.


Three times a year... versus the time it takes to set up a VM.


> and the way I do it safely is by creating a completely separate user account in Windows

Leaving aside the fact that this is not advisable because user to admin boundary is a lot more porous than remote boundary I hope you're at least running under local non-admin account because of a certain peculiarity of Microsoft[1]. Microsoft doesn't regard UAC as security boundary for admin accounts and won't fix vulnerabilities that enables software to bypass UAC completely. Under default configuration in Windows 7 and 8 (not sure about 10) all software thus runs effectively under root. Also check what parts of filesystem games will have under that account because by default only files in a few system folders are protected while executables outside can be overwritten.

If you can I'd suggest you use dedicated machine for testing, if that is not possible and if you have compatible hardware then use visualization with bypass for GPU which can speed things to usable levels. If both aren't an option then you could test games on a separate hard disk while having main one disconnected physically, which would leave your attack surface open only to firmware overwrites which aren't very common.

[1] http://www.istartedsomething.com/20090611/




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: