Slashdot Mirror
Dan Geer On Trusting PCs In Botnets
walk*bound writes "In an essay published by ZDNet, security scientist Dan Geer has an interesting proposal for e-commerce sites to evaluate the trustworthiness of clients that try to connect. Assume that end users either always say 'Yes' or always say 'No' to security dialog boxes. Then make the decision one of two ways: 'When the user connects, ask whether they would like to use your extra special secure connection. If they say "Yes," then you presume that they always say "Yes" and thus they are so likely to be infected that you must not shake hands with them without some latex between you and them. In other words, you should immediately 0wn their machine for the duration of the transaction — by, say, stealing their keyboard away from their OS and attaching it to a special encrypting network stack all of which you make possible by sending a small, use-once rootkit down the wire at login time, just after they say "Yes."'"
Assume for a moment that a benevolent business point blank asks their customer, "Do you mind if we root-kit your computer for additional security?" If the customer agrees, they either trust the company or don't know what they're doing. Problem is, if you can get away with that, what else would they agree to? The benevolent company then takes measures to protect themselves since the user authorized it. They then pass the money saved from not dealing with infected computers on to their customers. Yay. If the customer initially declined, then apparently they like to keep control of their computer and you proceed under the assumption you're communicating with a clean(-ish) computer. Fair enough.
I'd say that the main problem with this scenario is the idea of a business being benevolent. I don't trust them to not screw me... but isn't that the author's point? It's an interesting concept, even if it likely wouldn't execute well. At the very least, the idea of somehow measuring a customer's willingness to just click the "yes" button is worth some thought.