On Sat, 22 Dec 2007 00:20:46 GMT, Drsolly said: > Massive automation of the database creation would help. But I still can't > see any answer other than, "User is not able to install *any* software". > > Like grannyx
Unfortunately, that's not an answer either - because if they can't install software, they can't install patches and updates. And even a stripped-down grannyx *will* have bugs that need patching. Unless you're planning to re-spin and re-ship CD's every 3-6 months, this is a non-starter. I think the crucial point is "User is not able to *inadvertently* install any software". Given something like the Ubuntu updater with GPG signatures, and a properly implemented SAK (Secure Attention Key) system so a browser exploit can't fake the updater screen, it should (with suitable amounts of handwaving) be possible to allow people to install software they *wanted* to install, but prohibit drive-by fruitings of systems. Yes, a *few* people will go out of their way and manage to install malware anyhow. But there's only one solution for them, and unfortunately it's not politically expedient to suggest eugenics... ;)
pgpJoOBr9cTbj.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
