From: "Robert Comer" 

I can see how a button should be there to "Never trust" alongside
the "Always trust" button.  Just to cut down on prompts later
on...

--
Bob Comer


"Rich"  wrote in message news:450437bd{at}w3.nls.net...
   The default is to prompt.  Are you claiming the default should be to not
give users a choice?

Rich
  "Geo"  wrote in message
news:4503c7eb{at}w3.nls.net...
  If some people always want to make the decision and others always want the
computer to make the decision, then the checkbox should be for those two
choices. They do this all the time in IE, deny, prompt, allow, I happen to
think that's a great solution. The problem is which should be the default
and with all the security issues I think deny should be for about 95% of
the things.

  Geo.
    "Rich"  wrote in message news:4501a233{at}w3.nls.net...
       You can either give users a choice or not.  Someone will complain
either way.  There is no single best answer.  In the scenarios where code
signing applies, if the signature is valid it is intended for the user to
make his own choices.  This is not a safe vs. unsafe choice where you might
be able to excuse bias toward the safe option.

    Rich
      "Antti Kurenniemi" 
wrote in message
news:45019edc{at}w3.nls.net...
      I didn't mean that signing is not necessarily untrustworthy, I mean
that
      implementing Yet Another Thingamajick Everyone Should Understand is
*not* an
      improvement in security because who the hell can keep up with all
these
      things? The more "security improvements" there are that require the
end user
      to understand and make decisions, the less they help security. For
example,
      take a look at the windows update website: if you have the IE download
      blocker enabled, the website displays very friendly and helpful
information
      about how to disable it and download the file. Nice and helpful, yes?
No, it
      totally and utterly sucks, because it requires the user to have a
grasp of
      reality and understand *why* there is such a thing as a download
blocker,
      and *why* this particular site should be allowed to bypass it, and so
on. I
      bet more than half the users could be simply informed how to do the
same and
      install any worm or virus in the world, as long as the website had as
easy
      to follow information.

      The answer to security is not to require the user to make every
choice,
      that's only shifting the problem from the producer to the consumer.


      Antti Kurenniemi
      (no, I don't know what *is* the answer, and even if I did I'm too
drunk to
      write much more now)

      "Rich"  wrote in message news:4500ee78$1{at}w3.nls.net...
         No.  You look at the signing certificate to see if you trust both
the
      signing party and the certification path.  If you do not, do not trust
the
      signed entity.  If something is not signed, you don't have even this
option.
      How do you choose what to trust?

         The average Joe relies on the identity of the signing party alone
and
      assumes that the certification authorities that are not distrusted
have been
      vetted.

         In practice, have you ever known this to be a problem with signed
code?
      How much actual malware do you hear of that is signed?  I can't think
of any
      that wasn't some PR stunt by someone that signed a demo which he
released
      under his own name anyway.

      Rich

        "Antti Kurenniemi" 
wrote in message
      news:450054c1{at}w3.nls.net...

        The concept of "signed" executables / activex / whatnot makes me
want to
        slap someone every time I see it mentioned. Yeah, sure, it's
signed - now
        what? Should I visit Redmond to ask someone if they really signed
this, or
        if this is just a trick - a message box saying this executable is
signed?
        The rate at which these new "improvements" keep popping up is such
that no
        average Joe can ever really know if he's being fooled or if it
really is
        legit...


        Antti Kurenniemi

--- BBBS/NT v4.01 Flag-5