Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!brutus.cs.uiuc.edu!apple!sun-barr!rutgers!bpa!tci!kempf
From: kempf@tci.bell-atl.com (Cory Kempf)
Newsgroups: comp.sys.mac
Subject: Secure Mac
Message-ID: <667@tci.bell-atl.com>
Date: 7 Feb 90 17:41:07 GMT
References: <8164@shlump.nac.dec.com>
Organization: Technology Concepts, Inc.  Sudbury Mass.
Lines: 36


>Protected-mode OS: granted, and it's coming, but it'll still be a while.
>In the meantime, what else did you have in mind? Perhaps we can start 
>a discussion on standard anti-viral measures in applications.
> 
>-eric


Protected mode OS is one of the most important steps... after all, if
the intruder can rewrite your protection software, well, "Game over
man".  To have a truly safe mac, I think what we need is a combination
of Gatekeeper, a User/Password login scheme, with file protections
(similar to Unix, but I really wouldn't mind if they did it better), a
combination of auto-logout/screen saver, and disk drivers that require
a password to operate.  The finder could be set up to give the driver
the correct password, once the user has logged in.  This way, booting
on a floppy would not bypass the security systems.  (If you need to
boot on a floppy -- the disk is toast, you should have a few in a safe
somewhere).

I think that this would do a lot to eliminate viri, trojan horses,
etc.

I would also like to see launch modified s.t. it does a checksum on an
application being launched before launching it -- if it doesn't match
a preregistered value for that application then it complains.  There
are at least two problems with this: developers and speed (how much
will it delay the system?)

Anyway, comments?

+C
-- 
Cory Kempf		Technology Concepts	     phone: (508) 443-7311 x341
uucp:	{anywhere}!uunet!tci!kempf, kempf@tci.bell-atl.com
DISCLAIMER: TCI is not responsible for my opinions, nor I for theirs