Re: idea

[silky <michaelslists () gmail com>]

On Fri, Jan 2, 2009 at 12:32 PM, Mike Preston <mike () technomonk com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> silky wrote:
>
> > I guess a trivial solution is just a bittorrent with relevant files in
> > it. If AV companies issued updates out over BT as well, that would be
> > nice. They could have a process of signing each update (do they
> > already?) so that they're validated.
> >
> > Pretty trivial.
>
> But there is nothing to stop the tracker being blocked and to my
> knowledge the current Azureus DHT protocol requires a tracker to be
> present in the first place to allow peers to find each other to
> bootstrap the protocol.

No but you can have several trackers, and that's the point -
decentralising the number of places that the download can be done; in
an ad-hoc fashion.


> The second problem, is that you are talking about opening up the
> computer while *downloading* security software to an untrusted network.

Eh? The idea was asking for ways to get the data. Why is downloading
via bittorrent any different? Sure there could be bugs in your
bit-torrent software, but still.


> Perhaps a decent option is to just build a rescue mode into the
> computers and use that to download updated defs and then install them on
> the main install. The rescue mode could be hardened with minimal drivers
> and firewalled up the yangtse. Splashtop springs to mind, although this
> doesn't seem to have this capability on current implementations...

Sure but that won't be happening anytime soon, and is also probably
too 'stable', in that it itself will become targeted.


> As I said before, its not trivial but its solvable.
>
> Mike

-- 
noon silky
http://www.boxofgoodfeelings.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.