It seems to me that very little is expected of software manufactures in general to assist with the security problem on the Internet (spyware etc). They provide very little usable information about what there programs are going to do after we install them.
Now imagine if anytime you were considering installing a program on your computer you could review a contract associated with it that would tell you what that program was going to do. Not every single thing of course just the actions that might be suspicious.
There are a couple of things that tend to indicate Spyware. The changes it makes to various startup points on the computer and the Internet sites it connects to. Now if that type of information could be made available about a program before it was installed it could help in a number of ways.
It would work as a kind of contract that security systems on the computer itself could monitor and enforce. Most anti-spyware programs monitor startup points and could be modified to enforce the type of contract I am describing as could a HIPS. The same is true of firewalls for Internet connectivity.
It would provide a risk estimate before the software was even installed. Any program that modified a large number of startup points would be suspicious. Also many IP's addresses used by Spyware companies are known which would flag a piece of software as suspicious before it was even downloaded.
I understand this would be difficult to implement, but any comments on the idea would be appreciated
No replies to this topic