Defenses against Application-Level
Trojan Horse Backdoors (cont.)
Trojan Horse Backdoors (cont.)
¨Know your
software
–Only run software from
trusted developers
–Software should
include a digital fingerprint to allow checking
for trojanized program
–
–Programs may be
digitally signed by developer
¨Educate your
users
–Web browsers should be configured not to run unsigned ActiveX controls
–Block ActiveX controls
without proper, trusted digital signatures at
firewalls
–Block Java applets
that are signed by untrusted
sources