Breaking News
Comments
Newest First | Oldest First | Threaded View
MeirG
User Rank
Rookie
re: Turning cyber security on its head
MeirG   10/4/2012 4:48:58 PM
NO RATINGS
And how can I be sure that the ostensibly bit9 site is? Its Identity could be stolen too, can't it?

MindTech
User Rank
Manager
re: Turning cyber security on its head
MindTech   10/4/2012 3:47:00 PM
NO RATINGS
I like the idea of trust-based security. But at some point I still have to be able to say that I trust a program. Under something like Bit9's solution, if I find a new piece of software (say open source) do I have to wait until someone on their end can whitelist it before I can run it? As for self-signed, all they would have to do is establish a way for clients to get temporary certificates that their system would allow. Still, it all comes down to who has the final say in what is trusted: me, my OS, my hardware, or my security software.

przemek
User Rank
Rookie
re: Turning cyber security on its head
przemek   10/3/2012 5:48:50 PM
NO RATINGS
So there's been this concept of signed code: executables are signed by their creator, who vouches for their safety, and the OS checks that the creator is who they claim they are and that the executable has not been modified. Microsoft implemented this because they had a horrible problem with third party software and drivers; they required it for drivers for years, but didn't make it mandatory for user executables. Bit9 could use this infrastructure by re-signing the executables they deem to be safe; I suspect that they instead built their own implementation. Unfortunately the article doesn't mention which platforms are covered: I assume Wintel and PCs, but they could also be targeting smartphones. Signed code is coming our way: the new EFI BIOS requires signing of BIOS images, and of the boot loader---this is required by the new Windows 8 hardware spec from Microsoft. I am apprehensive whether this is a good idea all the way through: it essentially gives the control over what software one can install and use to the signing entities. I hope that all such schemes allow self-signing of home-made executables.



Flash Poll
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Engineer's Bookshelf
Caleb Kraft

The Martian: A Delightful Exploration of Math, Mars & Feces
Caleb Kraft
3 comments
To say that Andy Weir's The Martian is an exploration of math, Mars, and feces is a slight simplification. I doubt that the author would have any complaints, though.

The Engineering Life - Around the Web
Caleb Kraft

Surprise TOQ Teardown at EELive!
Caleb Kraft
Post a comment
This year, for EELive! I had a little surprise that I was quite eager to share. Qualcom had given us a TOQ smart watch in order to award someone a prize. We were given complete freedom to ...

Design Contests & Competitions
Caleb Kraft

Join The Balancing Act With April's Caption Contest
Caleb Kraft
54 comments
Sometimes it can feel like you're really performing in the big tent when presenting your hardware. This month's caption contest exemplifies this wonderfully.

Engineering Investigations
Caleb Kraft

Frankenstein's Fix: The Winners Announced!
Caleb Kraft
8 comments
The Frankenstein's Fix contest for the Tektronix Scope has finally officially come to an end. We had an incredibly amusing live chat earlier today to announce the winners. However, we ...

Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)