[3479] in WWW Security List Archive
Re: NS Security Prompt Not for Novices
daemon@ATHENA.MIT.EDU (Dave Kinchlea)
Thu Nov 7 08:26:55 1996
Date: Thu, 7 Nov 1996 02:18:28 -0800 (PST)
From: Dave Kinchlea <security@kinch.ark.com>
Reply-To: Dave Kinchlea <security@kinch.ark.com>
To: "David W. Morris" <dwm@xpasc.com>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.GSO.3.95.961107002708.27154B-100000@shell1.aimnet.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Thu, 7 Nov 1996, David W. Morris wrote:
> > > I am not sure what your point is here, nor do I know what you mean by a
> > `basic user'. This all seems pretty clear to me: Netscape is warning you
>
> My point is that this warning provides no information which a normal/basic
> user could reasonably be expected to make a decision on what the safe
> response is. I define a 'basic' user as almost anyone for whom a computer
Obviously, I disagree.
> is a tool and not an end onto itself. All of my siblings are computer
Don't know anybody who thinks of a computer as `an end onto itself'. All a
computer is IS a tool.
> literate and would have no idea how to respond to this message or even
> what to do except call me for advice. Frankly a fair percentage of
> the internet application developers I work with would have difficulty with
> the analysis.
We must come across a very different breed of people, I guess. While I do
know many novice (note, not `basic' or `normal' but novice) users who
*would* be confused by the message/notice provided, I can't think of any
message that would suffice to help them out. Sure, you could write a
screenfull of explanations (and a link to such a screen wouldn't be a bad
idea) but I guarantee that nobody would read it. The message provided had
all of the necessary information in it and I still think is quite
reasonable. If they are going to blindly click OK, then they will do it
regardless of the message.
>
> The message talks about being careful about downloading files from
> untrusted sites but doesn't specify the site the file came from. It
> also doesn't show the file in question.
You already KNOW the site it came from, you clicked the button didn't you?
Same comment for the file (if you have decided not to look at what you are
clicking, that is a different matter).
> Then to offer the granularity of don't prompt again for this application
> again is totally worthless in the context of a message box which talks
> about trusting download sites. I reasonably trust the application, it
> came with Windows but I have no idea if the application (like Word or
> javac) can be contaminated by the data it handles. To enable a user to
> follow the Netscape suggestion of caution about the site they download
> from the issues isn't if the application is asked about in the future but
> if the download site is asked about. And one of the choices should be
> to not prompt AND not run the application, as well as trust the site
> in the future or prompt for this site in the future or not prompt and
> not accept files from the site in the future.
Ya sure, and `basic' users are going to be able to figure out all of these
options? Hell I am having a tough time parsing this and I DO know what you
are talking about. KISS is the principle here. (Besides, I find the idea
of trusting the *site* silly at best, it is the application+data that you
are trusting not the site that provided it).
> All this prompt will accomplish is to teach the average user to
> click OK to yet another annoyiung message box from the computer.
If users wish to remain ignorant, I know of no way to stop them and
believe me, I have tried. What this does, in my view, is provide a user
with information they may not have known, that is that Netscape can be
coerced into doing nasty things on your computer. People can choose to do
what they like with that information. If it is something they don't
understand, they have the opportunity to learn about something they didn't
know about previously.
[...]
> > key on the well known word "malicious". Only a fool would blindly say yes
> > to this if they didn't understand what was happening (and yes, there are a
> > lot of fools but how is that Netscape's problem?).
>
> Its their problem when even experiences users have to work to figure out
> what the response should be.
Well, maybe I am just some super bright person, I don't know, but I NEVER
found this confusing. Mind you, I go by the principle, if in doubt DON'T
DO IT.
Are you sure you want to do this? NO
> >
> > While the 8.3 limits on names sometimes makes it difficult to know what
> > the Application is, I don't believe there is too much difficulty in
> > determining that this is the Sound Recorder (32 bit version) but that is
>
> for who do you believe this isn't too difficult? Surely that is a key
> point ... if you don't know what the application is how do you figure out
> if there is any risk running the application on a downloaded file?
Well, in this case, sndrec32.exe is hardly an unknown application but, if
in doubt DON'T DO IT. What would you have Netscape do? List all possible
applications and tell the user which ones are safe? Perhaps you would
prefer that they supply all the applications so that they know they are
safe? How would adding any of the information that you asked for above
(ie: which site, extra options etc) help you with this last question? I
ask you again, what is your alternative?
>
> > neither here nor there.
>
> And is a *.wav file dangerous?
Perhaps the contents ;-( Seriously, I don't see how a sound file can be
considered dangerous but, as I said, that is neither here nor there.
Actually, your example sucks, a better one that makes your points clearer
is PostScript which actually *could* do some damage. Not that I would
change my mind on this, Netscape can't know what application you have
chosen to use to view postscript, some are safe some are not.
cheers, kinch
