[4967] in WWW Security List Archive
Prediction:Plug-ins will go away (Re: Automatic trojans)
daemon@ATHENA.MIT.EDU (Jay Heiser)
Tue Apr 1 19:54:41 1997
Date: Tue, 01 Apr 1997 13:20:00 -0500
From: Jay Heiser <Jay@homecom.com>
Reply-To: jay@homecom.com
To: Matthew Patton <patton@sysnet.net>
CC: WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
In the grand scheme of things, I lump browser plugins (and the code they
execute) in with Java, ActiveX and (MS-Word) macros as forms of
executable content. I think that plugins are either going to go away,
or they are going to be extended to take advantage of some browser-based
security infrastructure. Executable content is a great idea, but it's
even better when it doesn't needlessly introduce vulnerabilities.
Matthew Patton wrote:
Ok, I doubt this registers on anybody's scope as new, but given the
following:
>Navigator can also automatically download and install plug-ins when
it
>encounters a page requiring a plug-in you don't already have.
as featured in Netscape Communicator (or maybe even v3.x?) sounds
like a perfect opportunity to introduce little nasties with perhaps
nothing more than a dialog box asking the user if he wants it. My
guess is the average Joe will just hit the "heck yeah, why not?"
button. Congratulations you've just been infected with (pick your
flavor).
Any thoughts on how to deal with this other than the obvious and
never ending "user awareness training"??
--
Jay Heiser, 703-610-6846, jay@homecom.com
Homecom Internet Security Services
http://www.homecom.com/services/hiss
