Even TAILS worries me slightly. Why? Homogeneity. The same thing that makes a freshly booted TAILS "clean" and exactly the same as any other freshly booted TAILS also means that it's a "known quantity" to an attacker.
A lot of obscure vulnerabilities that would normally require a "perfect storm" to be used together to compromise a system are much easier to construct once you know a lot about the target system. And it would be well worth the time for an attacker to develop an exploit that would work against all TAILS users.
In the same way the Firefox heap spraying attack was specifically targeted against users of the Tor Browser Bundle. There, homogeneity was a large part of victims' downfall. TAILS is arguably many times more homogeneous.
ASLR and related technologies are a (very very basic) start but we may not have better answers to things like this until we have the likes of binary diversity as described in http://lwn.net/Articles/565113/ being usable (Even then, a final binary compilation stage would need to be taken by an application user before use).
Edit: and yes, you don't need to point out that the TBB vulnerability did heap spraying in Firefox's JIT and so binary diversity would probably have been minimally effective.
A lot of obscure vulnerabilities that would normally require a "perfect storm" to be used together to compromise a system are much easier to construct once you know a lot about the target system. And it would be well worth the time for an attacker to develop an exploit that would work against all TAILS users.
In the same way the Firefox heap spraying attack was specifically targeted against users of the Tor Browser Bundle. There, homogeneity was a large part of victims' downfall. TAILS is arguably many times more homogeneous.
ASLR and related technologies are a (very very basic) start but we may not have better answers to things like this until we have the likes of binary diversity as described in http://lwn.net/Articles/565113/ being usable (Even then, a final binary compilation stage would need to be taken by an application user before use).
Edit: and yes, you don't need to point out that the TBB vulnerability did heap spraying in Firefox's JIT and so binary diversity would probably have been minimally effective.