"I could, right now, write an application for any version of Windows, OS X, or Linux that uploaded your address book without a single prompt. Hell, I could do this with any file owned by your user. "
I agree for the most part but "any version" is stretching it. There are solutions, but they're not sufficient imho. Theoretically Linux users can use AppArmor/SELinux/Tomoyo and a restrictive profile for the application. Unfortunately there is no "white-list" capability in those (open to correction on that) and they're not exactly easy to set up. Windows users can use security applications like Comodo's Defence+ and custom settings which, although powerful, gets rather annoying with popups.
I agree for the most part but "any version" is stretching it. There are solutions, but they're not sufficient imho. Theoretically Linux users can use AppArmor/SELinux/Tomoyo and a restrictive profile for the application. Unfortunately there is no "white-list" capability in those (open to correction on that) and they're not exactly easy to set up. Windows users can use security applications like Comodo's Defence+ and custom settings which, although powerful, gets rather annoying with popups.