lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F613BBF.9080001@alfray.com>
From: ralfml at alfray.com (Ralf)
Subject: AW: 9/11 virus

l8km7gr02@...akemail.com wrote:
> As to your suggestion that the implicit behaviour of a doubleclick is a
> problem, I think you're a bit off the mark.  Users know that a
> doubleclick will 'Open' whatever they click on, there's no ambiguity
> there.  The confusion only occurs when the user doesn't exactly know
> what it is they're doubleclicking on.

Hmmm, a UI poping up stating that the user is going to execute something 
and this may have a security impact (such as Eudora 5 does) is still a 
good idea. Security through fear? Surely not a positive marketing value.

Typical behavior last time I removed a trojan from someone's computer:
- Did you do anything?
- No, I just read that weird email but I didn't do anything.
- Really nothing at all?
- Well I double-clicked that .scr but nothing happen, so no I didn't do 
anything.

To go on with car references, there's a good reason for that bright red 
sticker stating you should not place your child in front of the airbag. 
It probably took a lot of legal fighting to get it there in the first 
place but as software vendors are not reliable for their actions...


> users must be able to differentiate between executables and documents.

That requires energy and willingness to learn.


 > To that end, however, user
> interfaces must be clear and explicit when it comes to helping the user
> differentiate the two.

Wouldn't it be possible to create an OE addon that just does this the 
correct way?
Isn't "helping" the user "forcing" him actually? I.e. implicitely 
admitting s/he can't make the right decision in the first place?

R/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ