[conspire] Autodowload a Virus
Don Marti
dmarti at zgp.org
Tue Jan 5 21:03:43 PST 2010
begin Rick Moen quotation of Tue, Jan 05, 2010 at 03:52:59PM -0800:
> "Viruses" are not the problem. Willingness to shoot at one's feet is
> the problem. Anyone who's willing to install a .deb from nowhere in
> particular with root authority is certainly going to be willing to carry
> out any of the countless variations on "rm -rf /", and that is a much
> bigger and more real threat.
There's also a UI design problem. If a user clicks
on a web link, you don't want something like:
Open "http://downloads.rat-bag.com/spyware/pwn.deb"
with "Nifty GUI Package Installer?"
Then, if the user clicks "Yes" or "Install" or
whatever...
Please enter your password to run "Nifty GUI Package
Installer" as root:
The user actions required to install new software
are getting too close to the actions required to
open a file. The more different they are, the more
warning users get.
--
Don Marti +1 510-332-1587 mobile
http://zgp.org/~dmarti/
dmarti at zgp.org
More information about the conspire
mailing list