Too time consuming imo. A properly secured and maintained repository system is probably better, where all common software can be obtained, including Adobe and Java. If a user wants to venture outside this "secured zone", such as via torrent or those developer's sites who choose not to use the repository, then that's their choice and the risk they're willing to take. Otherwise, the repository can virtually guarantee clean downloads.
You're depending on someone to verify it which takes time. I'm not suggesting it's ineffective, just you're relying on someone to check in a timely manner, which, because they are humans after all can't be guaranteed.
Users would have to be educated for security to work effectively. The only way it could work otherwise is if blacklisting was 100% effective, which it is not. HIPS, whitelisting, sandboxing, all of those things require an educated user.
Whitelisting is a far better approach than blacklisting, the latter of which should have gone the way of the dodo ages ago, especially if the source is 100% trusted, and all software in it will run reliably under a Standard environment, which unfortunately isn't the case. If nothing is allowed from other than a 100% verified untainted and trusted source, then a blissful whitelisted environment can be acheived. The only education required here is to convince the user to obtain their products from it, run as a Standard user, backup routinely, avoid clicking stupid links and apply routine patches. Easier said than done, of course
I do not think that a user must have much knowledge of computer security. In my opinion, what is needed is a good security suite and the basic knowledge of operating it and of responding to its messages.
I disagree. Blacklisting has the advantage of giving a definitive answer as to whether a file is malicious. Either a file is on it or it isn't. If it isn't, you get a false negative and malware bypasses it. Whitelisting is essentially the same thing. If a malicious file ends up on the whitelist you get a false negative and malware bypasses it. So if we used whitelists instead of blacklists we'd have malware trying to get onto whitelists instead of trying to stay off of blacklists. And either way they both attempt to have a solid picture of every file/ program/ url out there, which is unreasonable. I actually think they would both be necessary in any secure system. That's a lot of user education =p
In that one short part, you've already asked too much of average users. 1. Blacklisting: It's about like a dog chasing its tail. 2. Whitelisting: Tout it all you want, but for anyone who doesn't like to tinker with their systems or run into issues, it's a pain the behind and it always will be. 3. The internet needs rebuilt, period. The problems with the structure are not patchable. 4. Security is not going to be solved by user education..unless you're expecting them to suddenly have the knowledge to build the internet themselves. With hacked websites daily and all manner of ways to inject this, exploit that, there's no possible way to prepare for everything. Beyond the very basics, security is mostly out of user hands. And, adding more crap to your "arsenal" doesn't make things safer. I've gotten more requests for help over security measures than threats. @Hungry: Spot on. As ineffective as blacklists have become, I'd still like to see a normal user maintain a clean whitelist without the help of a blacklist (provided they actually do more than 2-3 things with their system and actually use the web). Malware writers are going to adapt to every single road block put in their path. That's just a fact. Todays' near fail-proof methods are tomorrows' generic AV.
How many millions of blacklist definitions are needed to make it reliable, especially when the list is never static? It's already proven antivirus incomplete blacklists with unreliable heuristics is far from an ideal solution. Yeah, that thought crossed my mind when I posted that No way. I'll tell you how easy it is to maintain a pristine whitelist of applications: 1. Obtain and install all software from known trusted sources only. 2. That's it! see how easy that is
Yes, but there are tons of non malicious programs as well. More every day. How are you going to catalog them all? And who are we trusting to ensure that this whitelist stays clean? The problem with a whitelist is that it's a "yes or no" situation, if you're on the list, you get access. What happens when malware gets on the list? Are you going to audit each file you come across, make a hash for each update, and keep those in a database that's constantly updated? Not going to be easy...
The only "ideal solution" is an OS that needs absolutely nothing else installed, the web is "plugin-less" and everyone is behind a virtual system that gets erased with every log-off. It also requires users who actually feel like the system needs nothing else...so you're already screwed.
And what happens when that "trusted source" gets compromised? *Insert pleasant sounding female AOL voice* "You got nailed!".
Definitely a bit. Sandboxie isn't very automated though and malware can still run within the sandbox. A nice solution but not idea.
It can if you don't lock it down. If, however, you make use of internet/run, it pretty much kills the chance of malware getting to play. @Page42: I'm talking about full blown OS level Sandboxie. Returnil would be closer to the idea than Sandboxie would.
Malware can still run. What I mean is not that if you get an exploit and dropper malware in your sandbox that run restrictions will stop it. I mean that if I download a suspicious file (let's say a keygen) and run it in the sandbox, that file could still perform what it needs to - keylogging or reading my files or exploiting an OS vuln or simply asking me for my credit card info/ to be let out of the sandbox. Not to mention that even with start/run restrictions an exploit could still run within a program ROP style.
Doesn't Windows 8 have something like that, that we can use to rebuild the O.S from scratch? By the way, I think something like that was suppose to be part of Windows 7, but it was withdrawn.
Yeah, "Reset" or "Refresh" or something. It sets the OS back to default but you keep your files/ documents.
By the way, in the end of the day what can you really trust? Do you trust that your original Windows DVD is clean? Are you 100% sure it came clean of infestation from manufacturing? Heck, you can't even trust open source. Check this -http://sourceforge.net/projects/md5tools/ The website mentioned there it's some Chinese porn website portal or something like that, judging by some of the names there. Trust nothing! And, by the way, you do need to be educated in order not to trust anything. So yes, education is necessary! I was educated to trust nothing in life.
I think there are two options, one completely rebuilds the O.S, while the other one retains files/documents. I think there was some article at Softpedia about it. I'll see if I find it.
Well yes, that's very true that if you purposely run it, not much can be done. But, that's kind of where common sense comes in to play...why are you using your credentials to sensitive websites in a box that is running a program you just downloaded off the net? That's what separate/test boxes are for. Of course, it all ends up back where we started, users and their tendency to be stupid/careless. You can't really do much to protect them, because while they are indeed stupid/careless, they're just intelligent enough to bypass/shut off security measures.
And that's where blacklists/ heuristics come in. Just an example. There's still reading files or keylogging via hotkey windows API. Or if the program is particularly clever in how it solicits CC info etc. A user won't turn off a program that never bothers them/ works in the background. Trust shouldn't ever come into it. There should be layers of distrust handled by the OS.
Ha ha ha ...still not a problem; just find someplace else, although I've never in all my years of downloading never had to do that. I was burned only once because I downloaded from an obviously untrustworthy source, way back when my edumecational(sic) capacity in this area was severely lacking
