On Tue, 27 Nov 2007 10:03:55 EST, Jared Mauch said:
Within the next 2 major software releases (Microsoft OS) they're going to by default require signed binaries. This will be the only viable solution to the malware threat. Other operating systems may follow. (This was a WAG, based on gut feeling).
This has some interesting implications and would require Microsoft to be a bit more small-app friendly, and there'd be a knob to twiddle if you're a developer and don't want to check signatures, but it's one of the few ways to resolve the issues IMHO, and cut down on the infections. So what if I own you via your browser, unless the malware i push to your host is signed, it's not gonna run. Game [closer to] over.
The problem with "active content" is that an exploit will quite happily run in the security context of the browser - and way too many sites insist on either/both Flash and Javascript. Ever notice that there's been far fewer pure Java based problems? That's because it started off with a semi-sane security model. Flash and Javascript didn't. And you can't allow the browser to create executables, obviously. Unfortunately, that *also* means that you can't allow the user to use the browser to download patches, updates, and new software.... (Well - it's at least theoretically *doable* in the right Trusted Computing type of scenario, but I doubt we're going to get users to buy into it...)