The biggest problems with DIVX were: + It was ahead of its time. + People didn't "get it". + Movie companies didn't "get it", and didn't provide decent titles in DIVX format. + They depended on people who couldn't set their VCR to remember to hook up a phone line. + They depended on a landline in a cellular world. + You can't play them on vacation, at the beach, in the back of the card on long trips, on your portable player... + Ask the people who bought music from .
Getting into the habit of opening attachments makes it more likely that you will open one by reflex when you shouldn't.
My experience from supporting Windows users under the malware siege of the past decade is that reflex opening attachments and downloads is the best social engineering tool virus writers have.
Although the lawsuits are not about changed provisions in the GPL, both events are muscle-flexing by the free software community and, taken together, may foreshadow new risks in the irreconcilable conflict between open source software and its widespread use by for-profit companies.
What "irreconcilable conflict"?
Imprimus, the GPL provides an amazing business opportunity for companies like Trolltech and Linden Labs to harness the efforts of the open source community for their products, without opening up the possibility of some company taking the open source product and competing with them on a level ground.
Secundus, Companies that don't pay attention to the license they're using can get into trouble, but that's true for all licensed software: even Microsoft's occasionally had to pay for drifting over the line with licensed software and patents now and then.
Tertius, GPL is not synonymous with open source software. There's open source software running right now in your desktop, Edmund, open source software distributed by Microsoft or Apple... most of it's not GPLed, it's distributed under the BSD license and the MIT license.
Therefore, there is no such irreconcilable conflict, and using language like that is enough for even someone like me who has been often enough critical of the GPL to consider this article nothing more than a troll.
Didn't they always use Flash? The "old" Google Video player certainly uses it now
I used to be able to download quicktime videos from them directly, and they sure didn't look like flash... I use flashblock, so Flash just shows up as a (>) play icon until I click on it.
Which, by the by, may be why I notice people using Flash for obfuscation. Flash web bugs and the like show up as (>) play icons for me, but they look just like regular images for most people.
Using Finder to access FTP URLs can cause significant systematic performance problems for OS X, because Finder actually mounts them (under/Volumes/name.of.site.example.com), and errors in performing operations over FTP can cause lockups in apparently unrelated parts of the system. Worse, it displays files in an untrusted location in the Finder itself, which is an incredibly useful capability for someone designing a social engineering attack.
I'm surprised that they weren't already using either a threaded interpreter or a bytecode interpreter. It's such an obvious step when performance is on the line, and I'm sure there must be a variety of such interpreters available, it's been a standard middle-ground between a fully compiled language and a raw text interpreter since the '70s at least... the DEC Fortran compiler used threaded code, and Smalltalk used bytecode, both in the '70s.
I won't even get into the fact that they weren't doing almost-free optimizations like eliminating empty nodes in the syntax tree...
The problem was named back in the day when that was what pretty much all the dialogues boxes read. It is still used to describe the problem today, even though the button names have changed. The problem is operant conditioning users to reflexively click a given option.
It's more complex than that. People aren't pigeons and even pigeons have proven more complex than Skinner thought. It's not a matter of training users to click a specific option. Users will still automatically approve these dialogs even when presented with a new dialog they haven't seen before, with labels that are unique to that dialog. It doesn't matter what the dialog says, or if the butons move around, as long as it's possible to interpret one of the options as "let me get my damn work done" and one as "if I click this I'll have to go back to square one".
The criteria upon which these need to be evaluated from a usability and security perspective is if they cause more or less accidental execution of malware.
I think you meant to write "prevent", but since these dialogs do in fact, over the long run, cause more accidental execution of malware than redesigning the system to make them unnecessary, and once users are accustomed to being presented with "shall I do something stupid now?" dialogs they provide very little protection indeed. Not automatically opening untrusted files was a good start to fixing the underlying problem, and not dropping downloads in a folder that's full of files the user has reason to trust is the logical next step....sandboxes...
If the sandboxes have holes, the malware will be written to use those holes. If the sandboxes do not have holes they will be too restrictive for most any application. A sandbox strong enough to keep malware out has to, at the very least, unconditionally prevent the sandboxed application from reading or writing any file outside the sandbox, from opening any network connections except back to the server they were fetched from (the original Java sandbox design had a flaw here, because it was based on the IP address rather than the URL and would have allowed Java applets to carte-blanche attach servers through proxy firewalls... I identified this and mentioned it on the Firewalls mailing list, and as a result that was fixed), and basically being able to save ANY long term state other than cookies local only to the URL they were fetched from, or interact with ANY components on the local machine. Weaker sandboxes have been tried and have universally been found too leaky.
THAT kind of sandbox is too strict for general use with arbitrary applications.
Safari does have a download manager. It pops up whenever you start downloading a file and lets you cancel it and/or open a finder window showing it.
I know I qualified the phrase "a download manager" further than that.
This has nothing to do with the problem we're discussing and does not seem to have influenced the design to use confirmation dialogue boxes.
The first confirmation dialog boxes of this type were added (to Safari) in Security Update 2004-06-07 specifically to deal with this problem.
I posted about this in June 2004, when it happened.
Apple finally fixed the underlying problem in 2007. That's not bad, 3 years of security dialogs instead of security. Microsoft's been trying to use security dialogs instead of security for over a decade now.
You assert that they are stupid and decrease security, but you've offered no evidence.
From 1997 though 2003 I banned Internet Explorer from our site, because of Internet Explorer's leaky sandbox. The primary "protection" for this leaky sandbox was the stupid confirmation dialog. In that time a few people used IE instead of Netscape, for various reasons. In that time I had absolutely no cases of the same user going through the process of downloading an infected object to their desktop, and then running it, m
What you are referring to is often called the "OK/Cancel problem" and is a classic HCI issue to avoid.
Absolutely not.
It doesn't matter WHAT the dialogs say. The Windows dialogs I'm talking about do NOT in general actually read "OK", there are a variety of approval buttons in use, most of them completely descriptive of what they are going to do.
The problem is NOT what the dialogs say. This is not the "OK/Cancel" problem in any way, shape, or form.
The problem is that unnecessary approval dialogs are being used at all. OS X's only advantage here is that there are... for the moment... fewer of these. But every new release of OS X adds more of them, and almost all of them provide far too little protection to justify their existence.
Ideally, they should be able to run it without a warning and the OS should appropriately sandbox it, by default, so that it can be run safely, even if it is malware.
A sandbox that is complete enough to actually prevent malware from escaping will be too restrictive. Anything less than full MAC (orange book class B, at every level, default closed, under explicit user control) will be no better than Microsoft's sandbox for IE (which has had demonstrated failures right from the start), and full mandatory access control has proven too cumbersome everywhere it's been implemented.
Apple's design seems like a pretty good compromise to me.
Apples design is the result of a mistake they made in Safari in 2004... making 'open "Safe" files' on by default... and backed out of last year, but having put their money on stupid approval dialogs they seem unable to consider a better approach, like downloading files to a "Downloads" folder, and providing a download manager in Safari (or perhaps as a plugin for Finder, though putting it in Safari would improve thigs for Windows as well) that provides the tools to allow the user to make a reasoned decision about downloaded files on their own schedule.
I approve of Apple's ability to back out of mistakes, albeit reluctantly. That puts them light-years ahead of Microsoft, who (for example) still ship Windows with Autorun (which should be called AutoInfection) enabled. I just wish they were quicker about it.
I'd also note that the new firewall is application based, not port based.
That's potentially a plus, in that it actually forces people to become aware of ports and networking basics even quicker than I thought it would. But a minus because similar application firewalls on Windows generally get turned off pretty quickly because they are too annoying to put up with for the people who would most benefit from them. And it certainly doesn't satisfy the claim that it's automatic and invisible.
And, well, a layered defense that automatically opens the gates isn't much of a layered defense.
Better Trojan horse protection. Mac OS X v10.5 marks files that are downloaded to help prevent users from running malicious downloaded applications.
The main result of this is to train people to click "OK" to security dialogs. I have observed this trend in Windows, over the past decade as a network and system admin, and there were several users who would REPEATEDLY come to me with "I clicked the wrong button again and I think I've got a virus".
Easier network security. After you've activated the new Mac OS X v10.5 application firewall, it configures itself so you get the benefits of firewall protection without needing to understand the details of network ports and protocols.
OS X is not Windows: it does not promiscuously open listening ports unless you are serving data. Unless you have installed third party software that opens additional ports, there is nothing the firewall needs to do (and indeed it has been reported that the firewall does not actually restrict access to any standard ports), and there is little point in running it. If you have, then you need to understand network ports and protocols.
For normal users, at this point, my basic recommendations are:
* Make sure that you have 'Open "Safe" files after download' disabled in Safari. * Use a tool such as "More Internet" to change the default application for FTP: URLs from Finder to either an FTP-aware web browser like Firefox or a dedicated FTP client. * Consider disabling Dashboard if you have any doubt over your ability to recognize when third party Dashboard applets are installed via Safari. * Don't open attachments from inside Mail. It's a dangerous habit to get into, the extra second spent saving them to a file is worth it. * Don't let the stupid warning dialogs lull you into a false sense of security. These were a bad idea when Microsoft started using them, and it doesn't make it any better for Apple to follow.
"Security Advisory (953818) does not refer to vulnerability in either Safari or Windows," Tim Rains, security response communications lead for Microsoft said in a statement sent to InternetNews.com.
"Rather, it describes a blended threat in which files may be downloaded to a user's machine without prompting, allowing them to be executed. This results from a combination of the default download location in Safari and how the Windows desktop handles executables."
What this tells me is that this is almost certainly another variant on the futile battle with reality that Microsoft has engaged in ever since they introduced "security zones" as an attempt to mitigate their fundamentally insecure "active content" security since 1997.
The rights granted an object MUST NOT be based on the location of the object (with or without such additional features as security dialogs, certificates, and whatnot), they MUST be granted by the component responsible for introducing them into the system, and ONLY by a request by the user... not in response to a request by the object.
That is, you MUST NOT be able to have an object in a web page executed outside a hard sandbox (eg, the kind of restricted scripts that web pages may contain) without a user explicitly downloading it AND explicitly executing it. The alternative was something unheard of before 1997, it was a joke (the "good times" virus, for example), the rare cases where someone found a way to make it happen (the Internet Worm, the XMAS TREE worm, the ghostscript virus) were identified as flaws, bugs, security holes, and unambiguously fixed.
Microsoft introduced the idea that a "trusted zone" could exist where execution could be implicitly allowed, by visiting a web page, opening a folder, even reading email! This led to a flood of worms in the last few years of the 20th century, and for whatever reason Microsoft... rather than backing out of this model... has attempted to come up with some combination of tricks to fix it. It can't be fixed, alas, and until Microsoft admits it or people stop using Microsoft software security is going to remain problematic... ANY application on Windows can unintentionally break Microsoft's undocumented and rapidly changing trust boundaries and introduce another avenue of attack.
Worse, other companies... including Apple and Mozilla... have followed Microsoft's lead. All browsers currently have design flaws like this, though none take it to such an extreme and only Microsoft seems insistent on carrying the mistake all the way to the desktop.
When I was still at ABB we put PDAs in the same category as remote users. The only way to get inside the WAN from the PDA was to log in through a VPN. If you wanted email on a PDA you either had an outside account for the PDA, or you had to bring up the VPN to check your mail. We applied the same policy on the WLAN I set up, but I believe that's been relaxed in exchange for using a supposedly more secure WLAN login.
And that was already a concession... a VPN connection makes your device part of the perimeter security of the WAN. I much prefer specific authenticated application-level gateways for remote access... or at least a virtual proxy like SSH.
Well, of course, otherwise people wouldn't need to be on the trading floor!
Eventually, of course, the trading floor will migrate into virtual reality, simply to get around the limitations of time and distance on teh floor itself.
It seems that the real problem this is supposedly tickling, that made Microsoft go gaga, is... Internet Explorer and security zones and active content (oh my!).
Which has been the #1 security problem in Windows since 1997, and I'm still boggled that Microsoft didn't back out the whole concept by 3Q98 or so. It's like having a car that's got door and ignition locks that only work if there's someone sitting in the driver's seat.
Dudes, this was a gaming convention! What he really said was that non-Christians would be PWNED by demons from DOOM.
The biggest problems with DIVX were:
+ It was ahead of its time.
+ People didn't "get it".
+ Movie companies didn't "get it", and didn't provide decent titles in DIVX format.
+ They depended on people who couldn't set their VCR to remember to hook up a phone line.
+ They depended on a landline in a cellular world.
+ You can't play them on vacation, at the beach, in the back of the card on long trips, on your portable player...
+ Ask the people who bought music from .
Second question, can computer have Self-Consciousness and definitive answer is NO!
Why? What is the basis for this claim?
Getting into the habit of opening attachments makes it more likely that you will open one by reflex when you shouldn't.
My experience from supporting Windows users under the malware siege of the past decade is that reflex opening attachments and downloads is the best social engineering tool virus writers have.
You are Greg Egan and I claim my copy of Ensemble.
0C is too cold and 40C is too hot. Much below 0C or above 40C is "you need an artificial life support system to survive".
(yes, an igloo or a parka counts as "an artificial life support system")
Unless we're able to invent an insane computer, the singularity will have no effect on the world.
Luckily, Microsoft's got that covered!
You could do it in Virtual Reality, bring in Bob and Dot and Enzo as guest stars, and call it Das Reboot.
Although the lawsuits are not about changed provisions in the GPL, both events are muscle-flexing by the free software community and, taken together, may foreshadow new risks in the irreconcilable conflict between open source software and its widespread use by for-profit companies.
What "irreconcilable conflict"?
Imprimus, the GPL provides an amazing business opportunity for companies like Trolltech and Linden Labs to harness the efforts of the open source community for their products, without opening up the possibility of some company taking the open source product and competing with them on a level ground.
Secundus, Companies that don't pay attention to the license they're using can get into trouble, but that's true for all licensed software: even Microsoft's occasionally had to pay for drifting over the line with licensed software and patents now and then.
Tertius, GPL is not synonymous with open source software. There's open source software running right now in your desktop, Edmund, open source software distributed by Microsoft or Apple... most of it's not GPLed, it's distributed under the BSD license and the MIT license.
Therefore, there is no such irreconcilable conflict, and using language like that is enough for even someone like me who has been often enough critical of the GPL to consider this article nothing more than a troll.
Internal resistanceless batteries would make any kind of short circuit very exciting.
But useful for McGuyver!
Didn't they always use Flash? The "old" Google Video player certainly uses it now
I used to be able to download quicktime videos from them directly, and they sure didn't look like flash... I use flashblock, so Flash just shows up as a (>) play icon until I click on it.
Which, by the by, may be why I notice people using Flash for obfuscation. Flash web bugs and the like show up as (>) play icons for me, but they look just like regular images for most people.
But there is still a lag between you abnd your avatar unless you can give your avatar autonomy
Charlie Stross's "Economy 2.0" in Accelerando is closer than I thought.
Using Finder to access FTP URLs can cause significant systematic performance problems for OS X, because Finder actually mounts them (under /Volumes/name.of.site.example.com), and errors in performing operations over FTP can cause lockups in apparently unrelated parts of the system. Worse, it displays files in an untrusted location in the Finder itself, which is an incredibly useful capability for someone designing a social engineering attack.
I'm surprised that they weren't already using either a threaded interpreter or a bytecode interpreter. It's such an obvious step when performance is on the line, and I'm sure there must be a variety of such interpreters available, it's been a standard middle-ground between a fully compiled language and a raw text interpreter since the '70s at least... the DEC Fortran compiler used threaded code, and Smalltalk used bytecode, both in the '70s.
I won't even get into the fact that they weren't doing almost-free optimizations like eliminating empty nodes in the syntax tree...
The problem was named back in the day when that was what pretty much all the dialogues boxes read. It is still used to describe the problem today, even though the button names have changed. The problem is operant conditioning users to reflexively click a given option.
...sandboxes...
It's more complex than that. People aren't pigeons and even pigeons have proven more complex than Skinner thought. It's not a matter of training users to click a specific option. Users will still automatically approve these dialogs even when presented with a new dialog they haven't seen before, with labels that are unique to that dialog. It doesn't matter what the dialog says, or if the butons move around, as long as it's possible to interpret one of the options as "let me get my damn work done" and one as "if I click this I'll have to go back to square one".
The criteria upon which these need to be evaluated from a usability and security perspective is if they cause more or less accidental execution of malware.
I think you meant to write "prevent", but since these dialogs do in fact, over the long run, cause more accidental execution of malware than redesigning the system to make them unnecessary, and once users are accustomed to being presented with "shall I do something stupid now?" dialogs they provide very little protection indeed. Not automatically opening untrusted files was a good start to fixing the underlying problem, and not dropping downloads in a folder that's full of files the user has reason to trust is the logical next step.
If the sandboxes have holes, the malware will be written to use those holes. If the sandboxes do not have holes they will be too restrictive for most any application. A sandbox strong enough to keep malware out has to, at the very least, unconditionally prevent the sandboxed application from reading or writing any file outside the sandbox, from opening any network connections except back to the server they were fetched from (the original Java sandbox design had a flaw here, because it was based on the IP address rather than the URL and would have allowed Java applets to carte-blanche attach servers through proxy firewalls... I identified this and mentioned it on the Firewalls mailing list, and as a result that was fixed), and basically being able to save ANY long term state other than cookies local only to the URL they were fetched from, or interact with ANY components on the local machine. Weaker sandboxes have been tried and have universally been found too leaky.
THAT kind of sandbox is too strict for general use with arbitrary applications.
Safari does have a download manager. It pops up whenever you start downloading a file and lets you cancel it and/or open a finder window showing it.
I know I qualified the phrase "a download manager" further than that.
This has nothing to do with the problem we're discussing and does not seem to have influenced the design to use confirmation dialogue boxes.
The first confirmation dialog boxes of this type were added (to Safari) in Security Update 2004-06-07 specifically to deal with this problem.
I posted about this in June 2004, when it happened.
Apple finally fixed the underlying problem in 2007. That's not bad, 3 years of security dialogs instead of security. Microsoft's been trying to use security dialogs instead of security for over a decade now.
You assert that they are stupid and decrease security, but you've offered no evidence.
From 1997 though 2003 I banned Internet Explorer from our site, because of Internet Explorer's leaky sandbox. The primary "protection" for this leaky sandbox was the stupid confirmation dialog. In that time a few people used IE instead of Netscape, for various reasons. In that time I had absolutely no cases of the same user going through the process of downloading an infected object to their desktop, and then running it, m
What you are referring to is often called the "OK/Cancel problem" and is a classic HCI issue to avoid.
... for the moment ... fewer of these. But every new release of OS X adds more of them, and almost all of them provide far too little protection to justify their existence.
Absolutely not.
It doesn't matter WHAT the dialogs say. The Windows dialogs I'm talking about do NOT in general actually read "OK", there are a variety of approval buttons in use, most of them completely descriptive of what they are going to do.
The problem is NOT what the dialogs say. This is not the "OK/Cancel" problem in any way, shape, or form.
The problem is that unnecessary approval dialogs are being used at all. OS X's only advantage here is that there are
Ideally, they should be able to run it without a warning and the OS should appropriately sandbox it, by default, so that it can be run safely, even if it is malware.
A sandbox that is complete enough to actually prevent malware from escaping will be too restrictive. Anything less than full MAC (orange book class B, at every level, default closed, under explicit user control) will be no better than Microsoft's sandbox for IE (which has had demonstrated failures right from the start), and full mandatory access control has proven too cumbersome everywhere it's been implemented.
Apple's design seems like a pretty good compromise to me.
Apples design is the result of a mistake they made in Safari in 2004... making 'open "Safe" files' on by default... and backed out of last year, but having put their money on stupid approval dialogs they seem unable to consider a better approach, like downloading files to a "Downloads" folder, and providing a download manager in Safari (or perhaps as a plugin for Finder, though putting it in Safari would improve thigs for Windows as well) that provides the tools to allow the user to make a reasoned decision about downloaded files on their own schedule.
I approve of Apple's ability to back out of mistakes, albeit reluctantly. That puts them light-years ahead of Microsoft, who (for example) still ship Windows with Autorun (which should be called AutoInfection) enabled. I just wish they were quicker about it.
I'd also note that the new firewall is application based, not port based.
That's potentially a plus, in that it actually forces people to become aware of ports and networking basics even quicker than I thought it would. But a minus because similar application firewalls on Windows generally get turned off pretty quickly because they are too annoying to put up with for the people who would most benefit from them. And it certainly doesn't satisfy the claim that it's automatic and invisible.
And, well, a layered defense that automatically opens the gates isn't much of a layered defense.
Better Trojan horse protection. Mac OS X v10.5 marks files that are downloaded to help prevent users from running malicious downloaded applications.
The main result of this is to train people to click "OK" to security dialogs. I have observed this trend in Windows, over the past decade as a network and system admin, and there were several users who would REPEATEDLY come to me with "I clicked the wrong button again and I think I've got a virus".
Easier network security. After you've activated the new Mac OS X v10.5 application firewall, it configures itself so you get the benefits of firewall protection without needing to understand the details of network ports and protocols.
OS X is not Windows: it does not promiscuously open listening ports unless you are serving data. Unless you have installed third party software that opens additional ports, there is nothing the firewall needs to do (and indeed it has been reported that the firewall does not actually restrict access to any standard ports), and there is little point in running it. If you have, then you need to understand network ports and protocols.
For normal users, at this point, my basic recommendations are:
* Make sure that you have 'Open "Safe" files after download' disabled in Safari.
* Use a tool such as "More Internet" to change the default application for FTP: URLs from Finder to either an FTP-aware web browser like Firefox or a dedicated FTP client.
* Consider disabling Dashboard if you have any doubt over your ability to recognize when third party Dashboard applets are installed via Safari.
* Don't open attachments from inside Mail. It's a dangerous habit to get into, the extra second spent saving them to a file is worth it.
* Don't let the stupid warning dialogs lull you into a false sense of security. These were a bad idea when Microsoft started using them, and it doesn't make it any better for Apple to follow.
"Security Advisory (953818) does not refer to vulnerability in either Safari or Windows," Tim Rains, security response communications lead for Microsoft said in a statement sent to InternetNews.com.
"Rather, it describes a blended threat in which files may be downloaded to a user's machine without prompting, allowing them to be executed. This results from a combination of the default download location in Safari and how the Windows desktop handles executables."
What this tells me is that this is almost certainly another variant on the futile battle with reality that Microsoft has engaged in ever since they introduced "security zones" as an attempt to mitigate their fundamentally insecure "active content" security since 1997.
The rights granted an object MUST NOT be based on the location of the object (with or without such additional features as security dialogs, certificates, and whatnot), they MUST be granted by the component responsible for introducing them into the system, and ONLY by a request by the user... not in response to a request by the object.
That is, you MUST NOT be able to have an object in a web page executed outside a hard sandbox (eg, the kind of restricted scripts that web pages may contain) without a user explicitly downloading it AND explicitly executing it. The alternative was something unheard of before 1997, it was a joke (the "good times" virus, for example), the rare cases where someone found a way to make it happen (the Internet Worm, the XMAS TREE worm, the ghostscript virus) were identified as flaws, bugs, security holes, and unambiguously fixed.
Microsoft introduced the idea that a "trusted zone" could exist where execution could be implicitly allowed, by visiting a web page, opening a folder, even reading email! This led to a flood of worms in the last few years of the 20th century, and for whatever reason Microsoft... rather than backing out of this model... has attempted to come up with some combination of tricks to fix it. It can't be fixed, alas, and until Microsoft admits it or people stop using Microsoft software security is going to remain problematic... ANY application on Windows can unintentionally break Microsoft's undocumented and rapidly changing trust boundaries and introduce another avenue of attack.
Worse, other companies... including Apple and Mozilla... have followed Microsoft's lead. All browsers currently have design flaws like this, though none take it to such an extreme and only Microsoft seems insistent on carrying the mistake all the way to the desktop.
When I was still at ABB we put PDAs in the same category as remote users. The only way to get inside the WAN from the PDA was to log in through a VPN. If you wanted email on a PDA you either had an outside account for the PDA, or you had to bring up the VPN to check your mail. We applied the same policy on the WLAN I set up, but I believe that's been relaxed in exchange for using a supposedly more secure WLAN login.
And that was already a concession... a VPN connection makes your device part of the perimeter security of the WAN. I much prefer specific authenticated application-level gateways for remote access... or at least a virtual proxy like SSH.
Well, of course, otherwise people wouldn't need to be on the trading floor!
Eventually, of course, the trading floor will migrate into virtual reality, simply to get around the limitations of time and distance on teh floor itself.
... for making the comment I was about to make. :)
Atomic Force Microscope.
http://en.wikipedia.org/wiki/Atomic_force_microscope
There are actually open source AFM projects, in this was the inspiration for part of Rebecca Ore's recent novel Time's Child.
Peer and Kate read, "Leopold Bloom wandered through Dublin."
It seems that the real problem this is supposedly tickling, that made Microsoft go gaga, is ... Internet Explorer and security zones and active content (oh my!).
Which has been the #1 security problem in Windows since 1997, and I'm still boggled that Microsoft didn't back out the whole concept by 3Q98 or so. It's like having a car that's got door and ignition locks that only work if there's someone sitting in the driver's seat.