Adam Sampson on Sat, 20 May 2000 23:05:09 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Nettime-bold] Re: <nettime> Viruses on the Internet: Monoculture breeds parasites

On Sat, May 13, 2000 at 11:14:12PM +0100, Benjamin Geer wrote:
> I agree for images, and in fact my mail client is set up to open an
> image viewer for JPG attachments.  This is because no harm can
> possibly come from viewing a JPG.

Unless your image viewer has a buffer overflow problem, say, while reading
the JPEG comment string. Fortunately, there isn't much of a monoculture in
image viewers or the systems they're running on (i.e. while a cracker could
build a virus---and yes, this would be a virus, not a worm---that inserted
itself into the JPEG comment field, it probably wouldn't spread very far).

> Another possibility would be to use a different sort of security
> mechanism, so that executable code could be identified as coming from
> a trusted source, using a public encryption key.  If you tried to run
> a script that didn't have a trusted public key, you'd get a dialog box
> saying 'Warning: This program is not known to be from a trusted
> source.  It could cause your computer to burst into flames.  Are you
> sure you want to run it?'

What we really need is a combination of Perl's taint checking and the Linux
kernel's capabilities: programs operating upon untrusted data (i.e. anything
received in mail) can only display information to a restricted area of the


Adam Sampson

Nettime-bold mailing list