Thread: Kindle for PC force updated to version 1.30.0--possible to revert to earlier version?
View Single Post
Old 10-25-2020, 08:41 PM   #28
haertig
Wizard
haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.
 
Posts: 1,912
Karma: 32620480
Join Date: Sep 2017
Device: PW3, Galaxy Tab A9+, Moto G7
Quote:
Originally Posted by JoeC View Post
The fact that the Amazon Kindle app did a forced update on both Windows and Mac systems is a real head scratcher for me. I don't understand why the operating systems allow this without user interaction. This seems like a security concern to me.
Programs run with the permissions allowed them - in this case, the permissions of the user that installed the program. You can certainly tighten things down after installation if you want - run things in a sandbox, manually set permissions, etc. - but by default if you trust the program enough to install it, that pretty much carries over that trust to let it run and do the things inherent to running. Creating, updating, deleting files, etc. In most cases, programs are well behaved. I would suggest that if KindleForPC has a setting you can engage for "Do not auto-update", but it ignores your choice and updates anyway, then it is NOT a "well behaved program". Quite the contrary. I would call it "malicious".

You are correct - a program being able to change things on your computer is very dangerous. That's why you often times see the warning, "Only install software that you trust!" You need to realize, that when you install a program on your computer, you are giving that program "the keys to your kingdom". Not 100% mind you, but you are giving it significant leeway by default. You can't expect the operating system to protect you from this by default. I doubt anybody would be terribly thrilled with an OS that kept pestering you, "Such-and-such application wants to write a line of text to it's logfile, do you want to allow this?" That would get old really fast.

Run a suspect program in a sandbox. Run it in a virtual machine. Save system snapshots before running it. OS'es can assist you in taking these precautions yourself, but they aren't going to do it for you by default.

In this specific case, it appears that KindleForPC has been a long-time trusted program. These programs can be trusted right up until the time they can't be trusted. We just crossed that threshold. There is no un-crossing it. KindleForPC can no longer be trusted. Period. We can continue using it, but prudent users will now start taking precautions.
haertig is offline   Reply With Quote