| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Code signing |
From: "Geo"
This is a multi-part message in MIME format.
------=_NextPart_000_0041_01C6D526.75315A40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Yes, in cases of security I think the default should be to assume the =
user is an idiot and if not then they can prove it by googling to find =
out how to turn the option to the setting they want.
The problem with prompting is that the prompt never gives enough =
information for the average home user to make an informed decision.
Note, I'm not saying make it impossible like executable attachments in =
Outlook where you could only turn the blocking off if you had an = exchange
server, I'm saying just require that the user be intelligent = enough to
find the default settings and change them to their liking.
A prompt that says "this is dangerous, are you sure?" is just
asking for = trouble.
Geo.
"Rich" wrote in message news:450437bd{at}w3.nls.net...
The default is to prompt. Are you claiming the default should be =
to not give users a choice?
Rich
"Geo" wrote in message
news:4503c7eb{at}w3.nls.net...
If some people always want to make the decision and others always =
want the computer to make the decision, then the checkbox should be for =
those two choices. They do this all the time in IE, deny, prompt, allow, =
I happen to think that's a great solution. The problem is which should = be
the default and with all the security issues I think deny should be = for
about 95% of the things.
Geo.
"Rich" wrote in message news:4501a233{at}w3.nls.net...
You can either give users a choice or not. Someone will =
complain either way. There is no single best answer. In the scenarios =
where code signing applies, if the signature is valid it is intended for =
the user to make his own choices. This is not a safe vs. unsafe choice =
where you might be able to excuse bias toward the safe option.
Rich
"Antti Kurenniemi" wrote in =
message news:45019edc{at}w3.nls.net...
I didn't mean that signing is not necessarily untrustworthy, I =
mean that=20
implementing Yet Another Thingamajick Everyone Should Understand =
is *not* an=20
improvement in security because who the hell can keep up with =
all these=20
things? The more "security improvements" there are that require =
the end user=20
to understand and make decisions, the less they help security. =
For example,=20
take a look at the windows update website: if you have the IE =
download=20
blocker enabled, the website displays very friendly and helpful =
information=20
about how to disable it and download the file. Nice and helpful, =
yes? No, it=20
totally and utterly sucks, because it requires the user to have =
a grasp of=20
reality and understand *why* there is such a thing as a download =
blocker,=20
and *why* this particular site should be allowed to bypass it, =
and so on. I=20
bet more than half the users could be simply informed how to do =
the same and=20
install any worm or virus in the world, as long as the website =
had as easy=20
to follow information.
The answer to security is not to require the user to make every =
choice,=20
that's only shifting the problem from the producer to the =
consumer.
Antti Kurenniemi
(no, I don't know what *is* the answer, and even if I did I'm =
too drunk to=20
write much more now)
"Rich" wrote in message news:4500ee78$1{at}w3.nls.net...
No. You look at the signing certificate to see if you trust =
both the=20
signing party and the certification path. If you do not, do not =
trust the=20
signed entity. If something is not signed, you don't have even =
this option.=20
How do you choose what to trust?
The average Joe relies on the identity of the signing party =
alone and=20
assumes that the certification authorities that are not =
distrusted have been=20
vetted.
In practice, have you ever known this to be a problem with =
signed code?=20
How much actual malware do you hear of that is signed? I can't =
think of any=20
that wasn't some PR stunt by someone that signed a demo which he =
released=20
under his own name anyway.
Rich
"Antti Kurenniemi"
wrote in =
message=20
news:450054c1{at}w3.nls.net...
The concept of "signed" executables / activex / whatnot makes =
me want to
slap someone every time I see it mentioned. Yeah, sure, it's =
signed - now
what? Should I visit Redmond to ask someone if they really =
signed this, or
if this is just a trick - a message box saying this executable =
is signed?
The rate at which these new "improvements" keep popping up is =
such that no
average Joe can ever really know if he's being fooled or if it =
really is
legit...
Antti Kurenniemi
------=_NextPart_000_0041_01C6D526.75315A40
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Yes, in cases of security I think the =
default=20
should be to assume the user is an idiot and if not then they can prove = it by=20
googling to find out how to turn the option to the setting they=20
want.
The problem with prompting is that the =
prompt never=20
gives enough information for the average home user to make an informed=20
decision.
Note, I'm not saying make it
impossible =
like=20
executable attachments in Outlook where you could only turn the blocking = off if=20
you had an exchange server, I'm saying just require that the user be = intelligent=20
enough to find the default settings and change them to their=20
liking.
A prompt that says "this
is dangerous, =
are you=20
sure?" is just asking for trouble.
Geo.
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.