Beyond Outfoxed

Every file and process should have a chain of trust leading back to the user. Any file or process without such a chain is being taken on faith, and the user should be warned accordingly.
For example, every process run by a computer should have a chain that looks something like this:

• wuauclt.exe [executed by] → Windows Update → [installed by] Windows OS → [installed by] User [trusted by] → Root User
• matlabserver.exe [executed by] → MatLab Application [installed by] → User [trusted by] → Root User

And similarly, every file should also have a chain:

• desktopicon.ico [created by] → FireFox Application [installed by] → User [trusted by] → Root User
• mydocument.doc [created by] → MS Word Application [installed by] → Root User

Ideally, management of trust should be done at the lowest levels of computation: in the operating system or even in the microprocessor itself. This limits the ability of malicious software from disrupting the chain of trust back to the user. Outfoxed, because it is just an extension, has many vulnerabilities. Primary is the vulnerability of the locally stored trust database.

The next step would be to have trust storage implemented as a continuously running process that could be queried by other applications. [Note 22/03: The new version does this, using HTTP for queries.] So the browser, email client, and word processor could all draw trust information from the same source.

The best solution would be to have this process integrated into the operating system itself, so that the OS could also take advantage of the trust information by only running trusted applications. Trust managed at this level, combined with a good security methodology, would give us the ultimate trustworthy environment.