[orf]

The internet is a malicious place, filled with the non-technical and uninformed.

I guess we’ll wait for you to design a better trust-based system that allows you to stop malicious software from executing on N different machines without needing N users to do anything.

[brainzap]

Norton Antivirus will protect me

[iso1210]

I trust in McAfee, the software is as stable as the founder

[systemvoltage]

Nortan Antivirus. Download now, free 6 month trial.

[zepto]

It’s unfortunate that this is a response to a bulveristic comment. This really is a very important problem, indeed perhaps the most important problem in computer science today.

[api]

The real solution is a least privilege hardened operating system that limits the damage both in terms of malicious effects and data exfiltration/ surveillance. Exposing permissions to users is also a hard UI/UX problem.

Code signing and OCSP and such are band aids to cover the fact that our OSes have deeply inadequate security models. They all date back to the days when the net was far less hostile or in some cases before WANs were a common thing.

Web browsers run code from everywhere and do a decent but not perfect job of this. It’s possible.

[zepto]

I’d say this is only one half.

Many malicious effects involve social engineering, fraud, etc, and are not about exfiltration of files.

[api]

In that case code signing can’t do much either.

[zepto]

On the contrary code signing is the only current solution to this problem.

It allows fraudulent, malicious, or easily exploited code to be disabled.

[api]

How can revoking apps stop a phishing attack?