On Tue, 27 Nov 2007 10:03:55 EST, Jared Mauch said: > Within the next 2 major software releases (Microsoft OS) they're > going to by default require signed binaries. This will be the only viable > solution to the malware threat. Other operating systems may follow. > (This was a WAG, based on gut feeling). > > This has some interesting implications and would require Microsoft > to be a bit more small-app friendly, and there'd be a knob to twiddle if > you're a developer and don't want to check signatures, but it's one of the > few ways to resolve the issues IMHO, and cut down on the infections. So what > if I own you via your browser, unless the malware i push to your host is > signed, it's not gonna run. Game [closer to] over.
The problem with "active content" is that an exploit will quite happily run in the security context of the browser - and way too many sites insist on either/both Flash and Javascript. Ever notice that there's been far fewer pure Java based problems? That's because it started off with a semi-sane security model. Flash and Javascript didn't. And you can't allow the browser to create executables, obviously. Unfortunately, that *also* means that you can't allow the user to use the browser to download patches, updates, and new software.... (Well - it's at least theoretically *doable* in the right Trusted Computing type of scenario, but I doubt we're going to get users to buy into it...)
pgplPEsvocSBV.pgp
Description: PGP signature