Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Security Through Annoyances?

Posted by timothy on from the must-have-started-as-a-joke dept.

techmuse writes "According to News.com, Microsoft's next version of Windows will let you know that you are looking at (supposedly) secure data by putting personalized text, such as the names of your dogs (a null list in my case), in window borders, and will also hide the data unless the window has no others on top of it. That should make it very usable, and speed adoption of security features -- especially among people who need to be able to see the data in two partially overlapping windows at once."

16 of 387 comments (clear)

  1. So...... by PS-SCUD · · Score: 4, Insightful

    How is that more secure than the little combination lock icon?

    --


    "Much work is lost, for the lack of a little more." -Edward H. Harriman
    1. Re:So...... by molo · · Score: 5, Insightful

      Maybe MS shouldn't let remote web pages control how my windows look. I *want* the status, button, and menu bars. Allowing remote pages to remove them is a bug IMO. Mozilla, yum.

      --
      Using your sig line to advertise for friends is lame.
    2. Re:So...... by Psx29 · · Score: 4, Insightful

      What about public computer terminals though?

  2. One problem solved by El+Cubano · · Score: 3, Insightful
    From the article:

    Graphics cards are a security problem, because they contain their own pool of memory.

    MS could just drop support for all video cards that have their own memory in favor of ones with integrated or shared memory (a la i810 family). Then the OS can have direct control over every aspect of the cards memory because it actually resides in main memory.

    1. Re:One problem solved by cyberformer · · Score: 4, Insightful

      This just about says it all. A security problem for whom?

      Ask any computer user, from a home web surfer to an IT manager, what they consider to be the worst security threats. My guess is they would list things like MS Outlook viruses, buffer overflows, ActiveX controls, spam and Gator. Would anyone but the MPAA mention graphics cards?

    2. Re:One problem solved by BJH · · Score: 5, Insightful

      No, what they're trying to do is this: provide a cryptographically-guaranteed path for data to the graphics card, that cannot be intercepted.

      What this allows is secure playback of DRM-protected material, in such a way that it is impossible for the user to grab the data.

      Once manufacturers jump on the bandwagon, you'll end up with a PC with "Palladium-enhanced" components, such as the DVD drive, hard drive, video card and sound card, where you are unable to do anything at all with data streams from sources (the HDD or DVD drive) to sinks (the video or sound card) that's not permitted by the supplier of that data. In other words, forget ripping your DVDs or CDs.

    3. Re:One problem solved by OeLeWaPpErKe · · Score: 3, Insightful

      The security problem is not that anyone else might access your data that way. The problem is that *YOU* might access your data that way.

  3. a half good idea... by cubal · · Score: 3, Insightful

    the window borders thing isn't a bad idea, but as for making content disappear in the background... "hullooo, earth to microsoft"

  4. Wow this is...So...Great....? by Azureflare · · Score: 3, Insightful
    What the...What does this mean? Secure data will have different looking windows? Shouldn't they be concentrating on other things, such as actual security vulnerabilities? Seems like they're trying to say "look we're paying attention to security!" without actually doing anything that is effective...

    All I know is, I'm not buying Longhorn; I don't need MS holding my hand wherever I go. This seems like just another "feature" where something can go wrong...

  5. Re:Is this type of attack really that prevalent by seinman · · Score: 4, Insightful

    Not much now, because people aren't expecting everything to be so secure. In the future, when it's expected that what you're looking at is secure, attacks like this could be come more widespread.

  6. But what does "Security" mean? by subreality · · Score: 4, Insightful

    While I agree that security should be easy, you can only dumb it down so much. If the entire knowledge that the user has is that a window is "secure", they are only getting a warm fuzzy feeling, not real security.

    For real security, you need to know WHAT has been secured. Examples include:

    Data was encrypted in transit.
    Data is authenticated to come from XXX source, according to YYY certificate authority.
    This window is protected from being viewed by PCAnywhere.
    This data has DRM, and is protected from being copied to another computer.

    Unless you tell the user WHAT the security is, they will make poor decisions about what to do with the data. Putting the name of their dog on the window doesn't provide that information.

  7. This is like "inventing" a problem by nirbasito · · Score: 3, Insightful

    How does vanishing data from a secure window when its not on top anymore makes the data substansially more secure? If anyone has allready hacked into that system it maybe safely assumed that he has access to memory... I agree it is safer in case you are watching porn and someone walks into the room...but in real business world people view confidential information when they know that there is no one to look upon their shoulders. IMHO this is just another gimmick ....."OH look I have a secure window!! I dont care if I open this strange looking attachment that came by email .....ZAP!!!"

  8. Re:How does Microsoft know my dogs' names? by cosyne · · Score: 4, Insightful

    All your pets' names are belong to Microsoft?

    Seriously, given the number of people who use a pet's name for a password, displaying a list of them on the screen seems like a huge security risk.

  9. I'll tell you why it's great... by lpret · · Score: 3, Insightful
    9 times out of 10 the only way to get information or whatnot is through social engineering. Kevin Mitnick is a prime example. For all of his uber-tech prowess, he still relies on fooling people into giving him access/information. Even his technical work has social aspects that are key to the success of the crack.

    Furthermore, I think that this could turn out to help security much more than some obscure feature. It is this low-level, "no shit sherlock" kind of basic security that is much more needed.

    --
    This is my digital signature. 10011011001
  10. Doesn't make sense to me by einhverfr · · Score: 5, Insightful

    It is fundamentally possible to target the weakest link of any security system. If I cannot create a lookalike window, then I just have to trick Windows into doing that for me. For example, the mere fact that I have an SSL certificate does not mean that you are safe submitting your credit card to my site, although it means you know who I am and can contact me or my company if something happens. SSL requires, in order to be effective, a visible address, and a popup window with no address bar has no way of verifying the address for the customer ;-) So I already have a way of attacking this trust and at least making it hard for the user to track me down.

    Tricks like these are not addressed by this approach which means that Microsoft still hasn't learned that con artists are probably the most likely to be able to get your confidential information ;-)

    --

    LedgerSMB: Open source Accounting/ERP
  11. Re:Not so secure by zurab · · Score: 4, Insightful

    Hmm, okay, so let's say I make a Microsoft-ish spoof page with a border that has "king", "snoopy" or "brutus" all around, and half the visitors will recognise their page with their unique pooch's name on it, and will give me their credit card number in total confidence. Hmmm ....

    I was thinking that too. Then I read the article:

    "A hacker can create a spoof page with dogs' names running along the border but, in all likelihood, not one reading "Buffy, Skip and Jack Daniels--and in that order," Biddle said."

    True, but anyone could just create a similar-looking window, and just put words "Secure Window" instead of "Buffy, Skip and Jack Daniels". Guess which one will look to be secure and which one will not.

    Also, if this system is not clearly explained to non-savvy users (and I am guessing it will not be), then there will be other implications as well - such as people typing in their passwords, or realizing their pet name *is* their password, etc. I look forward to how they implement this and confuse users.