Hacker News new | ask | show | jobs
by api 2049 days ago
The real solution is a least privilege hardened operating system that limits the damage both in terms of malicious effects and data exfiltration/ surveillance. Exposing permissions to users is also a hard UI/UX problem.

Code signing and OCSP and such are band aids to cover the fact that our OSes have deeply inadequate security models. They all date back to the days when the net was far less hostile or in some cases before WANs were a common thing.

Web browsers run code from everywhere and do a decent but not perfect job of this. It’s possible.
1 comments
zepto 2049 days ago
I’d say this is only one half.

Many malicious effects involve social engineering, fraud, etc, and are not about exfiltration of files.

link
api 2049 days ago
In that case code signing can’t do much either.
link
zepto 2049 days ago
On the contrary code signing is the only current solution to this problem.

It allows fraudulent, malicious, or easily exploited code to be disabled.

link
api 2049 days ago
How can revoking apps stop a phishing attack?
link
zepto 2049 days ago
Easy: Revoke the certificate of the app doing the phishing.
link
judge2020 2049 days ago
To add, this is exactly what google's safe browsing is https://safebrowsing.google.com/
link