Defenses against Application-Level
Trojan Horse Backdoors (cont.)
¨Know your software
–Only run software from trusted developers
–Software should include a digital fingerprint to allow checking for trojanized program
–http://www.rpmfind.net contains MD5 fingerprints of applications that can be checked via md5sum on Linux
–Programs may be digitally signed by developer
¨Educate your users
–Web browsers should be configured not to run unsigned ActiveX controls
–Block ActiveX controls without proper, trusted digital signatures at firewalls
–Block Java applets that are signed by  untrusted sources
¨