From: Leonid Yegoshin <egoshin(_at_)genesyslab(_dot_)com>
From: Markku Savela <msa(_at_)anise(_dot_)tte(_dot_)vtt(_dot_)fi>
In case of mail attachment containing an executable, we could quite
safely try to run it, and the system would just inform that it tries
to open this or that file (do you want to allow it?), trying to
open TCP connection to port 25 (do you want to allow it?), or tries to
execute another program (do you want to allow it?).
I hope you joke. How many users know what means
"TCP connection to port 25" ?
Not joking, but those were just provided to give an idea of types of
checks that might be done. Default action should probably be to reject
operation with error message.
But, that was not my point. My point was that with such a protection
system, the whole virus/trojan/worm problem practically
disappears. You can download any executable and safely run it by
default. If it needs access to resources, it would be accompanied with
the resource list that you are supposed to install. This list could be
signed by some authority, which would be checked by the default
installation process.
The difference to signing programs and my suggestion is: signed
program may have bugs that cause it to do damage. But, in the proposed
system, even if program has bugs, it can only damage the resources it
has explicit access. This is especially good for programs that are
traditionally run as root. Usually this root requirement is only
because they need access to few special files or directories. Such
files are easily listed in the resource list.
--
Markku Savela (msa(_at_)hemuli(_dot_)tte(_dot_)vtt(_dot_)fi), Technical
Research Centre of Finland
Multimedia Systems, P.O.Box 1203,FIN-02044 VTT,http://www.vtt.fi/tte/staff/msa/