What is Digg?Sponsored by wix.com
The Ultimate Flash Website Design Tool view!
wix.com - Design a stunning website in 10 easy steps.
62 Comments
- RoboDonut, on 11/21/2008, -5/+55This is a terrible idea. It sounds like it could interfere with my everyday activities, and it has the potential to be absolutely devastating to the computer software industry. I mean, even if it can be disabled, most people will not install something when their antivirus tells them that it isn't approved by their antivirus software overlords. The end result is that small developers cannot write software at all because nobody will install things that aren't whitelisted. Whoever controls the whitelist controls the entire software industry, and it will always be in the hands of people who probably can't be trusted. This sounds like the beginnings of the Trusted Computing apocalypse that certain groups have been predicting.
People have wasted way too many resources trying to keep a broken system afloat instead of migrating to something that works. Just look at pretty much any non-Windows operating system. Do they have this problem? No. Not really. Why? Because they keep the user separate from the system and they enforce strict access controls.
Diversity is important to survival. In nature, a lack of genetic diversity can lead to an entire population being destroyed by a single disease. In software, a lack of diversity can lead to millions of computers infected by a single virus. Windows has no diversity. A weakness in one Windows system is a weakness in every Windows system. Malware couldn't spread if systems used mostly-interchangeable software. After all, Microsoft Office and OpenOffice both perform the same task, but do not share the same flaws.
In short, antiviruses provide nothing more than the _illusion_ of security. Once past you defenses, any good virus will immediately disable all your security software. More software invariably means more bugs. Systems get more secure through simplification, not by tacking on additional crud. The only real solution is to migrate to an operating system that understands these simple principals of security. - jmkiii, on 11/21/2008, -0/+33The proprietary giants would LOVE this.
Terrible idea! - Fingel, on 11/21/2008, -1/+32Hopefully it can be overridden. People write new programs every day. I write new programs every day. What am I supposed to do if I cant run my homework?
- nikpappagiorgio, on 11/20/2008, -0/+25Unfortunately the override is not an accepted file. :-)
- inactive, on 11/20/2008, -5/+25I say it's a good thing as long as there is an override.
- dkapuchino, on 11/22/2008, -1/+16This is the situation as it is today.
"The program Keylogger.txt.vbs.exe is probably a Password stealing virus. Are you sure you want to Install it?" Yes .
Somehow, users will always click the yes. - Barackalypse, on 11/22/2008, -0/+13So says the man promoting his company which maintains the list. I'll stick with my anti-virus and the ability to run anything I deem worthy, regardless of whether your organization considers it safe or unsafe.
- KibibyteBrain, on 11/22/2008, -0/+12That's what the interface designers should get smart and standardize on the affirmative always being the "safe" option. Or at least always go one way or another so you can tell grandma "always click yes/no". Right now in Vista, the inconsistency between what any given answer does for different prompts is pretty bad, as well as the order of options being different for different prompts for some reason.
- VodkanLemons, on 11/22/2008, -0/+12what is the guy in the picture so happy about?
- inactive, on 11/22/2008, -0/+10This would be a nice optional feature for my grandparents, but otherwise, it's just more useless crap that will only serve to annoy people who use their computers all day.
- tourettes1992, on 11/22/2008, -0/+9I decide what I run, if I ***** up its on me.
- inactive, on 11/21/2008, -1/+10What about people who write their own applications for personal use?
Imagine having to get your code approved even if you were the only one who was going to use it…
I'm just glad something like this will never touch Linux… and hopefully not OSX. - geodescent, on 11/22/2008, -0/+7Surprise buttsecks
- weech, on 11/22/2008, -0/+6Right. Good luck with that.
- KnivesForRobots, on 11/22/2008, -1/+7judging by the pic, i thought this was going to be some sort of list about white people
http://stuffwhitepeoplelike.com/ - crapuccino, on 11/22/2008, -0/+6Lamest idea ever. Whitelists are only any good in places like schools where you get your ass sued off if anybody sees anything remotely interesting.
- AgmLauncher, on 11/22/2008, -0/+6This would be terrible. There is a LOT of good software from "do it yourself-ers" tbh. Download.com is a small sampling, and it would become irrelevant with a whitelisting system. Who the hell is going to manually test all of those small scale apps to make sure there isn't a back door in there?
How would things like Mozilla and Firefox even have caught on if something like this had been in place?
I can see this being useful in a company or business that's trying to prevent its employees from installing any unapproved software, but any competent IT manager can already do that with the existing administrative settings in Windows. - riumplus, on 11/22/2008, -0/+5We implemented a whitelisting system on our computers at work. Only applications I have personally verified are able to be run on the user computers. Good god I love the immediate decrease in number of people who break their computer from installing non-work-related software, and viruses are practically non-existant.
For home use? Probably not a good idea. But for corporate use where you don't change software that often? An absolute godsend. - inactive, on 11/22/2008, -0/+5I like the idea that we buy products because we want them, not just because there's no alternative.
- Tori1987, on 11/22/2008, -1/+5Isn't this why we have anti-virus programs and firewalls? I'll be damned if I'm going to let someone else tell me what I can and can't have on my computer
bleh bah idea all around - JonForTheWin, on 11/22/2008, -0/+4GNU+Linux does exactly this. Use the kernel option grsec, anything not owned by root with permissions 755 can not be executed. When you have a dual quad Xeon machine with fast 15K rpm drives serving 60 users who use primarily OpenOffice 2.4.x, Gnome-Terminal to connect to the company database, and Mozilla Thunderbird + Lightning (supports meeting requests, goodbye outlook!), or even on a single workstation, grsec with that and other options are the way.
- crownedgriffin, on 11/22/2008, -0/+4Yeah, because virus writes won't just make their viruses look one of the files in the white list! Anti-virus software is more trouble than it's worth. I'll just stick to not being a n00b to keep myself safe.
- Swivelstick, on 11/22/2008, -1/+4Must be on /. your humour is not appreciated ;-)
- divinediva, on 11/22/2008, -0/+3That's the funny part about the whole 'market share' logic attempt: Apple holds ~10% market share.
- MacroDaemon, on 11/22/2008, -0/+3Excellent, more computer bureaucracy, just what we needed.
- Chakat, on 11/22/2008, -1/+4It already has. Whitelisting is what SELinux policies are all about.
- mfearby, on 11/22/2008, -0/+3You could keep using a patched-up OS burdened with gunk from the past decade or more, OR... you could switch to an open platform where you don't have any of those problems, AND you don't get any viruses.
Vendor lock-in OR freedom. Windows OR Linux. It's that simple. Put in the time to get to know Linux and you'll never look back. You can then experience true schadenfreude when your stubborn friends' PCs get infected :-) - LenzM, on 11/22/2008, -1/+4I think most linux distros do have a form of whitelisting, namely repositories. Almost all software installed on my box is from a repository. This doesn't stop me from writing scripts and whatnot, but I think it's a major reason linux is so much more secure than windows.
- JonForTheWin, on 11/22/2008, -0/+3like all proprietary software developers, goatse
- PillCosby, on 11/22/2008, -0/+3i use linux! never gotten a virus, but heard a few exist. i download everything. maybe the problem of malicious software is dependant upon the os...
- doublefelix, on 11/22/2008, -1/+4Surprise sex?
- SpeedSteamBoat, on 11/22/2008, -0/+3So who makes the list of "Good Files."
With all the pictures, videos, and music people create and share everyday how could this possibly work? - inactive, on 11/22/2008, -0/+2Elderly people would rejoice at the idea, but the rest of us, ***** that
- doublefelix, on 11/22/2008, -0/+2I'd rather invest in an edgy software company. A corporation that has the balls to release versions that just may in fact be extremely hazardous to your computer if you're a complete tool but otherwise allows you to manipulate data in newly creative and compelling ways to increase your organization productivity. That's a mission statement I could stand behind. This software sounds like something that has been approved by the Department of Homeland Security to keep America safe. I think we all get a little thrill when we've downloaded the latest version of virus definitions and our free copy of AVG quarantines some poorly written spyware before giving us the opportunity to personally consign it to a special place in hell. If you try to pasteurize the internet the experience will be about as exciting as a Friday night spent with Net Nanny.
- init100, on 11/23/2008, -0/+2Not in the sense that the article is talking about. I can write my own SELinux policies, nobody else has any say in what I allow on my systems. Besides, I have SELinux in enforcing mode on all my systems, and it hasn't yet stopped me from running any of the apps that I have written myself.
- init100, on 11/23/2008, -0/+2"Hackers focus their attempts on Windows, and specifically, the operating system that is going to affect the most people."
Actually, that's not the entire truth. Other systems, such as Linux, are targeted because they are often used on powerful server hardware with high-bandwidth network connections that can be used to spread they ***** much faster than any consumer box.
"Windows Vista, ... is VERY strict with access controls"
No, it just looks that way, because it keeps asking "cancel or allow" all the time. - init100, on 11/23/2008, -0/+2"In a business environment you need some conformity to keep everything flowing smoothly."
I'd agree when the scope is individual companies, since it eases administration, but when the scope expands to the entire world, that's what standards are for. Different applications from different vendors can work well together if they both use the same standards.
@Aensland
"If the economic incentive for malware writers @ spammers to hit non-windows OSes was as great, they'd get boatloads of crap too."
They might get more crap than they do now, but nothing says that they would get the same amount as Windows does now. - inactive, on 11/22/2008, -0/+2sudo
- virtualonliner, on 11/22/2008, -1/+3RIAA/MPAA is going to love this. That is reason enough to make it a really bad idea!
- init100, on 11/23/2008, -0/+2"In a business environment you need some conformity to keep everything flowing smoothly."
I'd agree when the scope is individual companies, since it eases administration, but when the scope expands to the entire world, that's what standards are for. Different applications from different vendors can work well together if they both use the same standards.
@Aensland
"If the economic incentive for malware writers @ spammers to hit non-windows OSes was as great, they'd get boatloads of crap too."
They might get more crap than they do now, but nothing says that they would get the same amount as Windows does now. - camg188, on 11/22/2008, -0/+2This has already been tried on smartphones with "Application Certification" http://www.coolsmartphone.com/forum/viewtopic.php? ... and it has been completely rejected by the end users.
- xyllar, on 11/22/2008, -0/+2Obviously he's excited that his company's software is going to be on all our computers in five years, making him enormously wealthy. Of course, we have to take his word for that since he's the one who said it in the first place.
- init100, on 11/23/2008, -0/+2"Hackers focus their attempts on Windows, and specifically, the operating system that is going to affect the most people."
Actually, that's not the entire truth. Other systems, such as Linux, are targeted because they are often used on powerful server hardware with high-bandwidth network connections that can be used to spread they ***** much faster than any consumer box.
"Windows Vista, ... is VERY strict with access controls"
No, it just looks that way, because it keeps asking "cancel or allow" all the time. - TwoDotOh, on 11/22/2008, -0/+2Yeah, this is probably the worst tech idea I've heard in a long time.
- adkenc, on 11/22/2008, -0/+2no.
- Aensland, on 11/22/2008, -0/+2Agreed. There's a time and place for everything. I loathed working in IT where the end user had admin privs over their own machines... there were always bunches of PCs to be cleaned up every day. Ugh.
- MickJT, on 11/22/2008, -1/+2It should work like this.
You set a timer that operates for, I don't know, 24 hours. Everything you run in that time, is added to the whitelist automatically.
Any other way would be a pain in the ass. - satcomer, on 11/24/2008, -0/+1Say goodbye to freeware/shareware if this idea of whitelisting goes forward. If you think something like the itunes iPhone app Store rules are bad, just wait for something like this.
- init100, on 11/23/2008, -0/+1A whitelist-based approach would be nice if I would be in charge of the whitelist for my own systems. Then nothing would run unless I say so. But I strongly oppose any third party determining what I can and cannot run on my computers.
- tokyoturnip, on 11/24/2008, -0/+1I hate when 3rd party companiies make money off of ***** already built into windows. Go lookup Group Policy under software restrictions (If my memory serves me correctly.)
-
Show 51 - 64 of 64 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is