Slashdot Mirror
Windows Security Through Annoyances?
techmuse writes "According to News.com,
Microsoft's next version of Windows will let you know that you are looking
at (supposedly) secure data by putting personalized text, such as the names
of your dogs (a null list in my case), in window borders, and will also hide
the data unless the window has no others on top of it. That should make it very usable, and speed adoption of security features -- especially among
people who need to be able to see the data in two partially overlapping
windows at once."
How is that more secure than the little combination lock icon?
"Much work is lost, for the lack of a little more." -Edward H. Harriman
Information on secured windows will vanish if another window is placed on top of it or shifted to the background. Erasing the information will prevent certain types of attacks and remind people that they're dealing with confidential material, Biddle said
What kinds of attacks would those be? The over the shoulder snoop sort?
Instead of adding new and experimental UI features, why not use a feature found on nearly every OS and that most end users will recognize - in this case, the lock symbol that indicates whether you're on a secure site or not. Obviously such a symbol would need to be something sufficiently different, but this is a well established (despite being lacking any standard specification) UI element that would require nearly no new training by the end user.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
New Madlibs for Slashdot! Now you too can create Slashdot Stories with these fun, GNU Madlibs!
For example:
Windows ____________ through Annoyances~
or
It's a great new __________ but can it run _______?
And the all time favorite, In _______ the ________ ___________s onto you!
"We are the music makers, and we are the dreamers of dreams."
Graphics cards are a security problem, because they contain their own pool of memory.
MS could just drop support for all video cards that have their own memory in favor of ones with integrated or shared memory (a la i810 family). Then the OS can have direct control over every aspect of the cards memory because it actually resides in main memory.
So to use this new super-secure Windows I'll have to type in huge lists of information that is boring to me?
the window borders thing isn't a bad idea, but as for making content disappear in the background... "hullooo, earth to microsoft"
The article makes it sound like this is to prevent those web pages that make themselves full screen and look just like a desktop, but honestly how often is this tactic even used?
"Information on secured windows will vanish if another window is placed on top of it or shifted to the background. Erasing the information will prevent certain types of attacks and remind people that they're dealing with confidential material, Biddle said." /. crowd a favor. No more rushing to minimize a window when your boss walks by. Just make slashdot a 'secured' page and Alt-Tab anything else over top it. *POOF* it appears like you've been working all along!
Microsoft is finally doing the
[Fuck Beta]
o0t!
Is that 'Microsoft' secure or 'secure' secure?
Besides, I've always found that the little lock in the Mozilla window works fine.
That's not a soda... it's a caffeine delivery device!
Anyone else remember B2 operating environments, and some of the silliness involving assigning dedicated colors to the borders of windows to announce the sensitivity level of the data contained within?
I can't wait for Microsoft to rediscover that feature.. B2 systems were great from an engineering point of view, but as far as usability went, it was so much complexity that users tended to try to defeat the security measures placed on them.
Weapons of Mass Analysis
All I know is, I'm not buying Longhorn; I don't need MS holding my hand wherever I go. This seems like just another "feature" where something can go wrong...
Hmm, okay, so let's say I make a Microsoft-ish spoof page with a border that has "king", "snoopy" or "brutus" all around, and half the visitors will recognise their page with their unique pooch's name on it, and will give me their credit card number in total confidence. Hmmm ....
Sounds like a crappy idea actually.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
They should constantly play the red alert sound from star trek at full volume whenever the secure window has focus.
Sure, it's all well and good to display sensitive information with a special border, but what if someone writes down what they see and then leaves it just lying around? Where's your special borders then?
The solution is obvious: don't display the data at all!
I've discovered this feature of windowed GUIs a long time ago - you cake take virtually any window, place it over your current window and POOF! the data vanishes, completely obsucred by the new window on top of it. Isn't it neat?
sic transit gloria mundi
While I agree that security should be easy, you can only dumb it down so much. If the entire knowledge that the user has is that a window is "secure", they are only getting a warm fuzzy feeling, not real security.
For real security, you need to know WHAT has been secured. Examples include:
Data was encrypted in transit.
Data is authenticated to come from XXX source, according to YYY certificate authority.
This window is protected from being viewed by PCAnywhere.
This data has DRM, and is protected from being copied to another computer.
Unless you tell the user WHAT the security is, they will make poor decisions about what to do with the data. Putting the name of their dog on the window doesn't provide that information.
You call those annoyances? I call annoyances, opening a slashdot article and finding five topic icons going down the side of the screen.
A programmer is a machine for converting coffee into code.
Expect your wife to receive hard copies of that 'questionable' pornography you enjoy so much from the van Eck'ing P.I. she hired (he looks like Tom Selleck :-)
Paranoia Strikes Deep
-boi
Regardless of how much security this, in reality, will provide, it will provide a tremendous APPEARANCE of security.
Sure, it may work. It may even work well. But the important thing from a sales standpoint is that it will look very secure. And that sells better than actual security. Given their posturing over security in the past year, this is right in line.
best web host ever
That would be tempest monitoring.
Bad boys rape our young girls but Violet gives willingly.
How does vanishing data from a secure window when its not on top anymore makes the data substansially more secure? If anyone has allready hacked into that system it maybe safely assumed that he has access to memory... I agree it is safer in case you are watching porn and someone walks into the room...but in real business world people view confidential information when they know that there is no one to look upon their shoulders. IMHO this is just another gimmick ....."OH look I have a secure window!! I dont care if I open this strange looking attachment that came by email .....ZAP!!!"
You *might* disbelieve the article because it comes from news.com.com, but I personally find them to be the highest caliber of news organization.
Right up there with the LA Times, The National Enquirer, and the Weekly World News.
I currently have no clever signature witicism to add here.
Why not secure the interface so hackers CAN'T pop up a new window outside the client window area!!
Oh wait, that would deprive MS of ad revenue...
No no, much easier to put up a purty border of your kids middle hyphenated names because malicious hackers would never figure out where that configuration information is stored (regedit).
"Honey, why does Thomas-Clark's name keep appearing in the border of my window underneath this ad for a web cam?"
...from Microsoft. Pay no attention to what's going on behind the software curtain, just watch something soothing and comfortable like pet names on your window borders and trust someone else to be your data security nanny. Just more dumbing down of computer users, if you ask me (Score:5, Pessimistic)
This IS a great thing, it's called a trusted path. This is a security concept that's been around for a long time, but isn't widely implemented. You may be familiar with another trusted path mechanism in windows, the log in screen. It requires you to hit CTRL-ALT-DELETE to login, this is done to prevent fake login programs from fooling users.
h tml
Shouldn't they be concentrating on other things, such as actual security vulnerabilities? Seems like they're trying to say "look we're paying attention to security!" without actually doing anything that is effective...
Trusted path mechanisms are a requirement to get the NSA B2 certification for an OS (see urls below), and it most definently is an effective security measure. This may not be terribly relevant to your average user, but to someone dealing with highly confidential information on a computer it is. This feature prevents a) fake windows/programs from giving out false information under the guise of a trusted program, b) fake windows/programs from getting a user to enter sensitive data by posing as a legitimate form for sensitive data entry.
http://www.radium.ncsc.mil/tpep/epl/epl-by-class.
http://www.astrolox.com/libraryc/orange.html
Furthermore, I think that this could turn out to help security much more than some obscure feature. It is this low-level, "no shit sherlock" kind of basic security that is much more needed.
This is my digital signature. 10011011001
It is fundamentally possible to target the weakest link of any security system. If I cannot create a lookalike window, then I just have to trick Windows into doing that for me. For example, the mere fact that I have an SSL certificate does not mean that you are safe submitting your credit card to my site, although it means you know who I am and can contact me or my company if something happens. SSL requires, in order to be effective, a visible address, and a popup window with no address bar has no way of verifying the address for the customer ;-) So I already have a way of attacking this trust and at least making it hard for the user to track me down.
;-)
Tricks like these are not addressed by this approach which means that Microsoft still hasn't learned that con artists are probably the most likely to be able to get your confidential information
LedgerSMB: Open source Accounting/ERP
What kinds of attacks would those be? The over the shoulder snoop sort?
This is classic "protection". It will remind you that Bill Gates knows where you live and the names of your cats just in case you get funny ideas about infringing on copyrights or alternte software. "Yes sir, I'll pay the windoze tax. Thank you so much for all you do for me!"
Friends don't help friends install M$ junk.
It's a good thing Microsoft still includes options to turn off all the new crap features (from hide file extensions to cant share "Program Files" directory.
I still wish they would just sum them up in one "I'm not retarded or anything like that." checkbox. With every new windows version it takes me longer and longer to find the switches to turn off the silly features.
Sindri Traustason.
You should patent it!
I knew it! Bill Gates hates cats, and this is the beginning of his scheme to eradicate them from the face of the earth.
Come on, Fluffy! We're switching to Linux!
Wrong metaphor.
Look at any spy movie - classified material is in folders with red or black borders, the pages are marked, etc.
I've done the same with some SSL-aware custom JSP tags. If you browse to the page over an unencrypted channel you don't see the material at all (it's blocked at the server), if you have an SSL connection there's a thick black border, and if you have an authenticated and recognized SSL connection there's a thick red border. The actual appearance is controlled by CSS stylesheets, so it could easily faked... but that's not the point. What's important is that the symbol is obvious enough to be clearly seen even if partly obscured, while subtle enough that it doesn't get in the way.
In contrast, Microsoft's ideas are things that should be rejected out of hand by anyone with even a bit of security awareness. "Out of sight, out of mind" definitely applies here - if somebody sees a thick red or black border out of the corner of their eye they'll stop to lock the screen before walking away. But under Microsoft's oh-so-brilliant plan, there won't be any visual indication that they must lock their screen before dashing to the bathroom or to the coffee machine. Or joining a friend for lunch. Yet the confidential material will be available to anyone who cycles through the frames to see if there's anything interesting on the system.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Maybe this has been mentioned and as usual I missed it.
I find myself thinking that if I were to decide to put all my important data in their vault, what might I do if they tell me I have to pay the $1000 upgrade fee for the next version of their software if I want to continue to have access to my data in their vault?
-----
Pretty Bad Privacy (PBP) Public Key
6
Ok. Let me get this straight. There are people in some African country that send out emails with schemes like, "We need to transfer 500 million dollars into a bank account but we need your help! Give us all of your private information, including your name, SSN, bank account numbers, etc., and we will open an account in your name to perform this transfer. To compensate you, we will give you 20% of the money." And people answer emails like that and give out their personal information. Or, someone sticks a sign on a bank drop box that reads, "Out of order. Leave deposits with guard." And obviously dresses like a guard and stands next to the drop box with a cart, collecting deposits. (As if a BOX can be out of order!!!!!) There are thousands of schemes like this... these two come from Frank Abagnale's book The Art of the Steal. He jacked millions of dollars himself, so he should know: People are unconscious! They don't think about security. Heck, America can't figure out how to secure its borders when thousands of years ago, China came up with a solution that can be seen from space. If people can't figure out how to secure a border, which is a physical thing that is well documented and understood by everyone (just look at a map), how the heck do you expect to secure computer networks when people don't understand (or want to understand) the complex computer internals that need to be understood in order to combat this problem?
Let me ask you a question... When was the last time you were rooted? On your desktop? Running Windows? I honestly doubt that anybody here has ever been compromised, even if running Windows 24x7 with an Internet connection and no firewall of any kind. You know why? Because most folks here understand what security means, at least conceptually, and wouldn't be stupid enough to enter their password (not that it secures anything under Windows) into some bogus window. Do you honestly think that putting your dog's name (or any other information, for that matter) into a window is going to solve any security problems for Joe Shmoe? NO WAY!
The way I see things is simple: Market security to corporations. Sell them computer security services in which their entire network is secured against attack, and more importantly, their data is backed up. But the home Joe Shmoe users... let them screw up their computers with the biggest security threats: All these stupid screensavers, cursors, sounds, graphics, clutter, junk, crap, downloads, viruses, MS Outlook, and all the crap they download and execute without thinking... When their computer crashes and they come crying to me, I'll continue saying what I've been saying for the past ten years, "Where are your backups? Oh, you didn't make any?! Well, the only way I can fix this computer is by blowing everything off and reinstalling. Oh, well... Maybe you should take it to [insert name of a computer repair shop that charges outrageous prices to reinstall Windows for you] and have them fix it. They understand these things better than I do."
If Microsoft really wanted to combat security problems, and I am 100% serious about what I am saying here, then they would forget all this B.S. and convince users to keep the clutter and the CRAP off their computers. Secondly, they would convince people to back up their data. Windows might suck, but I'm always more concerned about the mechan
Reminds me of the "boss key" some older games had, e.g., you're playing at work, see the boss coming, hit the boss key and something possibly work related fills the screen. This sounds about as effective.
... "what are you doing?" ... "errr, nothing, just reading /." ... You won't win, either she sees the porn or she believes your hiding emails from an online romance. No matter what, yer screwed.
E.g., wife/girlfriend/SO walks in the room, you scramble to hide a "secure" window
What changed under Obama? Nothing Good
Is it true? I heard that the next version of Media Player will have a custom graphic for each user. I will display images of your loved ones, pets and property being threatened. While everyone will have the same images of meat cleavers, assault weapons, pitchforks and firebrands all shaking to the beat. The pictures of pets and property, however, will be unique to each luser. If you pull up another company's media player or juke box, the music will dissapear. If you copy the music file or pull up a music sharing client, the pets will cry and the house will burn. Spyware will report you to the RIAA so that these visions can come true, cool!
Friends don't help friends install M$ junk.
Like anyone on slashdot will have that problem.
I can't help but think that the only useful reason for putting "unique" data in a window border would be to provide key data for analog captures/etc. By having a personal "tag" in a visual border (and potentially audio), they are taking a step toward making viewers/players/etc [the only link between the analog and digital realm] prolific. They're hoping it will become 'the norm[al]' in a few years, and as such, it could ultimately lead to the end of the analog/digital loophole that currently exists in DRM.
I hope I explained this adequately...
Scary stuff, IMHO.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
That happens _all the time_. Boy, I'm glad somebody is doing something about this.
Wait, my doctors and accountants barely have time to use e-mail, much less, format html to send to me.
Enter Dogs Name:
FIDO
WARNING: Dogs name too short, should be 6-8 characters long and
use combination of numbers and UPPER and lowercase letters.
Enter Dogs Name:
FiDo1234
Dogs name accepted...
Burma?
No. You have the opposite problem.
Cthulhu Barata Nikto
MS is trying to bolster the overall security for their OS (called NGSCB...rtfa for the acronym def). A noble cause, but one that will be very tough for them to completely achieve. The author is focusing only 1 small portion of NGSCB, which is securing the graphics subsystem. I'll do the author's job and list a few more relevant points:
1) NGSCB is an opt-in type of program. If the hardware doesn't support it, or the user doesn't want it, it will be disabled.
2) Only "trusted apps" will fall under the jurisdiction of the NGSCB. Things like Quicken or IE could fall into this category. They would then be protected by the OS so that other non-trusted apps can't get at the data generated by the trusted apps. So the majority of windows apps that you'd run on a day-to-day basis (games), would not be affected by this.
3) The "trusted graphics" portion of NGSCB really only applies *** IF EVERYTHING ELSE IN WINDOWS IS SECURED ***. The thought being that if everything in the Windows OS is secure, hackers will look for the next most vulnerable target outside of the OS...the graphics device. Two of the most obvious ways to exploit it would be by sniffing the graphical info stored in the framebuffer, or by mimmicing a "trusted" window and having the used just give the evil app the info it wants.
4) The "dogs names" window is just an example of something that MS is kicking around. What they want to do is add something unique that the user provides to the trusted windows. This way an end user will see an evil app trying to pretend it's a trusted app. The idea here is that it will be almost impossible for a hacker to generate a window that looks exactly like a trusted window (unless they hack the OS to find out the unique quality of the user's trusted window...for now assume that the new Windows NGSCB can't be hacked...**snicker**). In any case, I seriously doubt "dogs names" will be the unique identifier.
5) The "dissappearing data" is done for a reason. When another untrusted app takes control of the OS (by being the top window), it has access to the framebuffer. So it would be simple to start an app, position the window so it doesn't completely obscure the trusted app, then read the framebuffer. Whatever info you want is right there in a bitmap. It would be nice if there were a better way to protect the framebuffer when a trusted app is alive, but it may not be possible in Windows.
I may not agree with some of their logic/ideas in this area, but it's unfair to judge it on this article alone. If you want a little more info, try looking here. Then again, this is Slashdot...there doesn't need to be a real reason to bash MS...carry on...
My dog's names are "Teenage", "Slut", "Live", and "Webcams"....and I swear to GOD, it's the new Window's security mechanisms that are responsible for their appearance on all my window titles!
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
Oh yeah, Microsoft's woderful remote hardware control tools, such as the plug and play deamon that listens to an open port. I'm sure everyone's seen it before, but I must post the results of such weakenesses. View the sum of stupid, Ha-Ha. Don't worry Microsoft has issued the uber patch, had the month long security hug and changed their security model to include M$ rooting you at will! Dancing pet names and total lack of control of files on your hard drive should make you feel so much more secure. Oh yeah!
Friends don't help friends install M$ junk.
I've seen a lot of smart ass posts from people who say, "Big deal, I never put any of that information into my passport. It's just for hotmail." Because this "service" is supposed to work everywhere, is it possible vendors have filled in the missing information for you? After all, because my wife has a hotmail account she was given a passport she never asked for that contained all the information demanded by hotmail. She also makes web purchases from time to time. A participating vendor could have already loaded her and me by association. Someone tell me it's not so or how I can verify it without an M$ OS.
"One name one login." how utterly M$. That shit won't work anywhere that has a clue. Are you going to take Microsoft's word that someone is who they claim they are and just let them romp around your systems?
Friends don't help friends install M$ junk.
In systems like that, each window appears with a border that shows the security level, typically SECRET, UNCLASSIFIED, etc. Communication between programs and windows at different levels is prohibited, except in some very controlled ways. Appliations can't even detect that stuff at higher levels exists. NSA Secure Linux has the underlying security machinery for this, although nobody has written a secure window manager for it.
It sounds like Microsoft is adding the window decoration without the underlying machinery.
Sadly, the few systems with security like this are antiques.
I've not read all the comments here, but I have read the article. .NET crap will allow, I think most commenters are missing the point. You don't have to spoof anything. I mean, there are snippets of code you can put into a normal HTML page that can format a drive for you if you're running Windows, and using IE. Sure, there's patches, but so what? there's updated virus defs all the time, and the by far most prevalent viruses are months, even years old. So, to get back on topic, in this type of environment, someone will think they are safe, because they see poochies name running around the window border, when, in actuality, they "somehow" had the equivilent of a porn dialer downloaded to their system, and, rather than dialing Lybia, it just tells Windows that anything it does is trusted, and the person is well and truly fucked, for they bought into the great lie that Microsoft is telling with it's Trustworthy Platform bullshit.
So far, most of the comments are about a spoofed status bar or the boraders that look different on the secured windows versus the unsecured ones. Anybody whose done work as a bench tech for a company servicing the general public for any length of time has surely had the conversation about porn dialers that the customer never even knew they had installed. With Active X controls, JavaScript, Macros, CGI sripts, or whatever the
For those who describe their systems as 'boxen', do you order multiple 'boxen' of corn flakes also?
Didn't I have to give up morals with Licensing 6.0?
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Then when we get REALLY good, we integrate photon to neutrino decay that ensures that Gates' pearly whites can't gleam beyond the user's calibrated seating distance!
Windows will automatically launch a BSOD when user is watching sensitive data.
This way the data keeps secure!
... the dog gets it!
And now for something completely different...
/. runs a story about cracked private keys.
What about a emulation that runs NGSCB? E.g. some kind of Wine or Bochs? You could easely compromise secured connections (and windows) because for the host OS they're running in normal, unprotected memory.
Even worse: What about a NGSCB client that pretends to be a real NGSCB-aware OS but is a fake in reality? You say asymmetric encryption? I say: Once these NGSCB-ready computers are out, it's only a matter of days until
...that inconvenience makes any system less secure, because lazy people will do stupid things to alleviate the inconvenience. This seems like a step in the wrong direction.
WARNING: there is a trojan on your
Ah yes, but the new Windows is *supposed* to protect you, remember?
The whole point of it is, if someone can get 60 seconds alone with your box, you're SOL..
And even if they can't get physical contact with your box, if they really want in, they will get in.
There are a lot of ways. With all the miniture cameras out now, well, you know the rest of the story..
I used to sell Tempest PC's to the gubmint a number of years back and learned a few things about physical security in the process.
They used isolated power supplies, fiber optic for any lans, faraday caged buildings and rooms, you name it.
And the really secured machines were DEEP underground in a faraday cage in a concrete bunker and ran on battery banks that were disconnected from the charge source before the systems were powered up. And to prevent tampering, guards were posted with M16's..
Now THAT was security.. They went from that, during the cold war, to losing hundreds of laptops in the post cold war era.. Some security eh??
If you don't maintain physical control of your box then you can not be certain of privacy and integrity of your data. Most people think that with the stupid password on their W2k or XP box that their stuff is private. Wrong. I can boot up Knoppix and your hard drive is mine to do with as I please.
I can email your private data out, FTP it out, http upload it anywhere I want, burn it to a CD or RW, FTP it all into a laptop with an ethernet x-over cable, dump it to zip disks, I could go on and on.
A person that can get to a box in the middle of the night and has a few hours to spare can have a real playday with your box and a Knoppix CD. I've shown this to customers and they crap all over themselves when they discover that that dipstick password "security" is utterly useless.
Knoppix+Windows box+ethernet+time alone=b0xen_0wnership..
Of course this is no concern to M$, they just care about you listening to music on your PC and paying per listen. And they have to stop those EVIL LINUX people from watching movies on their LINUX BOXES. All of these new proposals are not about security, they are about THEM controlling YOU..