On 04/27/2011 09:10, Robert J. Hansen wrote: >> yep. Phil Zimmerman noted that in his original essay on PGP. If you >> > have a malware infection you can no longer speak to what your computer >> > is or is not doing. > In fact, it's quite a bit worse than that. Your traffic is secure only so > long as both endpoints are secure. Depending on who does the numbers, > 15%-30% of all desktops are pwn3d. Even if your desktop is safe, the odds > aren't good the other end will be, too. > > There are many reasons why I feel OpenPGP is more or less irrelevant in the > world today, outside of some very special case scenarios. This is one of the > big ones: OpenPGP's necessary precondition -- that our endpoints are both > securable and secured -- is not met. > > *That would be 100% correct.*
This is why we need the Software Audit Tool I've discussed at times on various boards. The Software Audit Tool will need to be on a separate, read-only, bootable media such as a DVD. On boot-up it would mount the C: drive of the target system and then pull a software inventory. When complete this inventory would be audited, checking the data-time stamp and CRC of every executable software in the inventory. This would be checked against OEM specifications and system owner's noted. System Owners Notes should specify: what packages are supposed to be on this system. this is the only way to certify a system: a running system cannot be used to certify itself. for those who don't understand this an old and common malware trick is to replace the directory list program. when the system owner types dir c:\windows\*.* the modified dir list program simply fails to report the presence of the malware programs, instead adding the space taken by the malware back into the reported free-space. the original dir program is hidden someplace on the c: drive and then reported on the dir list with its orignal directory info. if you dump the program out you get this back-up copy; but when you run it -- the bad copy runs. the system-- has had a bug purposely installed,-- one with produces INCOROUT (incorrect output) ,-- it has been "pwn3d". Wolfgang Stiller (Stiller Research ) did an inventory program as I've described -- for DOS. We need one for Win/7. when we get it we can begin certifying systems and once that is underway we can begin identifying failure points which still need corrections. -- /MIKE
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
