[whatwg] Security risks of persistent background content (Re: Installed Apps)

[Aryeh Gregor]

On Wed, Jul 29, 2009 at 1:39 PM, Drew Wilson<atwilson at google.com> wrote:
> Agreed that this is a big deal, and is a problem I hadn't considered
> previously. I would assume that browser malware detection would blacklist
> these sites, but I hate to lean on some magical malware detection
> infrastructure too heavily. This seems like an issue that Apple and
> Microsoft have dealt with for years in their OS offerings - how do they
> handle this?

Why have they dealt with it?  We're talking about trying to break out
of a sandbox, by running code persistently in the sandbox until an
exploit is discovered and you can push out appropriate code to all
infected sandboxes.  I don't see any parallel situation for
general-purpose operating systems.  Not much is run sandboxed on
Windows or Mac.  If you get any unsandboxed code running, then your
exploit is finished.

Theoretically someone could get unprivileged code running on a normal
OS, then wait for a privilege escalation exploit to come along and get
root access then.  But it's rare that a hacker will care about getting
administrative access.  With user-level access you can still steal
private data (probably all of it on a single-user machine) and use
pretty much any system resources you like.  The only thing
unprivileged access won't give you is the ability to freely interfere
with other users on the machine -- it doesn't stop you from joining a
botnet.