[4765] in WWW Security List Archive
Re: Why do you think you can trust PC software? (was Re: Latest Java hole is Netscape/Sun only)
daemon@ATHENA.MIT.EDU (Jesse Whyte)
Tue Mar 11 13:37:47 1997
Date: Tue, 11 Mar 1997 11:41:32 -0500
From: Jesse Whyte <jesse@eac.com>
Reply-To: jesse@eac.com
To: jay@homecom.com
CC: WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
On the premise that the current certificate granting system is too lax
in giving trust and doesn't necessarily afford the degree of security
that we would like, wouldn't a Class 3 or 4 certificate afford that
trust. For example, if Microsoft (or any vendor for that matter) was
too purchase a Class 3 or 4 certificate from a CA and use it exclusively
for software distribution/Java-ActiveX certiication, couldn't we be
reasonably assured that the vendor has developed the code. We can never
be 100% sure that the code is 100% safe, but at least we can be assured
that we can hold someone responsible for the error.
Jesse
Jay Heiser wrote:
>
> Dennis Glatting wrote:
> > > From: Thomas Reardon <thomasre@microsoft.com>
> > > the sandbox anymore. Sandboxes are great for *untrusted
> > > code*. And ActiveX is absolutely only good for *trusted* code
> > With the code signature model there isn't a realistic method,
> > short of third party analysis of the source code and its
> > dependencies and world-wide legal liability, the signer
> > (assuming a third party) or the recipient has to believe the
> > code is trustworthy. From a security perspective, signing a
> > code blob offers little value other then verification of
> > transport. It is a "trust me" model, which the Snake Oil FAQ
> > offers appropriate commentary.
>
> I might be missing something here, but how do you trust ANY code?
> Do you got to the store and buy commercial software in boxes and put
> it on your computers? There isn't a piece of commercial software in
> the world that meets the above criteria.
>
> Realistically, the world would rather not write its own code, nor spend
> great amounts of money testing commercial code that apparently works.
> Right or wrong, that's the way people who buy software prefer to
> operate.
> If a code signature model can provide them as much or more level of
> comfort as buying software retail, than I submit that it has a good
> chance of being commercially viable.
>
> Of course there is risk, but worthwhile activity lacks that?
> Show me an example of PC software that you would consider
> 'trustworthy'.
>
> --
> Jay Heiser, 703-610-6846, jay@homecom.com
> Homecom Internet Security Services
> http://www.homecom.com/services/hiss
> For company & industry news...subscribe to newsletter@homecom.com
--
***********************************************************************
Jesse Whyte EAC Network Integrators
Security Analyst Trumbull, CT
jesse@eac.com http://www.eac.com
(203) 371-2441
