On Thu, 2009-05-07 at 10:50 +1200, Philip Dowie wrote:
what is an executable? Something with the X bit set? Shell scripts aren't executed, they are interpreted, yet they have the X bit set.. Likewise, I can take a binary, which is executable, and remove the X bit from it, but it is still executable, according to some definition..
I think the idea here is that the program providing protection needs to generate a list of good checksums initially, sign that list, then check against it each time - new programs are queried, the list updated, etc.
The obvious problem is this: What if a program you want to use for the first time is actually "infected" (for some definition of infected)? Presumably you'll allow the program, because you, nor your security system, have any way of knowing what the "proper" checksum should be..
I kind of agree with the purists that security should be left to those who understand it, but at the same time, that removes the usefulness of a computer from those who don't understand security, and I also buy the arguments of the pragmatists that to require the end user (ignorant, or otherwise) to understand security is akin to requiring all motorists to understand how their engine works - just not practical these days - and no end user is going to want to do the equivalent of taking their car to the garage to get it services - ie, getting a knowledgable 3rd party in to continually monitor and manage their system - it'd cost too much - the 3rd party would need a huge service desk, and a tightly integrated system so that "problems" (ie, applications requesting access to the net) could be observed and the end user request access, etc, etc, be serviced with minimal delay.. Starting to sound like a bit of a pipe dream..
I don't know what the silver bullet will be - clearly neither approach works right - windows works and is easy, but is as insecure as, well, windows, on the other hand, Linux can be really secure, but ends up being hard to use for the folk who don't want to know what a kernel is, etc, etc..
The whole time people are trying to bring Linux to the mass, but because of lack of tools to make it as easy as MS-Windows is, this approach fails. Fact is that consumers expect MS-Windows easiness and because that's not available, they stick to what the know and/or perceived to understand. So, some party can offer MS-Windows like tools for average consumers - not being corporate users. While the basic Linux/OSS distribution can still serve the more secure variants - e.g. without Personal Firewalls etc. Frans. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org