<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8"> <META NAME="GENERATOR" CONTENT="GtkHTML/3.28.1"> </HEAD> <BODY> On Sat, 2009-11-21 at 15:22 +0100, memolus@googlemail.com wrote: <BLOCKQUOTE TYPE=CITE> <PRE> >Also I'm not exactly sure what you mean by 'malware protection' Malware protection means that the user and not the malware decides, so that an policykit action is not available to malware, only to trusted applications, where the user decides and which can't be controlled by malware. It means: * Only trusted applications are allowed * Trusted applications are in another security context, so that they can't be controlled by malware * Malware isn't able to steel the password </PRE> </BLOCKQUOTE> ... <BLOCKQUOTE TYPE=CITE> <PRE> At all you only need this "yes/no dialog" only the first time. If the application is already marked as trusted, you would be able to use it whenever you want without the need for any additional authentication. Malware wouldn't be able to controll your application, because it's in another security context. </PRE> </BLOCKQUOTE> Please, excuse my following comments. I am just a linux desktop distro user. The above concept seems to be a redundant duplicity if thinking of software which was correctly installed with root privileges like it is common for Debian, Ubuntu, OpenSuse ... (they were classified "trusted" by an admin). But it can be a beneficial enhancement / complement for running scripts or applications located in the user's HOME folder (like Java portable apps: Freemind / OpenProject / aTunes). </BODY> </HTML>