undefined | Better HN

0 pointszepto5y ago0 comments

It’s unfortunate that this is a response to a bulveristic comment. This really is a very important problem, indeed perhaps the most important problem in computer science today.

0 comments

api5y ago

The real solution is a least privilege hardened operating system that limits the damage both in terms of malicious effects and data exfiltration/ surveillance. Exposing permissions to users is also a hard UI/UX problem.

Code signing and OCSP and such are band aids to cover the fact that our OSes have deeply inadequate security models. They all date back to the days when the net was far less hostile or in some cases before WANs were a common thing.

Web browsers run code from everywhere and do a decent but not perfect job of this. It’s possible.

zeptoOP5y ago

I’d say this is only one half.

Many malicious effects involve social engineering, fraud, etc, and are not about exfiltration of files.

api5y ago

In that case code signing can’t do much either.

1 more reply

j / k navigate · click thread line to collapse

0 comments

api5y ago

Web browsers run code from everywhere and do a decent but not perfect job of this. It’s possible.

zeptoOP5y ago

I’d say this is only one half.

Many malicious effects involve social engineering, fraud, etc, and are not about exfiltration of files.

api5y ago

In that case code signing can’t do much either.

1 more reply

j / k navigate · click thread line to collapse