We imagine here the process of installing an application from an untrusted source. We install the code using level 3 tools. We start the application. If it should begin reading our files we will see it scanning for file names in our directory. Depending on decisions we have not made yet it will see an empty directory or we will get a report from the VR hack that our new guest just asked for the names of all the files and directories in what would be the user’s directory in Linux. There being no such directory in the new world, by default, we may at this point decide to maintain the fiction that we have no files, or if such a query is a legitimate for the reasons we installed the app, we now have the option of choosing a directory of ours, and granting the app its wish.
This pattern is repeated several times for the voluble application.
If you want to use a bank app provided by your bank then you may be more concerned with your money than your computer. In that case a bank teller or VP might hand you a card with a hash of the app. The trusted installer will compute the hash of the app. You enter the hash from the card and the install will proceed only if the hashes match. This variation is due the fact that we need to be sure that the program does the right things with the authority that it legitimately needs. In this case we consider what we are trusting: