[TriLUG] spyware

[Mike M]

On Fri, Apr 16, 2004 at 04:44:04PM -0400, Andrew Perrin wrote:
> I think the principle is essentially that of the panopticon (perhaps in
> reverse): 

Panopticon. Cool word: to see without being seen.

> the possibility that an observer could discover untoward
> behavior without first being observed creates a disincentive for engaging
> in the untoward behavior in the first place.  So I trust the package
> maintainer because s/he knows that someone else could discover malicious
> behavior with little cost and no prior observation.

Even so, a window of opportunity exists for malware to enter the system.
So how do you minimize your exposure?

I am thinking that there needs to be a live CD with a minimal OS, X,
network support, firewall and traffic logger/analyser, and browser.  It
needs to be code reviewed by a public entity.  This is then used for 
financial transactions on the web.  This is the most common highly
sensitive use of the web for most people.

The next best thing would be a small live CD from a well known source
and hope that the package maintainers and developers are trust worthy.
Trust develops over time from lots of people using it and not having
any problems.
-- 
Mike

Moving forward in pushing back the envelope of the corporate paradigm.