2008 Pwnie Award Nominees Announced

ruphus13 writes "The Pwnie Awards, an 'annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community' announced their 2008 nominees. From their site, 'The final list of nominees for the nine Pwnie Award categories is finally published. We've received some really good submissions and it was not an easy task to narrow them down to five nominees per category, but we hope that we've done a good job. The next step for the Pwnie Awards judges will gather in an undisclosed location prior to the award ceremony and vote on the winners.'"

Re:Most EPIC fail, Windows Vista?

[jd]

Way back in the mists of time, part of my University training was on Human-Computer Interfaces and how not to design them. One of the first things we were told about was excessive alerts and excessive confirmations. It just causes the user to be desensitized to those things that are important, and they end up hitting the given key or clicking the necessary box without really reading any of the dialog presented. This actually worsens security. Especially if there's any way to silence such warnings, by disabling them for example, or having a utility that injects a confirmation into the module that handles the dialog.

I believe security can sell, but that paranoia and pestering won't. Mandatory access controls, role-based access controls and POSIX access control lists do not require pestering dialog. There are general-purpose operating systems rated A1 on the old Orange Book scale - the highest rating for host security you can get - and I doubt a single one requires massive user intervention to do anything more complex than Solitaire.

I would argue, then, that the article is wrong on Vista, that Vista is NOT the most secure offering from Microsoft because users stop trusting the security facility and are more likely to accidentally permit applications to do something stupid. You have to consider th wetware, and the wetware is very easily overloaded with trivia. Vista is only the most secure offering from Microsoft if nobody uses it.