>>Internet security is headed toward a major reversal in philosophy, where a "white list" which allows only benevolent programs to run on a computer... Hardly a new idea of course. I've been hearing this for many years from many vendors. It's an OK idea for a business network where IT can reasonably say "you can't run anything on your computer that we don't give you to run." And where the administration can show the security software what the valid programs are for proper identification, perhaps with IT even code-signing them. But for home computers this just won't work. They'll never have an adequate list and people will insist on installing what's in front of them. And how are they going to identify programs for consumers? They could use code signatures, but even at the high end developers bitch and moan about that. If they use some sort of checksum then they need to monitor every valid build of every program. I'll believe this when I see it. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ <blocked::http://security.eweek.com/> http://blogs.eweek.com/cheap_hack/ <http://blog.eweek.com/blogs/larry_seltzer/> <http://blog.ziffdavis.com/seltzer> Contributing Editor, PC Magazine [EMAIL PROTECTED]
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
