undefined | Better HN

0 pointsAnalemma_9y ago0 comments

Far more annoying and productivity-impeding for the users to have to put up with it.

0 comments

11 comments · 4 top-level

epistasis9y ago· 4 in thread

By "white-list" I mean to include code-signing, which has been shown not to impede much of anything, honestly.

OS X's half-white-list mode of refusing to run unsigned code unless you invoke it from the right-click menu seems to be incredibly effective.

Between code-signing and sand-boxing, I see virus scanners as failed legacies of the past. They have stopped little, and cost everyone greatly.

datguacdoh9y ago

https://github.com/google/santa seems like it takes this approach. Gives an enterprise the ability to decide which signed certs it wants to trust and then block everything else unless it gets vetted.

iancarroll9y ago

Unfortunately there are literally websites that will sign any file you upload using certificates they stole. It's not a great approach.

dredmorbius9y ago

Cryptographic solutions aren't Majickal Pixyie Duste. They can however, within a social and adminstrative context, help tremendously in assuring proper results.

An independent authority (or authorities) of trusted (and untrusted) signing certificates.

In a word: reputation.

epistasis9y ago

And presumably those certificates are revoked, or will be revoked soon.

Nothing is 100% accurate in security. But code-signing is still far more protective than virus scanners. Given evading a virus scanner and evading code-signing, one of these is far easier than the other.

1 more reply

ploxiln9y ago· 3 in thread

Many already do - it's called iOS.

When the iPad first came out, a few executives publicly said "this is so awesome, I can do all my work on my iPad!" Sounds good to me, leave the power tools to the grown-ups who can resist punching the monkey, and can install security updates every couple of days (without being forced to reboot at the whim of the OS).

loup-vaillant9y ago

The price for stuff like iOS is to high. I want to own my computer.

ploxiln9y ago

I hate iOS, I own no iOS devices. But, many people love it.

If many people really need to be protected from themselves (and as a side effect save the world from botnets), iOS is the way to do it.

1 more reply

zepto9y ago

It's too high but only for a tiny minority of people.

1 more reply

acdha9y ago

Is that really a given? Most users put up with incredibly locked-down corporate IT systems – would requiring those IT departments to publish whitelists really change that experience much?

rasz_pl9y ago

everything is annoying and productivity-impeding compared to tiger-repellent rock

j / k navigate · click thread line to collapse

0 comments

11 comments · 4 top-level

epistasis9y ago· 4 in thread

By "white-list" I mean to include code-signing, which has been shown not to impede much of anything, honestly.

OS X's half-white-list mode of refusing to run unsigned code unless you invoke it from the right-click menu seems to be incredibly effective.

Between code-signing and sand-boxing, I see virus scanners as failed legacies of the past. They have stopped little, and cost everyone greatly.

datguacdoh9y ago

https://github.com/google/santa seems like it takes this approach. Gives an enterprise the ability to decide which signed certs it wants to trust and then block everything else unless it gets vetted.

iancarroll9y ago

Unfortunately there are literally websites that will sign any file you upload using certificates they stole. It's not a great approach.

dredmorbius9y ago

Cryptographic solutions aren't Majickal Pixyie Duste. They can however, within a social and adminstrative context, help tremendously in assuring proper results.

An independent authority (or authorities) of trusted (and untrusted) signing certificates.

In a word: reputation.

epistasis9y ago

And presumably those certificates are revoked, or will be revoked soon.

1 more reply

ploxiln9y ago· 3 in thread

Many already do - it's called iOS.

loup-vaillant9y ago

The price for stuff like iOS is to high. I want to own my computer.

ploxiln9y ago

I hate iOS, I own no iOS devices. But, many people love it.

If many people really need to be protected from themselves (and as a side effect save the world from botnets), iOS is the way to do it.

1 more reply

zepto9y ago

It's too high but only for a tiny minority of people.

1 more reply

acdha9y ago

Is that really a given? Most users put up with incredibly locked-down corporate IT systems – would requiring those IT departments to publish whitelists really change that experience much?

rasz_pl9y ago

everything is annoying and productivity-impeding compared to tiger-repellent rock

j / k navigate · click thread line to collapse