Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A warning on a new destructive 'press release'' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A warning on a new destructive 'press release'
Authored by: CarlosD on May 14, '04 03:17:51PM

Yes, Apple and Microsoft are what I would consider trusted sources. (Though people are very much questioning the latter. ;) )

This is not to say that they are perfect, but to clarify and define what is a "threat".

A security breach, as you point out, can eminate from trusted sources. That is precisely the point. **That's** when we should sound the threat alarm.

The candy from the stranger analogy is a good one. When buying food from an established grocery store, or other outlet (in the industrialized world, at least), you expect that you can trust the integrity of the food. If it is bad or poisoned, you hear the alarm on the evening news. Recent example: Did you hear about the frog in the salad of a major airline?

But if you got food -- hot dogs, let's say -- from someone on the street -- no cart, no license stickers, never seen before, etc. -- and you get sick, do you try and ban all hot dogs?

Warnings are fine, but at some point, there has to be a limit to what prompts a warning. Extreme example:

[Someone typed the letter 'A'. The state of memory will be changed by this insertion. Do you wish the letter 'A' to be inserted into this document?]

One suggestion is to have a cache of trusted certificates for signed executables. But I strongly feel this should not be a default way of operating. It will add more burden to getting things done and make development and regular installation under all the different supported sub-platforms (BSD, X11, Java, Cocoa, Carbon) more difficult. Also, Apple would almost be guaranteeing a future 'security crisis' if one of the certificates got out or got cracked.

No. A simpler way, is to tell users not to take candy, or hot dogs, from strangers.

---
Carlos D
===
my music
http://music.altamar.dynalias.org/



[ Reply to This | # ]