funsec mailing list archives
Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Sat, 22 Dec 2007 12:56:51 -0500
On Dec 22, 2007 12:02 AM, <Valdis.Kletnieks () vt edu> wrote:
On Sat, 22 Dec 2007 00:20:46 GMT, Drsolly said:Massive automation of the database creation would help. But I still can't see any answer other than, "User is not able to install *any* software". Like grannyxUnfortunately, that's not an answer either - because if they can't install software, they can't install patches and updates.
If you are relying on your users to install patches and updates, then you have more to worry about then viruses.. Two words: Thinstall and remote home directories...... ... ok maybe 5 words... -JP "Man that guy is Dumb" -Algernon (sans flowers) And even a stripped-down
grannyx *will* have bugs that need patching. Unless you're planning to re-spin and re-ship CD's every 3-6 months, this is a non-starter. I think the crucial point is "User is not able to *inadvertently* install any software". Given something like the Ubuntu updater with GPG signatures, and a properly implemented SAK (Secure Attention Key) system so a browser exploit can't fake the updater screen, it should (with suitable amounts of handwaving) be possible to allow people to install software they *wanted* to install, but prohibit drive-by fruitings of systems. Yes, a *few* people will go out of their way and manage to install malware anyhow. But there's only one solution for them, and unfortunately it's not politically expedient to suggest eugenics... ;) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Kaspersky strikes again, (continued)
- RE: Kaspersky strikes again Peter Kosinar (Dec 21)
- RE: Kaspersky strikes again Young, Keith (Dec 21)
- RE: Kaspersky strikes again Hubbard, Dan (Dec 21)
- shit happens, et tu, AVG? was Re: Kaspersky strikes again Kitsune (Dec 21)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Alex Eckelberry (Dec 21)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Drsolly (Dec 21)
- Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again Valdis . Kletnieks (Dec 21)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again David Harley (Dec 22)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Drsolly (Dec 22)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again David Harley (Dec 23)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Alex Eckelberry (Dec 21)
- Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again Dude VanWinkle (Dec 22)
- RE: Kaspersky strikes again Larry Seltzer (Dec 23)
- RE: Kaspersky strikes again Alex Eckelberry (Dec 23)
- Re: Kaspersky strikes again Dude VanWinkle (Dec 23)
- Re: Kaspersky strikes again Valdis . Kletnieks (Dec 23)
- Re: Kaspersky strikes again Drsolly (Dec 24)