funsec mailing list archives
Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again
From: Valdis.Kletnieks () vt edu
Date: Sat, 22 Dec 2007 00:02:14 -0500
On Sat, 22 Dec 2007 00:20:46 GMT, Drsolly said:
Massive automation of the database creation would help. But I still can't see any answer other than, "User is not able to install *any* software". Like grannyx
Unfortunately, that's not an answer either - because if they can't install software, they can't install patches and updates. And even a stripped-down grannyx *will* have bugs that need patching. Unless you're planning to re-spin and re-ship CD's every 3-6 months, this is a non-starter. I think the crucial point is "User is not able to *inadvertently* install any software". Given something like the Ubuntu updater with GPG signatures, and a properly implemented SAK (Secure Attention Key) system so a browser exploit can't fake the updater screen, it should (with suitable amounts of handwaving) be possible to allow people to install software they *wanted* to install, but prohibit drive-by fruitings of systems. Yes, a *few* people will go out of their way and manage to install malware anyhow. But there's only one solution for them, and unfortunately it's not politically expedient to suggest eugenics... ;)
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Kaspersky strikes again, (continued)
- Re: Kaspersky strikes again silky (Dec 21)
- Re: Kaspersky strikes again Drsolly (Dec 22)
- Re: Kaspersky strikes again silky (Dec 22)
- RE: Kaspersky strikes again Alex Eckelberry (Dec 21)
- RE: Kaspersky strikes again Peter Kosinar (Dec 21)
- RE: Kaspersky strikes again Hubbard, Dan (Dec 21)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Alex Eckelberry (Dec 21)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Drsolly (Dec 21)
- Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again Valdis . Kletnieks (Dec 21)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again David Harley (Dec 22)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Drsolly (Dec 22)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again David Harley (Dec 23)
- RE: Kaspersky strikes again Larry Seltzer (Dec 23)
- RE: Kaspersky strikes again Alex Eckelberry (Dec 23)
- Re: Kaspersky strikes again Dude VanWinkle (Dec 23)