 |
Screen Shots |
An ordinary-looking dialog box being used to select a file for editing. The designation of a file in this powerbox-controlled dialog automatically conveys the edit authority to the caplet (note, the standard "OK" button is now a "Grant"). Authority is similarly conveyed when double-clicking on a document, or when drag/dropping the file. In capDesk, security decisions are seamless and generally transparent to the user.
Side-by-Side comparison of a malicious Web Browser running under CapDesk capability confinement (left), versus the same Browser running with standard Windows/Unix privileges (right). The confined Browser fails in all attempts to suborn the computer; the Winix-enabled Browser takes full control.
CapDesk running on Win2K with file manager windows open on the host OS and on a remote Linux system; the communication with the remote Linux system is capability secure and strongly encrypted. CapDesk blends functionality of the Microsoft File Explorer, FTP, SSH, and flexible fine grain security options in an integrated fashion not reproduced in any conventional application. The first operational version of CapDesk was developed by a single programmer over the course of a month of weekends—a remarkable comment on the productivity E provides for secure distributed systems.
CapDesk running on a Linux kernel, with standard Windows applications running in a VMWare virtual machine, a “Windows Compatibility Box”
CapDesk running a Web Browser that has launched an E caplet. Caplets deliver on the promise first made by Java applets: flexible powerful applications downloaded over the Web that can be run safely on the local machine while still being centrally maintained. Note the Save button on the Caplet, which is impossible on a Java Applet because of the restrictions imposed by the Java Sandbox