Hello > The first and foremost 'real' thing we can do, to make all these > security dreams a reality, is help Linux get a concept of signed > applications (think iPhone, Mac OS) ... Or some other way to > differentiate between applications, or at least applications running in > different security contexts. I am working for an anti-virus company. We get a large amount of _signed_ malware. Signing files is not some magic fairy dust. If a file is signed by an institution you will have to read this as: "This file got through out signing process" Where the process can be anything from source code and assembler level analysis to getting 100 € and a handshake. We could at least verify if a file requesting a key got installed by root (not from usb stick or in a home folder), or if it was installed from an official repository. But this will not be bullet proof...maybe it protects against swords and daggers. > Vertigo wrote: > > I would suggest passwords in seahorse are not > > visible without re authentication of the user, but at the same time I would > > use the password dialogue box to warn the user that despite this > > authentication request, his passwords are NOT secure or encrypted as long as > > he is logged in, and he should lock his screen and/or close the keyring to > > avoid identity theft. > > Who does this reauthentication? Should seahorse lock and then try to > unlock the keyring? Or is gnome-keyring supposed to somehow identify > seahorse and treat it differently? > > Obviously anything done in seahorse would be of absolutely no > consequence to any other password manager. How often are keys requested from gnome-keyring ? How often would the user have to re-authenticate if every key request needs the user's ok ? I fear it will be to often. No UAC please Malware: My experience with it is most of the malware today does not have to get root access. The data malware is stealing is available in the user's context (passwords, bank account data, credit card numbers, ...) . The malware today is most of the time a trojan not a file infector => no root needed for spreading. The security philosopy is right. If something/someone gets control of the user's account the battle is lost. Hope this helps somehow Thorsten Sick -- New key ID: 2116591D Fingerprint: FCAD 6073 7E7A CEF0 8A9B 4479 0E79 EEEE 2116 591D http://publicinterface.wordpress.com/
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil