>>Internet security is headed toward a major reversal in philosophy, where a "white list" which allows only benevolent programs to run on a computer... > Hardly a new idea of course. I've been hearing this for many years from many vendors. And even longer from Dr. Solly, Marcus Ranum, etc.... > But for home computers this just won't work. They'll never have an adequate list and > people will insist on installing what's in front of them. > > And how are they going to identify programs for consumers? They could use code > signatures, but even at the high end developers bitch and moan about that. If they > use some sort of checksum then they need to monitor every valid build of every program. The Ubuntu trusted software repository model, along with an enforcement application like SELinux, puts this almost within reach today. Grannyx anyone? --Keith
Keith Young, Security Official Department of Technology Services Montgomery County, Maryland phone - (240) 777-2955 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Seltzer Sent: Wednesday, September 19, 2007 8:25 AM To: [email protected] Subject: RE: [funsec] Internet security moving toward "white list" >>Internet security is headed toward a major reversal in philosophy, where a "white list" which allows only benevolent programs to run on a computer... Hardly a new idea of course. I've been hearing this for many years from many vendors. It's an OK idea for a business network where IT can reasonably say "you can't run anything on your computer that we don't give you to run." And where the administration can show the security software what the valid programs are for proper identification, perhaps with IT even code-signing them. But for home computers this just won't work. They'll never have an adequate list and people will insist on installing what's in front of them. And how are they going to identify programs for consumers? They could use code signatures, but even at the high end developers bitch and moan about that. If they use some sort of checksum then they need to monitor every valid build of every program. I'll believe this when I see it. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ <blocked::http://security.eweek.com/> http://blogs.eweek.com/cheap_hack/ <http://blog.eweek.com/blogs/larry_seltzer/> <http://blog.ziffdavis.com/seltzer> Contributing Editor, PC Magazine [EMAIL PROTECTED]
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
