[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [Fwd: Re: windows future]
- To: Peter Besenbruch <prb@xxxxxxxx>, "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] [Fwd: Re: windows future]
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- Date: Thu, 27 Aug 2009 15:34:54 -0300
>> Of course, all this is based on an extrapolation of the current strategy
>> of blacklisting. My feeling is that, once malware levels grow beyond
>> this threshold, we'll see a mass switch to whitelists. In other words,
>> apps will go from being innocent until proven guilty, to being guilty
>> until proven innocent. We're already seeing some if this with Vista's
>> UAC pestering when one wants to install a new application. Given that,
>> I'm not sure how the rest of your scenario plays out.
>
>I'm not sure this is a solution. Most of the people I work with will
>unquestioningly click every UAC prompt. Knowing what to whitelist requires a
>fair degree of technical skill beyond most users' ability.
If they can just "unquestionably click" the UAC prompt, then they are already
running as administrators, or your DA has changed the default setting for UAC,
which requires "normal users" to enter the admin username and password to run
code with escalated permissions.
In either case, it's not Vista's fault.
t
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/