[3491] in WWW Security List Archive
Re: NS Security Prompt Not for Novices
daemon@ATHENA.MIT.EDU (Kevin J. McMahon)
Thu Nov 7 20:32:37 1996
Date: Thu, 7 Nov 96 18:04 EST
From: "Kevin J. McMahon" <0003557428@mcimail.com>
To: www security <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Dave Kinchlea and David W. Morris wrote:
>[lots of stuff about the merits or lack of warning users about downloaded
>software].
The most basic problem in security is that the end user is not even
aware that there is a problem. Many of the Unix vendors have taken
a beating because their software is inherently vulnerable, out of the
box, with no warning to the users. I think Netscape should be applauded
for their inclusion of such a warning. Granted, there are probably
better ways of implementing this; but at least they have made the initial
attempt.
Suggestions, like allowing the site to be marked as trusted, are the
kinds of thing that I would hope Netscape would consider in a future
release.
Some confusion is bound to occur with even the best implementation.
At least people will be made aware that there is an issue. If they
don't understand it they will, hopefully, ask someone about it and become
better educated in the process.
Security is defined as inconvenience. It is a rare bird indeed that
is more secure and easier to use.
Just my $0.02.
Kevin J. McMahon
MCI Technical Security
