S
Steve
Excerpts from
http://www.schneier.com/blog/archives/2006/04/microsoft_vista.html
Modern operating systems like Linux and Mac OS X operate under a
security model where even administrative users don't get full access
to certain features unless they provide an in-place logon before
performing any task that might harm the system. This type of security
model protects users from themselves, and it is something that
Microsoft should have added to Windows years ago.
Here's the good news. In Windows Vista, Microsoft is indeed moving to
this kind of security model. The feature is called User Account
Protection (UAP) and, as you might expect, it prevents even
administrative users from performing potentially dangerous tasks
without first providing security credentials, thus ensuring that the
user understands what they're doing before making a critical mistake.
It sounds like a good system. But this is Microsoft we're talking
about. They completely botched UAP.
The bad news is that UAP is a sad joke. It's the most annoying feature
that Microsoft has ever added to any software product. The problem
with UAP is that it throws up warning dialogs for even the simplest of
tasks.
The dialogs stack up, one after the other, in a seemingly never-ending
display of stupidity. Sometimes you'll find yourself unable to do
certain things for no good reason, and you click Allow buttons until
you're blue in the face.
The problem with the Security Through Endless Warning Dialogs school
of thought is that it doesn't work. All those earnest warning dialogs
blend together into a giant "click here to get work done" button that
nobody bothers to read any more. The operating system cries wolf so
much that when a real wolf rolls around, you'll mindlessly allow it
access to whatever it wants, just out of habit.
These dialog boxes are not security for the user, they're CYA security
from the user. When some piece of malware trashes your system,
Microsoft can say: "You gave the program permission to do that, it's
not our fault."
Warning dialog boxes are only effective if the user has the ability to
make intelligent decisions about the warnings. If the user cannot do
that, they're just annoyances. And they're annoyances that don't
improve security.
--
The wages of sin are death,
but by the time taxes are taken out,
it's just sort of a tired feeling.
....Paula Poundstone
http://www.schneier.com/blog/archives/2006/04/microsoft_vista.html
Modern operating systems like Linux and Mac OS X operate under a
security model where even administrative users don't get full access
to certain features unless they provide an in-place logon before
performing any task that might harm the system. This type of security
model protects users from themselves, and it is something that
Microsoft should have added to Windows years ago.
Here's the good news. In Windows Vista, Microsoft is indeed moving to
this kind of security model. The feature is called User Account
Protection (UAP) and, as you might expect, it prevents even
administrative users from performing potentially dangerous tasks
without first providing security credentials, thus ensuring that the
user understands what they're doing before making a critical mistake.
It sounds like a good system. But this is Microsoft we're talking
about. They completely botched UAP.
The bad news is that UAP is a sad joke. It's the most annoying feature
that Microsoft has ever added to any software product. The problem
with UAP is that it throws up warning dialogs for even the simplest of
tasks.
The dialogs stack up, one after the other, in a seemingly never-ending
display of stupidity. Sometimes you'll find yourself unable to do
certain things for no good reason, and you click Allow buttons until
you're blue in the face.
The problem with the Security Through Endless Warning Dialogs school
of thought is that it doesn't work. All those earnest warning dialogs
blend together into a giant "click here to get work done" button that
nobody bothers to read any more. The operating system cries wolf so
much that when a real wolf rolls around, you'll mindlessly allow it
access to whatever it wants, just out of habit.
These dialog boxes are not security for the user, they're CYA security
from the user. When some piece of malware trashes your system,
Microsoft can say: "You gave the program permission to do that, it's
not our fault."
Warning dialog boxes are only effective if the user has the ability to
make intelligent decisions about the warnings. If the user cannot do
that, they're just annoyances. And they're annoyances that don't
improve security.
--
The wages of sin are death,
but by the time taxes are taken out,
it's just sort of a tired feeling.
....Paula Poundstone
)