I hope you can add the following features to further avoid virus from hiding
in our file system.
1. Folder such as pictures and videos should be tagged with data only
folder. For example, it's impossible for me to have Executable file (.exe) in
my picture, music, videos and etc folder. So by default, it should tagged as
data only folder and no executable file can run from that folder.
2. Microsoft only Application Executable folder. For example, in a server
operating system, we have a folder C:\Windows\System32\wins. Blaster virus
took advantage of that folderby hiding the virus file inside that folder. By
default, those folders should be tagged as Microsoft Executables only folder
so that no other executables from other 3rd party can run in that folder.
3. High risked folders security. For example, temporary internet files
folder. By default, executable files that will run from that folder will run
will be in low-privilege mode since it came from a high risked folder. This
will disallow spywares to run since by default, any objects from internet get
in to this folder.
The closest security model I can suggest is that, it's like the zoning of
internet explorer such as local intranet, internet zone, trusted sites and
etc where it secures that user based on location of the URL. By this time,
it's based on the location of the folder.
I hope this get implemented by right away in vista, and a patch or service
pack in Windows XP.
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.