Adam Sampson on Sun, 21 May 2000 18:18:10 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: <nettime> Viruses on the Internet: Monoculture breeds parasites |
On Sat, May 13, 2000 at 11:14:12PM +0100, Benjamin Geer wrote: > I agree for images, and in fact my mail client is set up to open an > image viewer for JPG attachments. This is because no harm can > possibly come from viewing a JPG. Unless your image viewer has a buffer overflow problem, say, while reading the JPEG comment string. Fortunately, there isn't much of a monoculture in image viewers or the systems they're running on (i.e. while a cracker could build a virus---and yes, this would be a virus, not a worm---that inserted itself into the JPEG comment field, it probably wouldn't spread very far). > Another possibility would be to use a different sort of security > mechanism, so that executable code could be identified as coming from > a trusted source, using a public encryption key. If you tried to run > a script that didn't have a trusted public key, you'd get a dialog box > saying 'Warning: This program is not known to be from a trusted > source. It could cause your computer to burst into flames. Are you > sure you want to run it?' What we really need is a combination of Perl's taint checking and the Linux kernel's capabilities: programs operating upon untrusted data (i.e. anything received in mail) can only display information to a restricted area of the screen... -- Adam Sampson azz@gnu.org # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime@bbs.thing.net