Untrusted

From Wikipedia, the free encyclopedia

The term, "untrusted" is used exclusively in the field of computer science and information security to denote code from an unknown source that may be potentially harmful to a system. It is distinguished from "untrustworthy" or "distrusted" in that the code may be useful and completely benign, whereas the terms "untrustworthy" and "distrusted" suggest something about the subject (whether it is a person or thing) that suggests that the person or thing is not to be trusted. For example, an "untrustworthy person" suggests a person who has lied or cheated in the past, suggesting a propensity to lie or cheat in the future. A "distrusted person" suggests a person for whom a determination has been made that the person is not to be trusted. An "untrusted" code however, is simply code that has not met predefined requirements to be trusted, e.g., completed an authentication protocol to verify that it came from a trusted source.

In the field of information security, no opinion is necessarily made of untrusted software, which is generally permitted to run on a computer system, but with some protections. For example, the software may be executed in a sandbox.

In the field of telecommunication, random bit errors are quite common. Therefore, a packet of information is usually isolated in a (untrusted) buffer until the redundancy check shows it is free from errors.

In the field of cryptography, BAN logic assumes that all information exchanges happen on mediums vulnerable to tampering and public monitoring. This has evolved into the popular security mantra, "Don't trust the network." Therefore, messages are usually considered untrusted until the message authentication code shows it is free from tampering.