Posted Aug 28, 2008 16:47 UTC (Thu) by bfields
In reply to: Threat Model
Parent article: TALPA strides forward
Case 1: A user visits an evil webpage. That webpage then exploits some browser flaw to drop a .so file on the local system and modify the user's .bashrc file to specify that file in LD_PRELOAD or similar.
Would you rather fix this with a browser patch, or with a scanner that, with great effort, tries to identify a few specific examples of such exploits?
Case 2: A user downloads and runs a trojaned "game" of some sort that has been emailed to them. Yes they shouldn't, but there are more and more "innocent" users of Linux these days.
Again, do you want to get in the business of cataloging every single trojaned game, or would you rather, say, give users trusted game sources, or better tools for sandboxing the games they run?
"Do both" is one possible answer, but I worry whether the obvious incentives for short-term bandaids may reduce the incentives for longer-term solutions.
to post comments)