Securing ActiveX.

Blake Coverett blake at bcdev.com
Mon Dec 16 17:52:48 PST 1996


Jim McCoy wrote:
> The other problem is that the proposed Authenticode system and other "signed
> applet" systems only provide accountability after the fact.  This is little
> help when your hard drive is toast and the only proof you had was a logfile
> which was the first thing erased...  

No, it's not really the accountability that's the issue.  It's the
ability to choose before the fact that I 'trust' the software's author.

> The illusion that only "trusted software
> puslishers" will be given blanket authorization is a pipe dream: users are
> sheep who will hit that "OK" dialog box as many times as necessary to get the
> tasty treat they are anticipating (and there is actual experimental evidence
> to back this up :)  

Yup, point well taken.  <story user=clueless>I popped into an empty users 
cube last week to borrow the phone.  On the monitor was a post-it note from
one of his co-workers that read, 'Please write your password here:' and of
course the helpful fellow had done just that.</story>  With real users I 
suspect only centrally administered security decisions that they can't override 
will be effective.  Hmm... wonder what I can retrofit into IE to accomplish that.

> I expect that the first post-Authenticode ActiveX virus
> will be one to modify the signature checking routines or add additional keys
> to the registry which makes the second round of the attack appear to be a
> valid OS update from Microsoft. 

Shh... we have enough kool dewds floating around here looking for ideas.

> The state of the art was up to it quite a while ago.  Check out KeyKOS and
> other OSes which use capability semantics for access control.  

I agree 100%.  The intent of my comments was that such security *is* 
possible, but it's not available in widely deployed mass-market OS's.
I'd love to hear feedback to the contrary, but it seems to me that it's
extremely difficult to layer that type of security onto an existing system.

-Blake (who's thinking about putting crazy glue into one user's floppy drive)






More information about the cypherpunks-legacy mailing list