Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Security Through Annoyances?

Posted by timothy on from the must-have-started-as-a-joke dept.

techmuse writes "According to News.com, Microsoft's next version of Windows will let you know that you are looking at (supposedly) secure data by putting personalized text, such as the names of your dogs (a null list in my case), in window borders, and will also hide the data unless the window has no others on top of it. That should make it very usable, and speed adoption of security features -- especially among people who need to be able to see the data in two partially overlapping windows at once."

10 of 387 comments (clear)

  1. So...... by PS-SCUD · · Score: 4, Insightful

    How is that more secure than the little combination lock icon?

    --


    "Much work is lost, for the lack of a little more." -Edward H. Harriman
    1. Re:So...... by molo · · Score: 5, Insightful

      Maybe MS shouldn't let remote web pages control how my windows look. I *want* the status, button, and menu bars. Allowing remote pages to remove them is a bug IMO. Mozilla, yum.

      --
      Using your sig line to advertise for friends is lame.
    2. Re:So...... by Psx29 · · Score: 4, Insightful

      What about public computer terminals though?

  2. Re:Is this type of attack really that prevalent by seinman · · Score: 4, Insightful

    Not much now, because people aren't expecting everything to be so secure. In the future, when it's expected that what you're looking at is secure, attacks like this could be come more widespread.

  3. But what does "Security" mean? by subreality · · Score: 4, Insightful

    While I agree that security should be easy, you can only dumb it down so much. If the entire knowledge that the user has is that a window is "secure", they are only getting a warm fuzzy feeling, not real security.

    For real security, you need to know WHAT has been secured. Examples include:

    Data was encrypted in transit.
    Data is authenticated to come from XXX source, according to YYY certificate authority.
    This window is protected from being viewed by PCAnywhere.
    This data has DRM, and is protected from being copied to another computer.

    Unless you tell the user WHAT the security is, they will make poor decisions about what to do with the data. Putting the name of their dog on the window doesn't provide that information.

  4. Re:One problem solved by cyberformer · · Score: 4, Insightful

    This just about says it all. A security problem for whom?

    Ask any computer user, from a home web surfer to an IT manager, what they consider to be the worst security threats. My guess is they would list things like MS Outlook viruses, buffer overflows, ActiveX controls, spam and Gator. Would anyone but the MPAA mention graphics cards?

  5. Re:How does Microsoft know my dogs' names? by cosyne · · Score: 4, Insightful

    All your pets' names are belong to Microsoft?

    Seriously, given the number of people who use a pet's name for a password, displaying a list of them on the screen seems like a huge security risk.

  6. Re:One problem solved by BJH · · Score: 5, Insightful

    No, what they're trying to do is this: provide a cryptographically-guaranteed path for data to the graphics card, that cannot be intercepted.

    What this allows is secure playback of DRM-protected material, in such a way that it is impossible for the user to grab the data.

    Once manufacturers jump on the bandwagon, you'll end up with a PC with "Palladium-enhanced" components, such as the DVD drive, hard drive, video card and sound card, where you are unable to do anything at all with data streams from sources (the HDD or DVD drive) to sinks (the video or sound card) that's not permitted by the supplier of that data. In other words, forget ripping your DVDs or CDs.

  7. Doesn't make sense to me by einhverfr · · Score: 5, Insightful

    It is fundamentally possible to target the weakest link of any security system. If I cannot create a lookalike window, then I just have to trick Windows into doing that for me. For example, the mere fact that I have an SSL certificate does not mean that you are safe submitting your credit card to my site, although it means you know who I am and can contact me or my company if something happens. SSL requires, in order to be effective, a visible address, and a popup window with no address bar has no way of verifying the address for the customer ;-) So I already have a way of attacking this trust and at least making it hard for the user to track me down.

    Tricks like these are not addressed by this approach which means that Microsoft still hasn't learned that con artists are probably the most likely to be able to get your confidential information ;-)

    --

    LedgerSMB: Open source Accounting/ERP
  8. Re:Not so secure by zurab · · Score: 4, Insightful

    Hmm, okay, so let's say I make a Microsoft-ish spoof page with a border that has "king", "snoopy" or "brutus" all around, and half the visitors will recognise their page with their unique pooch's name on it, and will give me their credit card number in total confidence. Hmmm ....

    I was thinking that too. Then I read the article:

    "A hacker can create a spoof page with dogs' names running along the border but, in all likelihood, not one reading "Buffy, Skip and Jack Daniels--and in that order," Biddle said."

    True, but anyone could just create a similar-looking window, and just put words "Secure Window" instead of "Buffy, Skip and Jack Daniels". Guess which one will look to be secure and which one will not.

    Also, if this system is not clearly explained to non-savvy users (and I am guessing it will not be), then there will be other implications as well - such as people typing in their passwords, or realizing their pet name *is* their password, etc. I look forward to how they implement this and confuse users.