Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'The only solution to trojan horse programs' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
The only solution to trojan horse programs
Authored by: nickfitz on May 13, '04 05:14:29AM

Code signing.

If your malicious code wasn't signed (by yourself, by Apple or by someone you trust) it wouldn't be allowed to run.

Microsoft are into code signing in a big way.

One needs to be able to trust the people who sign the code to be who they say they are. Therefore, you need to be able to trust the certificating authority only to issue certificates to the right people. And this doesn't always happen: 'VeriSign, Inc.... issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is "Microsoft Corporation".'

In other words, no matter what system is in place, it only takes a little social engineering to circumvent it.



[ Reply to This | # ]