" />

Plug-ins - a source of insecurity

It can be strange to consider that IT departments frequently prohibit the installation of executable files by users by denying them administrator rights, “Because they may compromize the security of the PC,” whilst at the same time living with the fact of users being able to download and install almost any plug-in they want without any knowledge of what the impact of that download will be. Perhaps the real issue here is that the IT department can deny administrator rights but can’t stop plug-ins, so they do what they can. So the claim that the plug-in is safer than allowing an exe file may prove more a matter of what IT departments can achieve than actuality. A plug-in for example, may obtain the rights of the application it is plugged into, which may be very considerable indeed.

Of course plug-ins could be made secure, in the sense that by cryptography (digital signatures) the manufacturer can verify that plug-ins have been digitally signed before allowing the plug-in code to run (provided that the manufacturer evaluates and certifies all plug-in code before signing it so that every user may be certain that there can be no compromise to the application). But only the manufacturer can do that – nobody else. And anyway, what would that mean? Are we to assume that the manufacturer has the technical ability to certify the security and quality of every plug-in that is digitally signed and who is going to pay for that? It would create an immensely complex administration system, not to mention always having to have the manufacturer’s product being fully up to date.

Linked by shanmuga Friday, 9th December 2005 6:53AM