I write desktop apps all the time and want to learn how to write more, but the apps I write are (A) for my own use and/or (B) for helping me build my Web site for my startup! So, there is irony here: I write desktop apps to help me build a Web app!
Word to some in the computer industry: Yes, shrink-wrapped, downloadable, installable apps have problems, but a partial solution is end-user programming! Or, all over the world, kids are being taught how to program: Wellllll, they can program and write their own apps, just as macros, scripts, DLLs, or EXEs. And they don't have to go through some install process or worry about computer security! Ah, the security they invade is their own!
But, yes, more with virtual machines, sandboxes, etc. would be good.
One old approach to security was to give a hierarchical file system directory to a user/app and then say, you can do anything you want inside this directory and nothing (or be somewhat restricted, e.g., write only, read only, etc.) outside. That's now an old idea that long worked great. My understanding is the the Windows file system NTFS (new technology file system) has some or all of this functionality ready to go as a means sand boxing.
IBM's virtual machine (CP67/CMS, control program for the 360/67, conversational monitor system) gave the user a directory and a virtual machine and said, go for it, do anything you want in this virtual machine, even write machine code using privileged instructions, write and run a whole operating system -- was safe, secure, and worked great. In fact could run CP67 on CP67 on CP67 -- once as a demonstration CP67 was run 7 levels deep! In fact the reason CP67/CMS existed was as a tool for developing operating systems, but it also made a terrific time sharing system. Anything done back in those days would be just trivial to do today, trivial in the amount of code, how much memory it would need, how fast could start a new machine, how much overhead due to the virtualization, how to have the file system offer the new machine what it needed, securely, etc.
Word to some in the computer industry: Yes, shrink-wrapped, downloadable, installable apps have problems, but a partial solution is end-user programming! Or, all over the world, kids are being taught how to program: Wellllll, they can program and write their own apps, just as macros, scripts, DLLs, or EXEs. And they don't have to go through some install process or worry about computer security! Ah, the security they invade is their own!
But, yes, more with virtual machines, sandboxes, etc. would be good.
One old approach to security was to give a hierarchical file system directory to a user/app and then say, you can do anything you want inside this directory and nothing (or be somewhat restricted, e.g., write only, read only, etc.) outside. That's now an old idea that long worked great. My understanding is the the Windows file system NTFS (new technology file system) has some or all of this functionality ready to go as a means sand boxing.
IBM's virtual machine (CP67/CMS, control program for the 360/67, conversational monitor system) gave the user a directory and a virtual machine and said, go for it, do anything you want in this virtual machine, even write machine code using privileged instructions, write and run a whole operating system -- was safe, secure, and worked great. In fact could run CP67 on CP67 on CP67 -- once as a demonstration CP67 was run 7 levels deep! In fact the reason CP67/CMS existed was as a tool for developing operating systems, but it also made a terrific time sharing system. Anything done back in those days would be just trivial to do today, trivial in the amount of code, how much memory it would need, how fast could start a new machine, how much overhead due to the virtualization, how to have the file system offer the new machine what it needed, securely, etc.