Linux malware: an incident and some solutions
Posted Jan 4, 2010 21:31 UTC (Mon) by hppnq
In reply to: Linux malware: an incident and some solutions
Parent article: Linux malware: an incident and some solutions
The kind of attack you need to worry about is the one that is able to fool you, not so much the
system. In the case of a screensaver that asks permission to run a script, some users may be able to
answer correctly: no, of course not. But for a Firefox extension that rewrites a trusted link in a
trusted webpage to a malicious one or opens a connection to a remote server? You
are the weak link.
I think no amount of capability control will help decide, with acceptable confidence, what is trusted
and what not -- not even if this would involve detection of normal usage and trust patterns --
unless the software was downloaded from a trusted site to begin with.
(I guess the problem of properly configuring a system that is exposed to uncontrolled outside input
to perform a specific task is exactly as difficult as configuring it to prevent it. ;-)
to post comments)