North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Stopping open proxies and open relays
NANOG Digest wrote: > > It would help if systems would only execute code that is signed > properly. This would make malware traceable. However the current way of > getting your code signed is in many cases too costly for the casual open > source developer so people are used to running unsigned or selfsigned > application even when the facilities to check signatures would already > exist in the system. (though for example in Windows, signatures are only > checked at install, not runtime) My supply of free software is signed by the developer/maintainer and the trust relationship established through GnuPG, and Keyservers. The OS has facilities to check these at install time if you want. You'd only need to check at run time if root had altered the executables - and he is a pretty solid chap here ;) Similarly when I distribute free software it is always accompanied by signed MD5 hash of each file distributed. So I don't think it is costly to do if you pick a suitable model. The certificate authority approach is pointless until they provide proper support for revocation, which most didn't last time I looked, but I believe it is getting better. (I'm in the cynical group who believes that the Certificate Authorities are a conspiracy to tax encryption). But typically signing only proves the authorship, it doesn't tell you anything about how well written (and thus compromisable) the code is, or how trustworthy the recipient is ('anyone the certificate authority will accept money off' - to paraphrase a comment), or how well protected their keys are. Signing is a fine approach, but I think sandboxing should take priority. Here even if the code is subverted by malformed data, the key stolen, etc etc - the damage is limited. Lots of installed copies of IE seem happy to run any "signed ActiveX" plugin - even when it is Spyware. Although I'm not clear if this is down to a bad choice of defaults, or users not understanding that even signed cheques bounce (indeed unsigned cheques don't get that far usually). One more to check and switch to 'prompt' if you still use IE. Popular spyware seems to go under inspiring names like spy.exe, trojan.exe etc, but relatively knowledgable Internet users still manage to get it installed against their wishes. I'm sure there is a more appropriate forum - but then there are probably web pages discussing it in great details. Of course neither approach excludes the other.