Ok, so for the most part I like the idea of a MARKs, and I do no want to return to the system of permissions. I've noticed that some of the matrix actions are written form the perspective of a Hacker abusing a system he doesn't have legitimate access to (like Control Device), and some of the actions, like Jumping Into a Drone, call out rules for when you do have permission.

So I'm thinking that "Permission" is marks, but that the system treats illegitimate (hacked) marks different than real (invited) marks. Invited is the key, see page 240 "Invite Mark." If a mark has a valid invitation associated with it, the mark is valid. If all the marks you have on something are valid, then you have permission for all the actions the marks allow. That means no needing to roll vs a Host to edit a file, and no needing to make a sleaze based roll to use a Smartgun.

That last example, the smart gun, is applicable to the "security guard" mentioned on page 227: "A security guard’s weapon might be in her holster, but its owner is the corp that employs her. " If that guard has 3 legitimate marks on the gun, invited by her employers, she can use it just fine despite not being an owner. However, should a Decker sleaze a mark onto the gun, they need to make skill checks to force it to accept commands, as noted in the Control Device Matrix action.

This does, of course, make spoofing more potent, because it can be used to create an invitation instead of hacked marks. That invitation, which could be for a full 3 marks for 100 years, would allow much cleaner access to the device. To counter this setup being too effective, I'd make it possible for the owner of a device to revoke an invitation for marks after the marks are placed, effectively turning those existing marks into illegitimate ones. Only an Owner could do this.

As soon as you reboot your device, all marks get reset to 0.
so 3 marks for 100 years is still only good until you reboot. Which should be soon, because spoofing in the first place started your Overwatch timer.

Also, it seems to me that a mark gained by spoofing an invite mark is approximately as legit as a mark gained in any other nefarious way. I have nothing to base this on, but there is my $0.02

Accept invitation, or "standing offers," do not reset when your device reboots. As long as the invitation is around you can remark the device legally after every reboot.
Page 236: "This is rarely an issue for most devices because they almost never need to reboot, and when they do the hosts and other services usually have a standing offer, so re-marking them takes seconds." So that invite for 100 years (while not so subtle should the owner check) would be plenty of time to reboot and remark.

A Mark from Hack on the Fly or Brute Force has no associated invitation while a spoofed invite allows you to legally place a mark. For the purposes of this house rule, that's where I'm making the distinction between illegal marks (which force you take Sleaze or attack actions to use them, as per Control Device or Jump into Rigged Device) and legal marks, which is how I'm defining "Permission" (as noted in Jumped into Rigged Device.). The "spoofed invite" mark itself isn't spoofed or illegal, and as far the device is concerned, the instructions to make the invitation came from it's owner.

If the icon itself can tell whether is a mark is legit or illegal, how is that not taping a giant 'I'm in ur hostz, hackin ur filez' sign to the decker? The point of hacking is to make everyone think you're a legitimate user (which you obviously aren't if the system can distinguish between types of marks.)

I completely agree. The thing is, the rules as written in the book already requires a character to make illegal sleaze actions to interact with a device that they have marks on. Right now I think the rules in the book are based more on the page 236 quote, implying hacked marks being quasi-real and hosts not always accepting them, more than the page 248 quote saying marks make you a legitimate user. This house rule simply clarifies and extends the permission concept already in the "Jump into Rigged Device" matrix action to other matrix actions. Essentially, a hacked mark looks legitimate, maybe including a fake invitation, but when you attempt to use it the device/host/etc may reject it. By contrast, a real mark acquired through the legitimate method of accepting an invitation always works so no skill check is needed.

It would be a bigger change to the rules to remove the skill checks needed to use Control Device, Jump into Rigged Device, and Edit File if you have the Marks needed, essentially making all marks equal, although I admit it is one I'm considering.

As for the disconnect in the book between page 236 "hosts are sometimes not fooled by your hacked mark" & 248 "Once you have the mark, you are considered a legitimate user," well 5th edition seems to be full of such conflicted writing.