Re: Viruses

[Bruce Stephens <bruce cenderis demon co uk>]

"Roger Vaughn" <rvaughn@pobox.com> writes:

> This is exactly the kind of complacency virus coders are hoping for.
> There are *many* holes in any system, even in the install/run
> tactics you describe, as others have already pointed out in this
> thread.

Of course there are.  I'm not suggesting things couldn't be
better---just that there really are reasons why we'd expect Unixoid
systems to be less vulnerable to such attacks than Windows 9x
machines.  Not invulnerable, by a long way, but less vulnerable.

So, how should GNOME help?  

Well, gnorpm (and any other installation systems) should make it
really easy to check signatures (and generate them, where
appropriate).  

There'll need to be a CORBArized version of GPG, I guess.

And (for those cases where you can't easily become a connected to who
you want to be connected to via the usual web of trust), there ought
to be some reasonably secure ways of getting public keys.  I've
probably got RedHat keys (since I have official CDs, which probably
contain them), so probably there ought to be convenient collections of
signed (by RedHat's key) public keys of people who distribute
software.  Or just keys available from some reputable site,
downloadable by HTTPS (with the certificate provided by one of the
standard CAs)---that would do for me, and presumably for most people.

Extensions to CVS to allow server authentication?  (Would I use such a
thing, I wonder?)  A wrapper around patch, to check that the patch has
been signed?

How much is ease-of-use compatible with security?

--
Who messed with my anti-paranoia shot?