Could Verisign Effectively Knobble ActiveX Spyware Installs?

1 comment
Thread Title:
Benjamin EdelmanHow VeriSign Could Stop Drive-By Downloads
Thread Description:

There's an interesting proposition threadlinked above that says, in short, that if versign were to excercise its right to revoke the digital certificates issued to spyware vendors pushing dodgy "drive by" installs.

Even though Microsoft can't (or won't) fully fix this problem, VeriSign can. Before an ActiveX popup can install software onto a user's computer, the installer's "CAB file" must be validated by its digital signature. If the signature is valid, the user's web browser shows the ActiveX popup, inviting a user to install the specified software. But if the signature is invalid, missing, or revoked, the user doesn't get the popup and doesn't risk software installation.

There's a lot of info in the post above but it would take someone with a far greater knowledge of this stuff than I to work out if Benjamin Edelman's solution would hold water.

From reading it though, it certainly seems it might...

Comments

quote

"If the signature is valid, the user's web browser shows the ActiveX popup, inviting a user to install the specified software."

It's not those who ask who are the problem, though?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.