Described is a system and method by which an application program is
evaluated for trustworthiness based on the permissions and/or privileges
it requests relative to a program category. The program describes the
permissions needed to operate, and identifies itself as belonging to a
particular category. Security components compare the requested permission
set against the permissions that programs of that category actually need
in order to operate properly. Programs requesting more permissions than
needed are deemed untrustworthy. For example, screen saver application
programs need only a limited permission set to operate properly,
including full screen access and the ability to read files, but do not
need network access permissions or write access to files. Any screensaver
application that requests only the needed permission set is deemed
trustworthy, while others that request permissions beyond what is
actually needed are not deemed trustworthy, and a user or automated
policy process may then intervene.