Here's are the working parts going into this ghost of an idea
- Genode, a L4 microkernel based OS has been churning towards self hosting for a while, and delivers complete Capability Based Security.
- Genode can run Linux programs as a process.
- The Linux Wine project has gotten to the point where it can run Windows XP programs quite well.
- The APIs for Windows are somewhat well known at this point.
If one were to write the code to manage an XP application as a process under Linux / Wine inside of Genode, you could make it appear to the user to be just like XP for most things.
But... a layer of manangement would make things more secure. How? Intercept all the dialog boxes for file names, etc... and have them passed up to the user as normal, but then add those as capabilities to the process. This would allow the application to believe it's in a normal XP world, and not have to be tweaked. The user would still ask for files, etc... like normal.
The difference would be when the application tried to access something outside its normal mission... the management layer would then translate it to the appropriate access, OR just fake it so the application thinks it got away with it.... and toss the results after run-time.
This means that Macro Viruses would work just fine (as far as they knew), but wouldn't actually do any damage. All without tweaking Word, Excel, etc.
A back-end which had a database of appropriate settings could be maintained for everyone which volunteers could add to, in order to support new apps as they were discovered.
This would lead to a secure XP like system (which actually wasn't dependent on Microsoft), and could be managed remotely, at very low cost, for a very long time.
How secure? No virii, no need for scanners. ;-) Surf any web site with IE6, and it just works, does no damage, and life goes on.
Now to figure out how to make this idea actually work. Comments and help appreciated.