[4753] in WWW Security List Archive
Re: Why do you think you can trust PC software? (was Re: Latest Java
daemon@ATHENA.MIT.EDU (Dennis Glatting)
Tue Mar 11 04:09:50 1997
From: Dennis Glatting <dennis.glatting@plaintalk.bellevue.wa.us>
Date: Mon, 10 Mar 97 22:35:52 -0800
To: jay@homecom.com
cc: WWW-SECURITY@ns2.rutgers.edu
Reply-To: dennis.glatting@plaintalk.bellevue.wa.us
Errors-To: owner-www-security@ns2.rutgers.edu
> Date: Mon, 10 Mar 1997 09:17:33 -0500
> From: Jay Heiser <Jay@homecom.com>
>
> Dennis Glatting wrote:
> > > From: Thomas Reardon <thomasre@microsoft.com>
> > > the sandbox anymore. Sandboxes are great for *untrusted
> > > code*. And ActiveX is absolutely only good for *trusted* code
> > With the code signature model there isn't a realistic method,
> > short of third party analysis of the source code and its
> > dependencies and world-wide legal liability, the signer
> > (assuming a third party) or the recipient has to believe the
> > code is trustworthy. From a security perspective, signing a
> > code blob offers little value other then verification of
> > transport. It is a "trust me" model, which the Snake Oil FAQ
> > offers appropriate commentary.
>
> I might be missing something here, but how do you trust ANY code?
> Do you got to the store and buy commercial software in boxes and
> put it on your computers? There isn't a piece of commercial
> software in the world that meets the above criteria.
>
> Realistically, the world would rather not write its own code,
> nor spend great amounts of money testing commercial code that
> apparently works. Right or wrong, that's the way people who buy
> software prefer to operate. If a code signature model can
> provide them as much or more level of comfort as buying software
> retail, than I submit that it has a good chance of being
> commercially viable.
>
> Of course there is risk, but worthwhile activity lacks that?
> Show me an example of PC software that you would consider
> 'trustworthy'.
>
There is a big difference. When you buy software in a store you
know an origin and a monetary transaction takes place. That
gives you traceability and, in most cases, legal means. It also
gives you reproducibility, i.e., evidence. These things are
less available to you over the net where code is often loosely
traceable and you are less likely to have legal means.
-dpg
