Internet Security Moving Toward 'White List'

ehud42 writes "According to Symantec, 'Internet security is headed toward a major reversal in philosophy, where a 'white list' which allows only benevolent programs to run on a computer will replace the current 'black list' system' as described in an article on the CBC's site. The piece mentions some issues with fairness to whose program is 'safe' including a comment that judges need to be impartial to open source programs which can change quite rapidly. Would this work? The effort to maintain black lists is becoming so daunting that white lists may be an effective solution."

Addressing malware.

[Burz]

I'd like to expand on my first post by pointing out a few ways for fighting malware that are the most freedom-friendly, encouraging users to make responsible decisions. These depend on OS vendors employing sane UI policies:

Do not engage in filename-mangling! If a file is named "apicture.jpg.exe" then it MUST be displayed that way and must not undergo any automatic alteration (falsification) that, for instance, makes an executable appear as data.

Additionally, all executable files are shown with a red warning flag whenever that filename is displayed by the desktop, file manager or file dialog. This is important, as Windows will execute files ending in ".com" and this suffix is a part of most websites the user trusts; clicking on a "monster.com" file is natural so another indicator is necessary to cut down on trojans.

Make web site scripting purely an opt-in affair by default. This goes for anything else the html engine is used for, like chat clients.

No more "Open this file" option in download dialogs. Period. If the user cannot manage opening the file themselves from the regular UI, then hopefully they will get stuck and sign up for an introductory computer class.