Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

pudge (1)

pudge
  (email not shown publicly)
http://pudge.net/
AOL IM: Crimethnk (Add Buddy, Send Message)

I run this joint, see?

Journal of pudge (1)

Monday May 09, 2005
06:33 PM

Are You Sure You Want To Do That Which You Don't Understand?

[ #24603 ]

Part of Apple's security paradigm is to ask the user before potentially dangerous actions are executed. This sounds nice, but it has a serious flaw: the users don't understand the questions or the proposed answers.

This cropped up recently when a user noted that Dashboard widgets can install and execute automatically from a web page. The question is asked: what about malicious widgets? Widgets can only execute certain actions -- like network access -- if they declare their intentions, and if they do, the user is asked something to the effect of, "Do you want to use this widget?" when it is run for the first time.

Me, if that window pops up when I haven't told the computer explicitly to install and run a widget, I'll say no. But most people won't. Most people don't understand what a widget is, why it might have been installed and run, and what might happen if they say yes, and what might happen if they say no.

Apple used the same "fix" for the running new applications for the first time when it is being run via a protocol handler or a file. "You've never run this application, are you sure you want to run it now?" Sure, why not?

The real fix there is to not ever launch an application for the first time -- ever -- unless explicitly run by a user action. That's not complicated. But Apple wants to be able to have applications, when they first appear on a new volume, registered with the system, register file and protocol handlers. But they shouldn't. That is the security problem itself.

Similarly, with Dashboard widgets, launching them in any way except through the Dashboard UI should simply be disallowed. You can install it by double-clicking, but not execute it. That would go a long way toward protecting ignorant users, which is most of them, probably including me and anyone else reading this, as there's a lot about these systems we don't know all that well.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • I think this is a specific case of the general trend in PCs: people want control over the machine, but are not interested in learning to do so competently.

    My hero would be someone who comes up with a way to give people enough control to make them happy, while still making it hard for them to fall prey to malware. I don't think it's possible, though.
    • people want control over the machine [...] are not interested in learning to do so competently.

      Even though that might be the case sometimes, I'm pretty sure many users out there are interested, but just don't have what it takes, which includes resources (somebody teaching them, perhaps), sufficient knowledge to support what they're about to learn, etc.

      Actually, I don't even think some of them would understand the concept of having "control over the machine"... many of them think they already have it :-

  • I know it's a design guideline for the Windows teams (long web page about this somewhere, can't find at the moment) that basically says: if the user won't understand the message and/or there's nothing they can do about it, there's no point in prompting them.

    The discussion came out of the installer asking questions like "I've found a different version of FOO.DLL, would you like to replace it?". Grandma isn't going to understand that. Even someone with experience might not be sure how to answer that. (If
  • One of the problems with development of large programs/systems is that errors/conditions seem to get summarized, more and more, the closer they get to the user. This tends to remove most of the useful information for the knowledgable end-user. Even if the errors are annotated as they move up the call tree, there is a tendancy to only display one unified message to the user -- I'm assuming to avoid confusing them.

    Just yesterday on my Mac, Norton AntiVirus said something meaningfull like "Virus updated fail