New UAC/security solution idea

[Symphony]

The UAC is not a bad idea, but it is giving some a headache, a nagging, some are missing the freedom, and many more just turn it off. It might not give the results what it is intended to, but time will tell.

What if there would be a OS managed database (worldwide) containing every possible executable's crc32/hash and an Experince index added to it. If you run a new executable the system would check other users' experience index with that file and show you the results.

The index is calculated from:

- how many users made a first run with it,

- how many runs there were total,

- how long it is on other users system,

- how fastly it was deleted after first run,

- how much the system and the application error count (queried from the event manager) increased after its first run and

- optionally a subjective user rating not counted into the index.

Like a "heuristic" experience scanner based on objective, anonym, unattended (of course optionally disabled) user feedback. It is similar like the driver rating system which was introduced by Microsoft, but working on all executables.

The UAC window (which pops up at newly downloaded apps) should show the index, having a "star" rating (similar we have on this page's bottom) and a details button to check how it was calculated. The Application Experience Generator (nice name...) would run in the background just as indexer and defragmenter does updating the local and the global database automatically.

Advantages:

- Drastically reducing the false alarms made by the system: no more "this may be harmfull", rather "other users experienced problems with it", "other users had a nice experience with it".

- This system is based on objective user experiences, and people rather believe to others experience than a software company telling them everything is potentially harmfull.

- It would also help avoiding bad drivers, spywares, adwares, new viruses, trojans, buggy or false advertised applications.

Disadvantages:

- Another background app/service giving people 100% CPU and some RAM usage on idle: "what is my pc doing? Why is it eating so much RAM?"

- This might stress some ISPs, internet connections.

- Privacy issues: "Microsoft would know that i'm running Photoshop 17 with Maya 11 just to create a map for Quake 30. They spy on me and tell this to the BSA..."

What do you think?

[Maxious]

Voted No - Viruses are already handled by a virus scanner, Spyware/Badware by Google Toolbar/OpenDNS and Crappy Drivers by forums... although you have to install them sometimes.

I don't think many viruses would set off the criteria you have :p

I hadn't heard about the driver rating system - thanks :D

[Menge]

even worse: a system like this could be exploited and could be very bad if a virus/trojan has infected lots of users for a long time... Windows might think it's normal to be infected :|

while the idea in itself is GOOD... it's not worth it. Microsoft already has a honeypot of computers to gather malware. and from what i know, they should be integrating that into future products... so your idea is kind of being worked on, already :) just not for UAC.

[osirisX]

Seems to exploitable. People could easily start a boycot of a program by having a bunch of people give said program a really bad rating.

[Symphony]

Thanks for all of your opinions. Nice thoughts.

Viruses are already handled by a virus scanner, Spyware/Badware by Google Toolbar/OpenDNS and Crappy Drivers by forums

It is mainly against unknown threats. And not only threats or harmfull executables, but it would also tell you what experience others having with your favorite application's newest version or how others doing with a new codec.

Also it is a system which helps both experienced and newbie users - unlike current UAC which bugs power users and "clicked away" by the average users. It depends on real life values.

even worse: a system like this could be exploited and could be very bad if a virus/trojan has infected lots of users for a long time... Windows might think it's normal to be infected

While it truly has this disadvantage, it could also help summarizing different virus and spyware scanners results. Like if all (just a name) Avast users system sent a bad feedback about an executable, Nod32 users could have a clue that there is something wrong with that executable - and it is not heuristics which can be false, you check the details, and see that like on 150000 systems this file was deleted 1 second after the first run. And that IS a clue.

People could easily start a boycot of a program by having a bunch of people give said program a really bad rating.

The system don't count the subjective rating into the index. The index is calculated only by objective values. Subjective rating is possible, but it is rather a voting than an index.

I should mention that no executable data (name, size, version etc.) would be stored. There is only a discrete ID and the feedbacks. You could always right click on a executable and query others experience with it. It would also help developers how the users are doing with his application.

Edited September 6, 2006 by Symphony