RE: How to deal with trojans?

["Miner, Jonathan W (US SSA)" <jonathan w miner baesystems com>]

-----Original Message-----
From: networkmanager-list-bounces gnome org [mailto:networkmanager-list-bounces gnome org] On Behalf Of Daniel Gnoutcheff
Sent: Thursday, May 20, 2010 4:10 AM
To: networkmanager-list gnome org
Subject: How to deal with trojans?

While researching/brainstorming for my GSoC project, I've been thinking a lot
about related security issues, specifically the issue of trojan programs messing
with user settings data. It seems that, while this has long been a concern for
N-M development, it hasn't been addressed directly yet.
---------------------------

Daniel -

As a long time UNIX/Linux developer and NM user, I can understand your concerns.  Your interest in protecting the user from undesired changes is valid.

However, I subscribe to the basic UNIX/Linux principle that tools should focus on doing small things, and doing them well.  A tool should parse user-data for syntax, ie, an IP address is a dotted-quad, with each number between 0 and 255; but trying to parse data based on user intent creates a rift between what the user wants to do, and what "you" believe the user is trying to do.

I think the detection of Trojans is best left to tools that focus on that task. If you extend your premise that NM should deal with detecting Trojan data to all tools, then we have a great duplication of effort with "all" tools trying (perhaps differently) to detect Trojan data.  We should avoid bloating NM with functionality that is not directly network related.

That's my two cents.