North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Stopping open proxies and open relays

  • From: Simon Waters
  • Date: Mon Feb 09 13:33:35 2004

NANOG Digest wrote:
> It would help if systems would only execute code that is signed 
> properly. This would make malware traceable. However the current way of 
> getting your code signed is in many cases too costly for the casual open 
> source developer so people are used to running unsigned or selfsigned 
> application even when the facilities to check signatures would already 
> exist in the system. (though for example in Windows, signatures are only 
> checked at install, not runtime)

My supply of free software is signed by the developer/maintainer and the
trust relationship established through GnuPG, and Keyservers. The OS has
facilities to check these at install time if you want. You'd only need
to check at run time if root had altered the executables - and he is a
pretty solid chap here ;)

Similarly when I distribute free software it is always accompanied by
signed MD5 hash of each file distributed.

So I don't think it is costly to do if you pick a suitable model.

The certificate authority approach is pointless until they provide
proper support for revocation, which most didn't last time I looked, but
I believe it is getting better. (I'm in the cynical group who believes
that the Certificate Authorities are a conspiracy to tax encryption).

But typically signing only proves the authorship, it doesn't tell you
anything about how well written (and thus compromisable) the code is, or
how trustworthy the recipient is ('anyone the certificate authority will
accept money off' - to paraphrase a comment), or how well protected
their keys are.

Signing is a fine approach, but I think sandboxing should take priority.
 Here even if the code is subverted by malformed data, the key stolen,
etc etc - the damage is limited.

Lots of installed copies of IE seem happy to run any "signed ActiveX"
plugin - even when it is Spyware. Although I'm not clear if this is down
to a bad choice of defaults, or users not understanding that even signed
cheques bounce (indeed unsigned cheques don't get that far usually). One
more to check and switch to 'prompt' if you still use IE. Popular
spyware seems to go under inspiring names like spy.exe, trojan.exe etc,
but relatively knowledgable Internet users still manage to get it
installed against their wishes.

I'm sure there is a more appropriate forum - but then there are probably
web pages discussing it in great details. Of course neither approach
excludes the other.

Attachment: pgp00022.pgp
Description: PGP signature