[conspire] Autodowload a Virus

Don Marti dmarti at zgp.org
Tue Jan 5 21:03:43 PST 2010

begin Rick Moen quotation of Tue, Jan 05, 2010 at 03:52:59PM -0800:

> "Viruses" are not the problem.  Willingness to shoot at one's feet is
> the problem.  Anyone who's willing to install a .deb from nowhere in
> particular with root authority is certainly going to be willing to carry
> out any of the countless variations on "rm -rf /", and that is a much
> bigger and more real threat.

There's also a UI design problem.  If a user clicks
on a web link, you don't want something like:

  Open "http://downloads.rat-bag.com/spyware/pwn.deb"
  with "Nifty GUI Package Installer?"

Then, if the user clicks "Yes" or "Install" or

  Please enter your password to run "Nifty GUI Package
  Installer" as root:

The user actions required to install new software
are getting too close to the actions required to
open a file.  The more different they are, the more
warning users get.

Don Marti                                 +1 510-332-1587 mobile
dmarti at zgp.org

More information about the conspire mailing list