Author: Austin English Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Hacking Team looking at Tails
On Thu, Feb 18, 2016 at 10:51 AM, intrigeri <intrigeri@???> wrote: >> I was thinking about this last night, it likely wouldn't be too hard
>> to write a wrapper for the greeter to detect if those files (or other
>> similar files/directories, like __MACOSX) are present. It should then
>> be possible to pop up a very big warning in the greeter, ideally
>> before the user has a chance to type in their persistence password (if
>> used) or before starting a session.
>
>> [...]
>
>> Thoughts? If there's interest / lack of opposition I'll file a ticket.
>
> Sounds like this could possibly help educate users about a dangerous
> practice, which seems great! Perhaps the proposal could include a part
> about what action this warning would suggest to the user?
I'm not sure what action we should suggest. Purging those files would
get rid of the warning, but doesn't guarantee that the installation is
safe to use. That may only hide the problem since it may be infected
by an attacker. I'm not sure how the user could detect / verify that
(realistically, you probably can't..). Running a rootkit checker from
another *nix OS may be helpful, but of unknown effectiveness.
> 2 more cts: the exact wording should probably not expose the feature
> as a malware detector (since a Tails system can't verify itself
> reliably, the way it's currently designed).
