On Dec 22, 2007 12:02 AM, <[EMAIL PROTECTED]> wrote: > On Sat, 22 Dec 2007 00:20:46 GMT, Drsolly said: > > > Massive automation of the database creation would help. But I still can't > > see any answer other than, "User is not able to install *any* software". > > > > Like grannyx > > Unfortunately, that's not an answer either - because if they can't install > software, they can't install patches and updates.
If you are relying on your users to install patches and updates, then you have more to worry about then viruses.. Two words: Thinstall and remote home directories...... ... ok maybe 5 words... -JP "Man that guy is Dumb" -Algernon (sans flowers) And even a stripped-down > grannyx *will* have bugs that need patching. Unless you're planning to > re-spin and re-ship CD's every 3-6 months, this is a non-starter. > > I think the crucial point is "User is not able to *inadvertently* install > any software". Given something like the Ubuntu updater with GPG signatures, > and a properly implemented SAK (Secure Attention Key) system so a browser > exploit can't fake the updater screen, it should (with suitable amounts of > handwaving) be possible to allow people to install software they *wanted* > to install, but prohibit drive-by fruitings of systems. > > Yes, a *few* people will go out of their way and manage to install malware > anyhow. But there's only one solution for them, and unfortunately it's > not politically expedient to suggest eugenics... ;) > > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
