Reply to post: The Web should be for content, not code

Google Sites blight: Over 100,000 web pages for business form searches overrun with backdoor RATs

sbt Silver badge
Alert

The Web should be for content, not code

This also applies to e-mail links; if we could transition away from executable code being downloadable by web browsers, this vector would go away. Applies to scripts as well.

We'd need effective non-browser native apps for software retreival and installation; they could deal with code signing and attribution issues. Most platforms already have such apps like app stores. Or CLI tools like port, apt , brew, etc. As long as the OS/hardware maker doesn't get a monopoly on the app store or whatever software delivery mechanism like Apple has (for example), this would be an improvement.

At a minimum, browser makers should be picking up on these malware techniques and blocking dodgy redirects and mismatches between reported and detected mime types on downloads.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021