[100948] in North American Network Operators' Group
Re: Creating a crystal clear and pure Internet
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Nov 27 10:28:48 2007
To: Jared Mauch <jared@puck.nether.net>
Cc: Sean Donelan <sean@donelan.com>, nanog@merit.edu
In-Reply-To: Your message of "Tue, 27 Nov 2007 10:03:55 EST."
<20071127150355.GC76456@puck.nether.net>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 27 Nov 2007 10:23:08 -0500
Errors-To: owner-nanog@merit.edu
--==_Exmh_1196176988_2895P
Content-Type: text/plain; charset=us-ascii
On Tue, 27 Nov 2007 10:03:55 EST, Jared Mauch said:
> Within the next 2 major software releases (Microsoft OS) they're
> going to by default require signed binaries. This will be the only viable
> solution to the malware threat. Other operating systems may follow.
> (This was a WAG, based on gut feeling).
>
> This has some interesting implications and would require Microsoft
> to be a bit more small-app friendly, and there'd be a knob to twiddle if
> you're a developer and don't want to check signatures, but it's one of the
> few ways to resolve the issues IMHO, and cut down on the infections. So what
> if I own you via your browser, unless the malware i push to your host is
> signed, it's not gonna run. Game [closer to] over.
The problem with "active content" is that an exploit will quite happily
run in the security context of the browser - and way too many sites insist
on either/both Flash and Javascript. Ever notice that there's been far fewer
pure Java based problems? That's because it started off with a semi-sane
security model. Flash and Javascript didn't.
And you can't allow the browser to create executables, obviously. Unfortunately,
that *also* means that you can't allow the user to use the browser to download
patches, updates, and new software....
(Well - it's at least theoretically *doable* in the right Trusted Computing
type of scenario, but I doubt we're going to get users to buy into it...)
--==_Exmh_1196176988_2895P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFHTDZccC3lWbTT17ARAr7yAKDvh9aM++HA/0DtDrQYstlmzPc6cACg/LVG
viFJjj66MWJVfGeHitGN548=
=+zpu
-----END PGP SIGNATURE-----
--==_Exmh_1196176988_2895P--
