Project feasibility

Banana fanna fo fanna · September 06, 2003, 10:32 PM

CupHead and I have come up with a better solution.

Get rid of vendors and the central authority. Instead, anyone can sign any patch they want. Each client can decide which keys they trust. They should trust several third-parties, so all of them have to be compromised in order to introduce a risk. If a patch isn't signed by the trusted third parties, then it is not considered safe yet, and the patch is not downloaded.

What do you think?

Grok · September 06, 2003, 10:54 PM

The only usefulness of signatures is to authenticate the source. This does not provide any hint of safety. Verisign makes corporations jump through hoops to get a corporate certificate. But that just means when you download my code components, you can trace them back to the company that was granted the certificate. I can still write dangerous code into that code component.

Camel · September 07, 2003, 02:27 AM

Happy 911, Grok!

But anyways, while that is true, the point is that the user should trust trustworthy companies. How does one know that their anti-virus software isn't a virus itself? They don't, really. They simply trust that the company is reliable.

Adron · September 07, 2003, 06:11 AM

Quote from: St0rm.iD on September 06, 2003, 10:32 PM
What do you think?

I think it makes more sense to have this coordinated by a single source for each product and patches signed by the producer (i.e. Microsoft for Windows products).

Banana fanna fo fanna · September 07, 2003, 11:05 AM

I was saying that third-parties can sign the patch, in effect saying "after our review of the source, we determine that this patch is indeed safe."

Kp · September 07, 2003, 11:25 AM

Quote from: St0rm.iD on September 07, 2003, 11:05 AM
I was saying that third-parties can sign the patch, in effect saying "after our review of the source, we determine that this patch is indeed safe."

Then who signs the patch to the RPC DCOM exploit, or any of the dozens of other patches issued by Microsoft (or any other closed-source corporation)? Reviewing the source is a bit difficult in those cases since the corporation more than likely sees no benefit to letting outsiders see the source, and the outsider can't in good faith sign it as being secure if they don't see the source to know what it does.

One point in your favor that I can see would be having signatures from well known third parties who make the assertion "We installed patch X on a system with these properties (and provide a full list) and had [these/no] problems." If that testing party is reliable, it would give some confidence that you won't introduce new problems trying to apply the patches. I was rather dubious about installing the RPC DCOM fix because the patch program itself advised me to make a full backup and boot disks before installing - not something you'd generally see on a patch which has a high confidence of successful install and flawless post-install operation, IMO. It was mostly by necessity and assurances from others that it had not melted down their computers that I finally decided to risk it. (It worked fine, btw.)

Banana fanna fo fanna · September 07, 2003, 12:25 PM

That's what I envisioned.

Grok · September 07, 2003, 02:34 PM

[ x ] Trust all content from Microsoft

Banana fanna fo fanna · September 07, 2003, 04:11 PM

No, it would be like:

Trust everything certified by Microsoft, CERT, AND eEye.

If Microsoft and CERT trust it, but eEye doesn't, the patch isn't executed.

Adron · September 07, 2003, 10:44 PM

Then you need eEye to volunteer to test all the patches for you, and be sued by everyone who installs a patch even though they've vouched for it....

I'm finding it hard to see how you'll make sense of this if it's not supposed to warrant something about the patch. But even Microsoft doesn't warrant any fitness for any particular purpose (or do they these days?).

Banana fanna fo fanna · September 08, 2003, 02:06 PM

Well give them a legal notice.

And eEye would voluntarily do it, or some other third-party security organization in order to gain trust.

j0k3r · September 08, 2003, 03:12 PM

If you ask me, this is wayyy too much for security things... For one thing I don't know how commited you would be but I'm imagining this would take close to a year to implement and cost quite a bit. I also don't think it would get very big, a full anti-virus company (Norton) would always have more customers.

Once again, my 2cents.

Banana fanna fo fanna · September 08, 2003, 03:47 PM

I think it'd take about a day to write and a few weeks to bug test.

But fully implenting it would take about as long as IPv6

thetempest · December 03, 2003, 01:24 PM

i agree with the others in stateing that a system that spreads exe's which can be setup to auto dl in the config is dangourus. It's not the smart people like us that you have to worry about.

It's the morons who are lazy and say "i dont want to have to think, i'll trust the comp to do that" and in the computer security world, trust is almost always unwarneted...

good luck though, this project would need a lot of overhead and good people working on it. Deffinently NO M$ =)

Kp · December 03, 2003, 02:38 PM

Watch where you're posting. This thread is several months old and had died a peaceful death. Don't disturb the dead.

Project feasibility

Camel

thetempest