17 Jun
2007
17 Jun
'07
6:48 p.m.
Siddhesh Poyarekar wrote:
It isn't. Again, it doesn't clearly distinguish between a driver installation activity and any other activity. My second scenario would still hold -- an on-device virus could still fake a driver installation routine and get in. The user wouldn't have a clue.
...which is no different than a driver CD faking a trojan install. You could easily develop a protocol to instruct the OS to only listen to what the program on the ROM says, probably with a checksum to verify its integrity.
The bottom-line is that you have to trust the manufacturer of your product.
-- Anant