I'm really quite surprised that there are no big and used by default user facing sandboxing solutions for the major OSes out there.
With dynamic prompts akin to the firewall prompts familiar from Windows/Mac.
'The program "Chrome" wants to create the file "/home/username/.config/chrome/config". Allow "Chrome" to access [just this file / the diretory ~/.config/chrome / the diretory /home/username]'
'WARNING: The program "totally_legit_for_reals" wants to overwrite the file ~/.xinitrc. This is potentially dangerous. Allow access? -> Are you sure?'
'ALERT: the unknown program "xxx" has gained superuser privileges and wants to overwrite a critical system file System32/whatever.dll. This is very dangerous....'
Then again, non techie users usually ignore all those prompts and just click accept.
Just look at the mess that is Android permissions. Almost no one actually checks them or rejects apps that ask for way too much.
I'd still really like a kernel level protection mechanism that requires granting each executable the capabilities it requests, with dynamic pin the Linux world there are SELinux, AppArmor grsecurity, which are often cumbersome to use).
A more robust idea might be a versioned filesystem. Somebody hacks your browser, it overrides your files - no matter, you just rollback to yesterday's version. Of course, that'd require more diskspace, but diskspace is getting cheaper and most of it is used for content that is completely static (like games or photos or videos - not edited much unless you're a professional working with it). Also probably would be a bit slower but I think it can be solved.
I think there are a number of implementations of such things, but none mainstream enough.
Hell, I'm a technical user and after a couple of days running Comodo firewall (which does prompt in a similar way to your examples) I turned it off because I was sick of the prompts and just wanted to use my machine.
With dynamic prompts akin to the firewall prompts familiar from Windows/Mac.
'The program "Chrome" wants to create the file "/home/username/.config/chrome/config". Allow "Chrome" to access [just this file / the diretory ~/.config/chrome / the diretory /home/username]'
'WARNING: The program "totally_legit_for_reals" wants to overwrite the file ~/.xinitrc. This is potentially dangerous. Allow access? -> Are you sure?'
'ALERT: the unknown program "xxx" has gained superuser privileges and wants to overwrite a critical system file System32/whatever.dll. This is very dangerous....'
Then again, non techie users usually ignore all those prompts and just click accept.
Just look at the mess that is Android permissions. Almost no one actually checks them or rejects apps that ask for way too much.
I'd still really like a kernel level protection mechanism that requires granting each executable the capabilities it requests, with dynamic pin the Linux world there are SELinux, AppArmor grsecurity, which are often cumbersome to use).