| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ralfml at alfray.com (Ralf) Subject: AW: 9/11 virus l8km7gr02@...akemail.com wrote: > As to your suggestion that the implicit behaviour of a doubleclick is a > problem, I think you're a bit off the mark. Users know that a > doubleclick will 'Open' whatever they click on, there's no ambiguity > there. The confusion only occurs when the user doesn't exactly know > what it is they're doubleclicking on. Hmmm, a UI poping up stating that the user is going to execute something and this may have a security impact (such as Eudora 5 does) is still a good idea. Security through fear? Surely not a positive marketing value. Typical behavior last time I removed a trojan from someone's computer: - Did you do anything? - No, I just read that weird email but I didn't do anything. - Really nothing at all? - Well I double-clicked that .scr but nothing happen, so no I didn't do anything. To go on with car references, there's a good reason for that bright red sticker stating you should not place your child in front of the airbag. It probably took a lot of legal fighting to get it there in the first place but as software vendors are not reliable for their actions... > users must be able to differentiate between executables and documents. That requires energy and willingness to learn. > To that end, however, user > interfaces must be clear and explicit when it comes to helping the user > differentiate the two. Wouldn't it be possible to create an OE addon that just does this the correct way? Isn't "helping" the user "forcing" him actually? I.e. implicitely admitting s/he can't make the right decision in the first place? R/
Powered by blists - more mailing lists