Slashdot Mirror
Windows Security Through Annoyances?
techmuse writes "According to News.com,
Microsoft's next version of Windows will let you know that you are looking
at (supposedly) secure data by putting personalized text, such as the names
of your dogs (a null list in my case), in window borders, and will also hide
the data unless the window has no others on top of it. That should make it very usable, and speed adoption of security features -- especially among
people who need to be able to see the data in two partially overlapping
windows at once."
How is that more secure than the little combination lock icon?
"Much work is lost, for the lack of a little more." -Edward H. Harriman
Information on secured windows will vanish if another window is placed on top of it or shifted to the background. Erasing the information will prevent certain types of attacks and remind people that they're dealing with confidential material, Biddle said
What kinds of attacks would those be? The over the shoulder snoop sort?
Instead of adding new and experimental UI features, why not use a feature found on nearly every OS and that most end users will recognize - in this case, the lock symbol that indicates whether you're on a secure site or not. Obviously such a symbol would need to be something sufficiently different, but this is a well established (despite being lacking any standard specification) UI element that would require nearly no new training by the end user.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
New Madlibs for Slashdot! Now you too can create Slashdot Stories with these fun, GNU Madlibs!
For example:
Windows ____________ through Annoyances~
or
It's a great new __________ but can it run _______?
And the all time favorite, In _______ the ________ ___________s onto you!
"We are the music makers, and we are the dreamers of dreams."
Graphics cards are a security problem, because they contain their own pool of memory.
MS could just drop support for all video cards that have their own memory in favor of ones with integrated or shared memory (a la i810 family). Then the OS can have direct control over every aspect of the cards memory because it actually resides in main memory.
So to use this new super-secure Windows I'll have to type in huge lists of information that is boring to me?
the window borders thing isn't a bad idea, but as for making content disappear in the background... "hullooo, earth to microsoft"
The article makes it sound like this is to prevent those web pages that make themselves full screen and look just like a desktop, but honestly how often is this tactic even used?
"Information on secured windows will vanish if another window is placed on top of it or shifted to the background. Erasing the information will prevent certain types of attacks and remind people that they're dealing with confidential material, Biddle said." /. crowd a favor. No more rushing to minimize a window when your boss walks by. Just make slashdot a 'secured' page and Alt-Tab anything else over top it. *POOF* it appears like you've been working all along!
Microsoft is finally doing the
[Fuck Beta]
o0t!
Is that 'Microsoft' secure or 'secure' secure?
Besides, I've always found that the little lock in the Mozilla window works fine.
That's not a soda... it's a caffeine delivery device!
Anyone else remember B2 operating environments, and some of the silliness involving assigning dedicated colors to the borders of windows to announce the sensitivity level of the data contained within?
I can't wait for Microsoft to rediscover that feature.. B2 systems were great from an engineering point of view, but as far as usability went, it was so much complexity that users tended to try to defeat the security measures placed on them.
Weapons of Mass Analysis
All I know is, I'm not buying Longhorn; I don't need MS holding my hand wherever I go. This seems like just another "feature" where something can go wrong...
They should constantly play the red alert sound from star trek at full volume whenever the secure window has focus.
Sure, it's all well and good to display sensitive information with a special border, but what if someone writes down what they see and then leaves it just lying around? Where's your special borders then?
The solution is obvious: don't display the data at all!
I've discovered this feature of windowed GUIs a long time ago - you cake take virtually any window, place it over your current window and POOF! the data vanishes, completely obsucred by the new window on top of it. Isn't it neat?
sic transit gloria mundi
While I agree that security should be easy, you can only dumb it down so much. If the entire knowledge that the user has is that a window is "secure", they are only getting a warm fuzzy feeling, not real security.
For real security, you need to know WHAT has been secured. Examples include:
Data was encrypted in transit.
Data is authenticated to come from XXX source, according to YYY certificate authority.
This window is protected from being viewed by PCAnywhere.
This data has DRM, and is protected from being copied to another computer.
Unless you tell the user WHAT the security is, they will make poor decisions about what to do with the data. Putting the name of their dog on the window doesn't provide that information.
You call those annoyances? I call annoyances, opening a slashdot article and finding five topic icons going down the side of the screen.
A programmer is a machine for converting coffee into code.
Regardless of how much security this, in reality, will provide, it will provide a tremendous APPEARANCE of security.
Sure, it may work. It may even work well. But the important thing from a sales standpoint is that it will look very secure. And that sells better than actual security. Given their posturing over security in the past year, this is right in line.
best web host ever
That would be tempest monitoring.
Bad boys rape our young girls but Violet gives willingly.
How does vanishing data from a secure window when its not on top anymore makes the data substansially more secure? If anyone has allready hacked into that system it maybe safely assumed that he has access to memory... I agree it is safer in case you are watching porn and someone walks into the room...but in real business world people view confidential information when they know that there is no one to look upon their shoulders. IMHO this is just another gimmick ....."OH look I have a secure window!! I dont care if I open this strange looking attachment that came by email .....ZAP!!!"
You *might* disbelieve the article because it comes from news.com.com, but I personally find them to be the highest caliber of news organization.
Right up there with the LA Times, The National Enquirer, and the Weekly World News.
I currently have no clever signature witicism to add here.
This IS a great thing, it's called a trusted path. This is a security concept that's been around for a long time, but isn't widely implemented. You may be familiar with another trusted path mechanism in windows, the log in screen. It requires you to hit CTRL-ALT-DELETE to login, this is done to prevent fake login programs from fooling users.
h tml
Shouldn't they be concentrating on other things, such as actual security vulnerabilities? Seems like they're trying to say "look we're paying attention to security!" without actually doing anything that is effective...
Trusted path mechanisms are a requirement to get the NSA B2 certification for an OS (see urls below), and it most definently is an effective security measure. This may not be terribly relevant to your average user, but to someone dealing with highly confidential information on a computer it is. This feature prevents a) fake windows/programs from giving out false information under the guise of a trusted program, b) fake windows/programs from getting a user to enter sensitive data by posing as a legitimate form for sensitive data entry.
http://www.radium.ncsc.mil/tpep/epl/epl-by-class.
http://www.astrolox.com/libraryc/orange.html
Furthermore, I think that this could turn out to help security much more than some obscure feature. It is this low-level, "no shit sherlock" kind of basic security that is much more needed.
This is my digital signature. 10011011001
It is fundamentally possible to target the weakest link of any security system. If I cannot create a lookalike window, then I just have to trick Windows into doing that for me. For example, the mere fact that I have an SSL certificate does not mean that you are safe submitting your credit card to my site, although it means you know who I am and can contact me or my company if something happens. SSL requires, in order to be effective, a visible address, and a popup window with no address bar has no way of verifying the address for the customer ;-) So I already have a way of attacking this trust and at least making it hard for the user to track me down.
;-)
Tricks like these are not addressed by this approach which means that Microsoft still hasn't learned that con artists are probably the most likely to be able to get your confidential information
LedgerSMB: Open source Accounting/ERP
What kinds of attacks would those be? The over the shoulder snoop sort?
This is classic "protection". It will remind you that Bill Gates knows where you live and the names of your cats just in case you get funny ideas about infringing on copyrights or alternte software. "Yes sir, I'll pay the windoze tax. Thank you so much for all you do for me!"
Friends don't help friends install M$ junk.
It's a good thing Microsoft still includes options to turn off all the new crap features (from hide file extensions to cant share "Program Files" directory.
I still wish they would just sum them up in one "I'm not retarded or anything like that." checkbox. With every new windows version it takes me longer and longer to find the switches to turn off the silly features.
Sindri Traustason.
Wrong metaphor.
Look at any spy movie - classified material is in folders with red or black borders, the pages are marked, etc.
I've done the same with some SSL-aware custom JSP tags. If you browse to the page over an unencrypted channel you don't see the material at all (it's blocked at the server), if you have an SSL connection there's a thick black border, and if you have an authenticated and recognized SSL connection there's a thick red border. The actual appearance is controlled by CSS stylesheets, so it could easily faked... but that's not the point. What's important is that the symbol is obvious enough to be clearly seen even if partly obscured, while subtle enough that it doesn't get in the way.
In contrast, Microsoft's ideas are things that should be rejected out of hand by anyone with even a bit of security awareness. "Out of sight, out of mind" definitely applies here - if somebody sees a thick red or black border out of the corner of their eye they'll stop to lock the screen before walking away. But under Microsoft's oh-so-brilliant plan, there won't be any visual indication that they must lock their screen before dashing to the bathroom or to the coffee machine. Or joining a friend for lunch. Yet the confidential material will be available to anyone who cycles through the frames to see if there's anything interesting on the system.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Ok. Let me get this straight. There are people in some African country that send out emails with schemes like, "We need to transfer 500 million dollars into a bank account but we need your help! Give us all of your private information, including your name, SSN, bank account numbers, etc., and we will open an account in your name to perform this transfer. To compensate you, we will give you 20% of the money." And people answer emails like that and give out their personal information. Or, someone sticks a sign on a bank drop box that reads, "Out of order. Leave deposits with guard." And obviously dresses like a guard and stands next to the drop box with a cart, collecting deposits. (As if a BOX can be out of order!!!!!) There are thousands of schemes like this... these two come from Frank Abagnale's book The Art of the Steal. He jacked millions of dollars himself, so he should know: People are unconscious! They don't think about security. Heck, America can't figure out how to secure its borders when thousands of years ago, China came up with a solution that can be seen from space. If people can't figure out how to secure a border, which is a physical thing that is well documented and understood by everyone (just look at a map), how the heck do you expect to secure computer networks when people don't understand (or want to understand) the complex computer internals that need to be understood in order to combat this problem?
Let me ask you a question... When was the last time you were rooted? On your desktop? Running Windows? I honestly doubt that anybody here has ever been compromised, even if running Windows 24x7 with an Internet connection and no firewall of any kind. You know why? Because most folks here understand what security means, at least conceptually, and wouldn't be stupid enough to enter their password (not that it secures anything under Windows) into some bogus window. Do you honestly think that putting your dog's name (or any other information, for that matter) into a window is going to solve any security problems for Joe Shmoe? NO WAY!
The way I see things is simple: Market security to corporations. Sell them computer security services in which their entire network is secured against attack, and more importantly, their data is backed up. But the home Joe Shmoe users... let them screw up their computers with the biggest security threats: All these stupid screensavers, cursors, sounds, graphics, clutter, junk, crap, downloads, viruses, MS Outlook, and all the crap they download and execute without thinking... When their computer crashes and they come crying to me, I'll continue saying what I've been saying for the past ten years, "Where are your backups? Oh, you didn't make any?! Well, the only way I can fix this computer is by blowing everything off and reinstalling. Oh, well... Maybe you should take it to [insert name of a computer repair shop that charges outrageous prices to reinstall Windows for you] and have them fix it. They understand these things better than I do."
If Microsoft really wanted to combat security problems, and I am 100% serious about what I am saying here, then they would forget all this B.S. and convince users to keep the clutter and the CRAP off their computers. Secondly, they would convince people to back up their data. Windows might suck, but I'm always more concerned about the mechan
We at SCO already did. Here's the lawsuit for stealing our idea. Have a nice day.
Reminds me of the "boss key" some older games had, e.g., you're playing at work, see the boss coming, hit the boss key and something possibly work related fills the screen. This sounds about as effective.
... "what are you doing?" ... "errr, nothing, just reading /." ... You won't win, either she sees the porn or she believes your hiding emails from an online romance. No matter what, yer screwed.
E.g., wife/girlfriend/SO walks in the room, you scramble to hide a "secure" window
What changed under Obama? Nothing Good
Is it true? I heard that the next version of Media Player will have a custom graphic for each user. I will display images of your loved ones, pets and property being threatened. While everyone will have the same images of meat cleavers, assault weapons, pitchforks and firebrands all shaking to the beat. The pictures of pets and property, however, will be unique to each luser. If you pull up another company's media player or juke box, the music will dissapear. If you copy the music file or pull up a music sharing client, the pets will cry and the house will burn. Spyware will report you to the RIAA so that these visions can come true, cool!
Friends don't help friends install M$ junk.
Oh that's alright. Don't worry. I've already gained access to your information in their 'vault' and I'll sell it back to you for only $500. It's a bargain.
And if you don't want it, that's ok, I've got *lots* of customers.
KFG
Like anyone on slashdot will have that problem.
Hmm, okay, so let's say I make a Microsoft-ish spoof page with a border that has "king", "snoopy" or "brutus" all around, and half the visitors will recognise their page with their unique pooch's name on it, and will give me their credit card number in total confidence. Hmmm ....
I was thinking that too. Then I read the article:
"A hacker can create a spoof page with dogs' names running along the border but, in all likelihood, not one reading "Buffy, Skip and Jack Daniels--and in that order," Biddle said."
True, but anyone could just create a similar-looking window, and just put words "Secure Window" instead of "Buffy, Skip and Jack Daniels". Guess which one will look to be secure and which one will not.
Also, if this system is not clearly explained to non-savvy users (and I am guessing it will not be), then there will be other implications as well - such as people typing in their passwords, or realizing their pet name *is* their password, etc. I look forward to how they implement this and confuse users.
Enter Dogs Name:
FIDO
WARNING: Dogs name too short, should be 6-8 characters long and
use combination of numbers and UPPER and lowercase letters.
Enter Dogs Name:
FiDo1234
Dogs name accepted...
Burma?
No. You have the opposite problem.
Cthulhu Barata Nikto
MS is trying to bolster the overall security for their OS (called NGSCB...rtfa for the acronym def). A noble cause, but one that will be very tough for them to completely achieve. The author is focusing only 1 small portion of NGSCB, which is securing the graphics subsystem. I'll do the author's job and list a few more relevant points:
1) NGSCB is an opt-in type of program. If the hardware doesn't support it, or the user doesn't want it, it will be disabled.
2) Only "trusted apps" will fall under the jurisdiction of the NGSCB. Things like Quicken or IE could fall into this category. They would then be protected by the OS so that other non-trusted apps can't get at the data generated by the trusted apps. So the majority of windows apps that you'd run on a day-to-day basis (games), would not be affected by this.
3) The "trusted graphics" portion of NGSCB really only applies *** IF EVERYTHING ELSE IN WINDOWS IS SECURED ***. The thought being that if everything in the Windows OS is secure, hackers will look for the next most vulnerable target outside of the OS...the graphics device. Two of the most obvious ways to exploit it would be by sniffing the graphical info stored in the framebuffer, or by mimmicing a "trusted" window and having the used just give the evil app the info it wants.
4) The "dogs names" window is just an example of something that MS is kicking around. What they want to do is add something unique that the user provides to the trusted windows. This way an end user will see an evil app trying to pretend it's a trusted app. The idea here is that it will be almost impossible for a hacker to generate a window that looks exactly like a trusted window (unless they hack the OS to find out the unique quality of the user's trusted window...for now assume that the new Windows NGSCB can't be hacked...**snicker**). In any case, I seriously doubt "dogs names" will be the unique identifier.
5) The "dissappearing data" is done for a reason. When another untrusted app takes control of the OS (by being the top window), it has access to the framebuffer. So it would be simple to start an app, position the window so it doesn't completely obscure the trusted app, then read the framebuffer. Whatever info you want is right there in a bitmap. It would be nice if there were a better way to protect the framebuffer when a trusted app is alive, but it may not be possible in Windows.
I may not agree with some of their logic/ideas in this area, but it's unfair to judge it on this article alone. If you want a little more info, try looking here. Then again, this is Slashdot...there doesn't need to be a real reason to bash MS...carry on...
My dog's names are "Teenage", "Slut", "Live", and "Webcams"....and I swear to GOD, it's the new Window's security mechanisms that are responsible for their appearance on all my window titles!
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
I've seen a lot of smart ass posts from people who say, "Big deal, I never put any of that information into my passport. It's just for hotmail." Because this "service" is supposed to work everywhere, is it possible vendors have filled in the missing information for you? After all, because my wife has a hotmail account she was given a passport she never asked for that contained all the information demanded by hotmail. She also makes web purchases from time to time. A participating vendor could have already loaded her and me by association. Someone tell me it's not so or how I can verify it without an M$ OS.
"One name one login." how utterly M$. That shit won't work anywhere that has a clue. Are you going to take Microsoft's word that someone is who they claim they are and just let them romp around your systems?
Friends don't help friends install M$ junk.
I've not read all the comments here, but I have read the article. .NET crap will allow, I think most commenters are missing the point. You don't have to spoof anything. I mean, there are snippets of code you can put into a normal HTML page that can format a drive for you if you're running Windows, and using IE. Sure, there's patches, but so what? there's updated virus defs all the time, and the by far most prevalent viruses are months, even years old. So, to get back on topic, in this type of environment, someone will think they are safe, because they see poochies name running around the window border, when, in actuality, they "somehow" had the equivilent of a porn dialer downloaded to their system, and, rather than dialing Lybia, it just tells Windows that anything it does is trusted, and the person is well and truly fucked, for they bought into the great lie that Microsoft is telling with it's Trustworthy Platform bullshit.
So far, most of the comments are about a spoofed status bar or the boraders that look different on the secured windows versus the unsecured ones. Anybody whose done work as a bench tech for a company servicing the general public for any length of time has surely had the conversation about porn dialers that the customer never even knew they had installed. With Active X controls, JavaScript, Macros, CGI sripts, or whatever the
For those who describe their systems as 'boxen', do you order multiple 'boxen' of corn flakes also?