[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Securing ActiveX.
Jim McCoy wrote:
> The other problem is that the proposed Authenticode system and other "signed
> applet" systems only provide accountability after the fact. This is little
> help when your hard drive is toast and the only proof you had was a logfile
> which was the first thing erased...
No, it's not really the accountability that's the issue. It's the
ability to choose before the fact that I 'trust' the software's author.
> The illusion that only "trusted software
> puslishers" will be given blanket authorization is a pipe dream: users are
> sheep who will hit that "OK" dialog box as many times as necessary to get the
> tasty treat they are anticipating (and there is actual experimental evidence
> to back this up :)
Yup, point well taken. <story user=clueless>I popped into an empty users
cube last week to borrow the phone. On the monitor was a post-it note from
one of his co-workers that read, 'Please write your password here:' and of
course the helpful fellow had done just that.</story> With real users I
suspect only centrally administered security decisions that they can't override
will be effective. Hmm... wonder what I can retrofit into IE to accomplish that.
> I expect that the first post-Authenticode ActiveX virus
> will be one to modify the signature checking routines or add additional keys
> to the registry which makes the second round of the attack appear to be a
> valid OS update from Microsoft.
Shh... we have enough kool dewds floating around here looking for ideas.
> The state of the art was up to it quite a while ago. Check out KeyKOS and
> other OSes which use capability semantics for access control.
I agree 100%. The intent of my comments was that such security *is*
possible, but it's not available in widely deployed mass-market OS's.
I'd love to hear feedback to the contrary, but it seems to me that it's
extremely difficult to layer that type of security onto an existing system.
-Blake (who's thinking about putting crazy glue into one user's floppy drive)