funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again

From: Valdis.Kletnieks () vt edu
Date: Sat, 22 Dec 2007 00:02:14 -0500
On Sat, 22 Dec 2007 00:20:46 GMT, Drsolly said:


Massive automation of the database creation would help. But I still can't 
see any answer other than, "User is not able to install *any* software".

Like grannyx 


Unfortunately, that's not an answer either - because if they can't install
software, they can't install patches and updates.  And even a stripped-down
grannyx *will* have bugs that need patching.  Unless you're planning to
re-spin and re-ship CD's every 3-6 months, this is a non-starter.

I think the crucial point is "User is not able to *inadvertently* install
any software".  Given something like the Ubuntu updater with GPG signatures,
and a properly implemented SAK (Secure Attention Key) system so a browser
exploit can't fake the updater screen, it should (with suitable amounts of
handwaving) be possible to allow people to install software they *wanted*
to install, but prohibit drive-by fruitings of systems.

Yes, a *few* people will go out of their way and manage to install malware
anyhow.  But there's only one solution for them, and unfortunately it's
not politically expedient to suggest eugenics... ;)

Attachment: _bin
Description: 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: