A new approach to Re: Itch3: Anti-lost/theft protection -THE REAL PROBLEM APPEARED!
plists at prometheus.org.yu
Thu Mar 1 12:32:21 CET 2007
On Thursday 01 March 2007 08:41, you wrote:
> later someone will write a Troyan Horse, some king of dialer (like for
> application made calls and sent smses. Openmoko kernel should log any
> What do you think?
There are two sides to this problem - one, the origin of software. This has
actually been dealt with so we have examples like the Debian repositories
which verify (gpg signatures, etc) packages so you know that the thing you
are installing actually came from a place/person you trust. The other problem
is just as present on regular PC-s, as you have trojans which, when run,
change your dialup settings so you dial a high-price number on the other side
the globe instead of your regular ISP. The second aspect is protection from
malware. There are several solutions on this - proper user rights,
virtualization, and filtering on the API level of the phone itself, best to
combine all of these, since kernel logging won't help much if the trojan has
root access and hides/works in the kernel as a module, for example.
More information about the community