Many computer programs and component parts used by programs are available over the Internet from a vast number of sources. Although much of this code is harmless, many computer users will not even consider downloading such programs for fear of putting potentially malicious code onto their machines, and/or making their machine unstable. As such, users will not download executable code from any site other than a known, trusted source, which are typically large companies with well established reputations. Other users are who are less knowledgeable will install anything on their computers and then run into problems.
Even code that appears harmless can actually be malicious. By way of example, screen savers are application programs that display moving and/or alternating images when the computer system is otherwise idle, in order to keep the monitor display screen from being damaged by displaying the same output for too long. As a result, screen savers need to take up the full screen, whereby the user has no indication that client code is being run. However, because screen savers are full screen application programs, they are able to spoof security log-on screens and thereby obtain a user's credentials, which may then be transmitted to a criminal entity. Similarly, a user may be tricked into inputting other personal data, which may then be used without consent. If the program is not able to transmit the data, because for example there is not presently a network connection, a screen saver can store a stolen identity and password in an isolated storage area, where the screen saver or another program can later locate that data and transmit it when there is a connection.
Further, application programs are executable code, and thus are able to perform other dangerous behaviors, such as writing to the registry, reading personal information from a hard disk, and so forth. In general, careful computer users simply do not download executable code from an untrusted source, even though they may want and/or benefit from such code, because the risks to security, privacy and/or stability are too great.
What is needed is a way to ensure the trustworthiness of executable code downloaded from any source. When not deemed trustworthy, additional policy may then be followed as to how such code should be handled.