Control user installs of software

Learn how to verify the status of applications and data without wresting all control over what users put on their hard drives

I've written many times over the years, including as recently as last week, that letting users execute and install their own software will always allow viruses, worms, and Trojans to be successfully installed. Traditionally, I've recommended that users not have admin or root access, that they let system administrators choose what software is allowed and what is blocked. But this recommendation breaks down for several reasons.

First, it doesn't cross over to home computers. Most home users are end-users and system administrators, all in one, even though they're the ones most likely to install malware. Businesses, in general, are less likely to run malware than the average home user because businesses enforce computer security, deploy anti-malware programs, and so on.

Second, I can't think of a single end-user who likes to have someone else decide what they can and can't run and install. I've probably had more hate mail and comments on this than on anything else (other than when I foolishly insult Mac or Linux users). If end-users want to install the latest Windows Media Player codec to watch the newest Paris Hilton waste-of-AV-time video, why not? Who cares if the codec is a Trojan that wants to steal their identity, right? Freedom comes with a cost! I've even had respected InfoWorld colleagues take me to task on this point.

An expert solution

One solution is not to have someone more knowledgeable about nasty software decide whether a particular program or downloaded content is malicious, but to automate the process. I'm not just talking anti-virus programs, which look at only binary signature comparisons and sometimes use heuristics to detect specific behaviors. I mean client-side software examining the program's or content's entire binary (think: cryptographic hash) and making an intelligent, informed decision before the content is executed or loaded.

Several personal firewalls, including ZoneAlarm, will check to see if a local program requesting outgoing network access is normally approved by other users. This is closer to what we need, but it covers only network access and around 100,000 applications. It doesn't prevent local execution, but that's to be expected for a firewall product.

SignaCert, which I've reviewed before, is developing a global file hash database, through which it hopes to catalog every executable file in existence. SignaCert excels at scanning computers to find known and unknown programs, and it's in possibly the best position to contribute to (or lead) the greater vision.

The greater vision

The greater vision is that all computers run a client-side program, potentially embedded in the operating system, that measures the cryptographic hash of all programs and content being downloaded to the computer. Before the program is run or the content loaded, the hash is sent to a global database on the Internet for analysis. The database has a list of programs and content, as well as their related cryptography hashes. Additionally, each registered program has been ranked by security professionals as to the program's security, privacy, and operational methodology. There can be several main categories, each with varying levels of trust, that developers work with. Think of it as kind of like Common Criteria, but with a broader scope.

The idea is that the global database can act as each end-user's personal security advisor and recommend a go or no-go decision. A simple end-user message might say, "This program has been found to collect personal identifiable information, redirect Internet browser searches to paid locations, make potentially malicious modifications to your computer system, and send collected information over outbound network connections to multiple servers. Its legitimate intent cannot be confirmed. Most users have chosen not to install."

Another program, having the exact same behavior, might come from a trusted vendor and be recommended for installation. But at least the end-user would know that the program modifies their system in readily transparent ways. This might encourage legitimate vendors from slipping in "phone home" features without making users aware of why they're doing it.

Media content can be verified not to have known backdoors, malicious scripting, or other unexpected consequences. By default, unregistered programs and content would not run, or they would be subjected to additional scrutiny and controls (for example, sandboxing). Many programs are digitally signed today, but users still don't know what they do.

It is unrealistic for most end-users to be as knowledgeable as a 20-year computer security expert. So doesn't it make sense for us to help innocent end-users, who just want to do their jobs and have a little fun with their computers, make informed decisions?

Because ultimately, we don't want to stop end-users from installing and running any programs they want -- just the bad ones.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Roger A. Grimes

InfoWorld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?