Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On Dec 22, 2007 12:02 AM,  <Valdis.Kletnieks () vt edu> wrote:
> On Sat, 22 Dec 2007 00:20:46 GMT, Drsolly said:
>
> > Massive automation of the database creation would help. But I still can't
> > see any answer other than, "User is not able to install *any* software".
> >
> > Like grannyx
>
> Unfortunately, that's not an answer either - because if they can't install
> software, they can't install patches and updates.

If you are relying on your users to install patches and updates, then
you have more to worry about then viruses..

Two words: Thinstall and remote home directories......

... ok maybe 5 words...

-JP
"Man that guy is Dumb"
-Algernon (sans flowers)

 And even a stripped-down
> grannyx *will* have bugs that need patching.  Unless you're planning to
> re-spin and re-ship CD's every 3-6 months, this is a non-starter.
>
> I think the crucial point is "User is not able to *inadvertently* install
> any software".  Given something like the Ubuntu updater with GPG signatures,
> and a properly implemented SAK (Secure Attention Key) system so a browser
> exploit can't fake the updater screen, it should (with suitable amounts of
> handwaving) be possible to allow people to install software they *wanted*
> to install, but prohibit drive-by fruitings of systems.
>
> Yes, a *few* people will go out of their way and manage to install malware
> anyhow.  But there's only one solution for them, and unfortunately it's
> not politically expedient to suggest eugenics... ;)
>
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.