Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Security Through Annoyances?

Posted by timothy on from the must-have-started-as-a-joke dept.

techmuse writes "According to News.com, Microsoft's next version of Windows will let you know that you are looking at (supposedly) secure data by putting personalized text, such as the names of your dogs (a null list in my case), in window borders, and will also hide the data unless the window has no others on top of it. That should make it very usable, and speed adoption of security features -- especially among people who need to be able to see the data in two partially overlapping windows at once."

6 of 387 comments (clear)

  1. Is this type of attack really that prevalent by Dajur · · Score: 4, Interesting

    The article makes it sound like this is to prevent those web pages that make themselves full screen and look just like a desktop, but honestly how often is this tactic even used?

  2. It Could Be Worse by swdunlop · · Score: 4, Interesting

    Anyone else remember B2 operating environments, and some of the silliness involving assigning dedicated colors to the borders of windows to announce the sensitivity level of the data contained within?

    I can't wait for Microsoft to rediscover that feature.. B2 systems were great from an engineering point of view, but as far as usability went, it was so much complexity that users tended to try to defeat the security measures placed on them.

    --
    Weapons of Mass Analysis
  3. Re:So...... by RoLi · · Score: 5, Interesting
    Because any website can pop up a fake window with a little GIF of a lock in the corner.

    How can a website possibly fake the lock-icon which happens to be on the toolbar?

    But those dog names will be stored somewhere secure, that they can't access, so you know if you see them that your own computer is generating that data.

    Actually I think it's either a desperate try to distract users from real security problems (like the millions of servers that get infected each year despite MS being only a minor player on SQL and webservers, or the even more desktops...) or it's a clever plan to complete the big database in Redmond with the last thing they don't know about you yet: The names of your dogs.

    So far, I haven't heard about any "websites faking lock icons and doing nasty stuff", but even though Apache is a much larger target, all big worms hit IIS.

    I think somebody at Redmond still treats security as a 100% pure PR-problem. Just do anything about security, no matter how stupid the idea is, as long as it's from Microsoft, there will always be simple minds that will say:

    Makes sense

    Mod parent up: +1 funny please.

  4. Not how it works, but how it looks. by immanis · · Score: 5, Interesting

    Regardless of how much security this, in reality, will provide, it will provide a tremendous APPEARANCE of security.

    Sure, it may work. It may even work well. But the important thing from a sales standpoint is that it will look very secure. And that sells better than actual security. Given their posturing over security in the past year, this is right in line.

    --

    best web host ever

  5. Red and black borders by coyote-san · · Score: 4, Interesting

    Wrong metaphor.

    Look at any spy movie - classified material is in folders with red or black borders, the pages are marked, etc.

    I've done the same with some SSL-aware custom JSP tags. If you browse to the page over an unencrypted channel you don't see the material at all (it's blocked at the server), if you have an SSL connection there's a thick black border, and if you have an authenticated and recognized SSL connection there's a thick red border. The actual appearance is controlled by CSS stylesheets, so it could easily faked... but that's not the point. What's important is that the symbol is obvious enough to be clearly seen even if partly obscured, while subtle enough that it doesn't get in the way.

    In contrast, Microsoft's ideas are things that should be rejected out of hand by anyone with even a bit of security awareness. "Out of sight, out of mind" definitely applies here - if somebody sees a thick red or black border out of the corner of their eye they'll stop to lock the screen before walking away. But under Microsoft's oh-so-brilliant plan, there won't be any visual indication that they must lock their screen before dashing to the bathroom or to the coffee machine. Or joining a friend for lunch. Yet the confidential material will be available to anyone who cycles through the frames to see if there's anything interesting on the system.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  6. Security? by rice_burners_suck · · Score: 4, Interesting
    Security, huh? From the company that can't avoid the temptation to put scripting capabilities into the darnedest things? And for whom? The users that don't know the difference between a DOS prompt and a BSOD? Who can't figure out how to copy a file to a floppy disk (in WINDOWS!!!) and need to pay someone to do it? (I swear to God, some lady telephoned me and offered to pay me $80 USD to copy a file to a floppy disk, couldn't tell me how large it was (I asked to see if it would even fit), and I had to convince her to find a nearby geek to show her how to do it because anybody who charges for that is a dirty thieving son of a bitch. But I said it in nicer words.)

    Ok. Let me get this straight. There are people in some African country that send out emails with schemes like, "We need to transfer 500 million dollars into a bank account but we need your help! Give us all of your private information, including your name, SSN, bank account numbers, etc., and we will open an account in your name to perform this transfer. To compensate you, we will give you 20% of the money." And people answer emails like that and give out their personal information. Or, someone sticks a sign on a bank drop box that reads, "Out of order. Leave deposits with guard." And obviously dresses like a guard and stands next to the drop box with a cart, collecting deposits. (As if a BOX can be out of order!!!!!) There are thousands of schemes like this... these two come from Frank Abagnale's book The Art of the Steal. He jacked millions of dollars himself, so he should know: People are unconscious! They don't think about security. Heck, America can't figure out how to secure its borders when thousands of years ago, China came up with a solution that can be seen from space. If people can't figure out how to secure a border, which is a physical thing that is well documented and understood by everyone (just look at a map), how the heck do you expect to secure computer networks when people don't understand (or want to understand) the complex computer internals that need to be understood in order to combat this problem?

    Let me ask you a question... When was the last time you were rooted? On your desktop? Running Windows? I honestly doubt that anybody here has ever been compromised, even if running Windows 24x7 with an Internet connection and no firewall of any kind. You know why? Because most folks here understand what security means, at least conceptually, and wouldn't be stupid enough to enter their password (not that it secures anything under Windows) into some bogus window. Do you honestly think that putting your dog's name (or any other information, for that matter) into a window is going to solve any security problems for Joe Shmoe? NO WAY!

    The way I see things is simple: Market security to corporations. Sell them computer security services in which their entire network is secured against attack, and more importantly, their data is backed up. But the home Joe Shmoe users... let them screw up their computers with the biggest security threats: All these stupid screensavers, cursors, sounds, graphics, clutter, junk, crap, downloads, viruses, MS Outlook, and all the crap they download and execute without thinking... When their computer crashes and they come crying to me, I'll continue saying what I've been saying for the past ten years, "Where are your backups? Oh, you didn't make any?! Well, the only way I can fix this computer is by blowing everything off and reinstalling. Oh, well... Maybe you should take it to [insert name of a computer repair shop that charges outrageous prices to reinstall Windows for you] and have them fix it. They understand these things better than I do."

    If Microsoft really wanted to combat security problems, and I am 100% serious about what I am saying here, then they would forget all this B.S. and convince users to keep the clutter and the CRAP off their computers. Secondly, they would convince people to back up their data. Windows might suck, but I'm always more concerned about the mechan