Intel seeks security through app stores

Fair warning

I'm a Mac user and have an iPhone. I appreciate that iPhone apps I choose

to instal are verified. However, on my Mac(s) I enjoy installing whatever I want. And the OS

does a good job at warning me abot potentially dodgy apps. Maybe this is what Intel is going for with integrated security on their chips? Not a techie, just wondering.

As a linux user...

... I see nothing wrong with creating trusted repositories of software. It's how it's done in the linux world.

Repositories look after their own content, the user selects software from the repo. There's absolutely nothing to stop users adding extra software sources if they decide they need and/or trust them. There's also nothing to stop you downloading and installing stuff at random from the internet if you want to, though it's less advisable.

A similar system for windows (I'm guessing that's what the article is about, though it's not clear as it just mentions "x86" a lot) would probably be a step in the right direction, so long as it's not actually going to try to prevent people from running things from other sources.

"No need for an anti-virus vendor."

So why then the recent purchase? If you go this route you need not thier expertise just to vet applications for the Istore. (iStore Apple, Istore Intel?) Curiouser and curiouser...

ahem ...

So every Word macro has to be signed? Yeah, right.

If he means it, that's interesting. We've all hacked up a scripting framework at one time or another[1]. So you sign $yourlanguage to let it run. But how will Intel's hardware know when the data being read by $yourlanguage is in fact a script being executed?

Though sceptical, I wouldn't altogether dismiss it. Fifteen years on from when Perl's taint-checking for untrusted inputs showed you *can* make a clear distinction between safe and unsafe use of data, it's about time someone broke new ground.

Guess this means we'll need a sign-it flag in every compiler, and "save as signed" in every text editor that might be used for an executable script. Well, erm, they must surely have thought through how developers work, mustn't they?

[1] Is that still true for younger folks who have grown up with Larry's or Guido's and other such little hacks at their fingertips? I suspect it still is!

Umm, no ?

"Only allowing a system to run "trusted" code would inherently prevent malware that's spread through email or rogue websites from executing."

Not unless you've solved the halting problem it wont - I can still send the 'wrong' data and make my nicely signed app do anything it likes.

Memo to the author

Linux community and the FOSS culture in general is not about freedom of code, it is about the freedom of the end-user. This is what really bothers the corporate software vendors. It's not about giving away software for free (even Microsoft does this), it is about a way to allow users to escape vendor abuse.

Sorry but I have to shout it out loud.