Today I got this error message when trying to run VLC, in order to see if it plays some files my sister wants, so that in case she can't play them, I could recommend its use. ...but instead of seeing a video, I saw this:
VLC is not supposed to be run as root. Sorry. If you need to use real-time priorities and/or privileged TCP ports you can use vlc-wrapper (make sure it is Set-UID root and cannot be run by non-trusted users first).
Judging from this thread, it seems that they've deemed running VLC as root to be insecure because they lack the resources to verify that there aren't any bugs that would allow malicious media files to cause it to do something it shouldn't. ...and somehow that isn't a problem as long as it doesn't do something it shouldn't as root. After all, no one cares if all of their files get deleted as long as their system still boots.
The sad thing is that I only run as root because of more senseless security nonsense. Linux developers have decided that the only logical way to prevent applications from doing things that they shouldn't do is to not allow users to do things that applications shouldn't do. So Linux prompts for a password about a hundred times a day if you don't run as root.
While this does make things more difficult, they've decided that's OK because people should just make sure that their user account has the necessary privileges so that they don't need to use the root account. ...but that ignores the fact that not everyone wants to spend their time playing some "unix admin" game. Kids like to role-play, and so they might take an interest in logging in as root in order to assign permissions to their alternate personalities, pretending to be a real unix admin of a real multi-user system. However, having grown up, I no longer find this game fun. Especially since the process changes so much that I can never really learn how to do it, since what I learned last year no longer applies. So now I just wish my computer would shut the hell up and do what I fucking want it to do.
If you want to make a secure operating system, there are intelligent things you can do. You might load programs at random memory addresses in order to make it more difficult for bugs in the software to do anything but crash the program. You might use better compilers which create code that is more likely to detect potential security problems and terminate the program. You might even get rid of the idea that any program can do anything the user running it is allowed to do, and instead adopt a permissions-based security model, so that our web browsers aren't allowed to do anything besides talk to the internet and display funny videos, thereby preventing bugs in their code from being exploited to do anything besides talk to the internet and display funny videos.
You might even allow software to run different modules with different permissions. Developers often know which code is so complex that it's likely to contain bugs. Let them run their video decoder in a way that it isn't able to do anything besides receive data from one module and give it to the next. Then, if it's exploited, the best it can do is send bad data to the module which displays video to the screen, which at best can be exploited to display something else on the screen since that module doesn't have permission to do anything else.
Just imagine... Your nephew downloads some random game from the internet, and when he runs it, rather than seeing a message that says "What the fuck is this? I don't know what this is? Do you want to trust it?" he instead sees a window that asks him what he expects the program to do, and so he selects "it's a game" at which point the system runs it with game permissions, allowing it to receive player input, display graphics and sound, connect to some internet servers for multiplayer purposes, and save game files, but only in its own file system space where it can't do any harm, or outside that space but only if the user selects the location via a protected file save dialog box.
Android apparently has this to some extent, but it allows the application to specify what it wants, requiring the user to examine the list, then choose whether they want to run the program or not. I think it would make more sense to allow the user to specify what they think the program should be allowed to do. Expecting to teach people to examine that list is expecting a lot, as is expecting them to say "no" when they're free to imagine that the program might need a certain permission for some reason they simply don't understand. However, anyone can click the "it's a game" button, and when the game says that being run as a game isn't good enough, people will wonder why, since all of their other games run just fine when run as games.
Systems also have a huge problem in that their task managers contain many things which even advanced users don't understand. I remember 15 years ago, I could type "ps -A" in Linux and see that nothing was running that shouldn't be. Now it's so full of shit that there could be several well-known pieces of malware in that list and I'd have no idea. Windows is the same way with its task manager. If system designers want to prevent malware, they could start by making it easier for users to understand what their computer is actually doing, so that they could know when it is doing something it shouldn't and do something about it. Also, in this regard, it would be useful to be able to see what programs are accessing the network or the hard disk. Would malware be such a huge problem if it weren't so easy for it to do things while remaining hidden?
...but doing anything about any of that would be hard. I mean, while I can come up with ideas like the above right off the top of my head, I'd have to sit and think about it for a while to work out the details. It might take me a few weeks to even come up with a sensible idea, and a few months to work out all of the details. So nevermind all that. Let's just prompt people for their password more often instead.
After all, no malware author is interested in having a Linux machine in their botnet unless they can get the root account. Those user accounts are useless. You can't do shit without typing your password all the fucking time. Nothing besides access the internet, install key loggers, capture screen shots, configure itself to start automatically each time the user logs in, and access all of the user's personal files, that is. ...but that's OK. As long as the malware can't adjust the system time without the user's password, everything will be nice and secure.