[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ANNOUNCE] Introducing Codezero

From: olafBuddenhagen
Subject: Re: [ANNOUNCE] Introducing Codezero
Date: Wed, 4 Nov 2009 07:01:42 +0100
User-agent: Mutt/1.5.19 (2009-01-05)


On Tue, Jul 28, 2009 at 08:37:36AM +0200, Bas Wijnen wrote:

> For me, supporting encapsulation is extremely important.  It means
> that a user can start a program in a safe way.  Even if the program is
> malicious, and somewhere on the system is an other malicious program
> which would like to work together with it, it is impossible because
> they cannot talk.

This is nice in theory, but doesn't really work in practice, because of
covert channels. All you can really do is make it more tricky, and limit
the rate at which the malicious components can communicate; but not
prevent it entirely. This makes me question whether it's even worthwhile
to try building a system around this...

Note that I do believe in limiting what potentially malicious programs
can do in the first place. I'm just sceptical about trying to prevent
cooperation between potentially malicious programs.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]