The real solution to preventing malicious mobile code isn’t antivirus programs and defense plans. It doesn’t involve renaming files, preventing file attachments, and putting up scanning gateways. It takes a concerted effort building strict secured operating systems, enforcing accountability, and decreasing default functionality. Unfortunately, these solutions would take massive infrastructure reengineering and are not likely to be widely deployed in the short-term. Here are real solutions we could implement in our computerized society to stop malicious mobile code:
Audit all code
Vendors build more secure OS/applications
Prevent unauthorized code changes
Allow only approved content to execute
National security infrastructure
All through this book, I have stressed the importance of not running untrusted code. In the purest sense, code cannot be trusted unless every line has been inspected for signs of maliciousness or weakness. But few companies have the resources, or time, to personally review all incoming code. At best, most companies try to run code from reliable sources. But can we even trust reliable resources? Much of the exploitable code in existence today was not intended to be malicious. The manufacturer either did not have the resources to properly audit their own code, could not imagine the ways in which it could be abused, or simply decided that consumers would put up with the possible ...