Edward Ned Harvey wrote:
>2) Voluntary exploits. Something that tricks users into running
>something voluntarily, that they didn't know would be harmful.
> ...
>So why wouldn't a "bad guy" just sign their apps and bypass the prompts?
>Surely sometimes they will, but the process requires providing verifiable
>personal information. So I don't think any significant number of people
>will release illegal or really bad stuff that way. I think the worst signed
>apps will be fully legal, and easily uninstallable, although they may be
>annoying, like popup ads and junk like that.
Or a bad guy can infect the origin machine of the signed app and alter
the binary before its signed.
Personally, I don't like letting ANYone run ANY code on my machine
without my explicit permission. That includes HTML email.
--
Dave Close, Compata, Irvine CA +1 714 434 7359
d...@compata.com dhcl...@alumni.caltech.edu
"Political campaigns are the graveyard of real ideas and
the birthplace of empty promises." -- Teresa Heinz Kerry
_______________________________________________
Discuss mailing list
Discuss@lopsa.org
http://lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
