On Sat, Apr 17, 2004 at 09:00:32AM -0400, sholton wrote: > >On Fri, 2004-04-16 at 15:25, Mike M wrote: > > >Well, decide right now, how paranoid you need to be. > > It's useful, in discussions such as these, to consider the > challence from the mal-war writer's point of view. > > There are different strategies if I am targeting you or > if I am targeting 'just anyone'. > spyware is often the work of an insider.
It seems with spyware the stakes are higher and that you may be targeted either specifically or as part of a dragnet operation. If you're managing sensitive data or large amounts of money, your paranoia should increase. *nix permissions are useless with spyware. A browser that logs keystrokes and outputs collected information that is the result of either the upstream developer's or the package maintainer's intent is not probable but still possible. This is all pretty high paranoia stuff I'm considering. Identity theft was the intent of a local bank holdup recently, so that tells you that the evil ones are going to incredible lengths to upset all the new networked conveniences. In light of this it seems that we should feel paranoid. The live-cd model offers a relatively easy way to simply avoid spyware when your paranoia feelers are tingling. The only problem is getting high trust software on the live-cd. Of course the software must be open source. I'd like to see the OpenBSD process and mindset applied to that source. Since this model is vapor at this time, the alternative is to trust a certain Knoppix CD and just stick with it. -- Mike Moving forward in pushing back the envelope of the corporate paradigm. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
