Re: Security and the User experience

Why should we trust any one/group ?

Let's for the sake of it assume that funding and a "Who runs it" is a
non-issue - say the UN takes this up as they are want to find their
role in international network control/governance.

Then, the next thing is, how does it work?

I write an app, and it cannot run if it is not "blessed",
so how do I get it "blessed"?

I assume I must submit it for "blessing" and also must wait to
distribute/sell the new version until this has completed.

Now, as it is the UN, I guess we can assume perfect fairness, that
my competitors' new version will not be getting some "preferred
partner/supporter" treatment and have their submissions moved to
the head of the "blessing" line.

So we all just submit and wait, FIFO and fair = thumbs up/down
judgement in order of date submitted.

So, what is "blessing"?

Reading the source code?

I do not believe that would be accepted by all the players.
Even if it were, it needs to be the binary that is signed ("blessed") so
the submission is of code and directions to gen the binary? What, we
trust that the binary that gets signed is really from the code reviewed?

OK, so vendors are not likely to submit source code anyway, right?

So how is a binary submitted to be "blessed"?
Testing is the hardest part of software engineering even when one is part
of the development process.

So submissions are to be tested to see if they ??? or not.
What is that ??? list ?
What happens when the ??? list gets a new ? added to it?
Are prior blessing reviewed to see if they did ? and need to have their
blessing revoked?

Now, I am crafty so I write my binary to detect whether it is running on
a machine used in a pattern that fits my target "normal" home DSL user
or not, and so that my app waits 3 months before it exhibits any of the
??? behaviors if it believes from a 3 month sample that it is on a machine
of the type I do want to target.

Now, the pressure is on the testers - after all, it is fair and FIFO so
others
cannot get their "blessing" up or down until my submission has, so the wait
is not 3 months (and if it were then I would code to wait for 4 months).

My submission is a prefect little angel relative to the then current ???
tests
and gets signed ("blessed").

In the long short of it, I find it very difficult to see how there could be
an operational model under which we place trust in a singular/unified
guardian for this purpose. Whether the world in its current state could
delegate that trust is another issue, which I assumed away in this posting
that only probed the operational problems.

What you propose at a cause/effect analysis seems workable and
reasonable: if there were such a capability then there would be no
more problems. The rub to me seems to be in effecting the "if there
were" part of it.

Roger

"Rob R. Ainscough" <robains@xxxxxxxxxxx> wrote in message
news:OyEAtkMsGHA.4872@xxxxxxxxxxxxxxxxxxxxxxx
Roger,

Why should we trust Verisign, or Network Solutions or... personally I
think Microsoft should be placed square in the resource funding for
starting this (since they dominate). Yes, charge application developers a
yearly fee based on how much risk their application will impose. It
ultimately will become a profit center for them at so many levels. I'm
surprised companies like Apple have not already gone down this road since
they're consider a much more "end user friendly" PC -- it would be a huge
selling point for them to say "security is our business not yours"

Just go out in the street and ask a random group of people across various
communities and see if they even know what a firewall is let alone
outbound vs. inbound traffic. Trimming the firewall down or pumping it up
is still not a good "end user solution" -- completely hiding the firewall
is a good solution. Sure, we can continue on in bliss in our flat 1 in 5
market share, but who wants to?

Application authentication would solve many problems at many levels, even
for the little guy (trust me, I'm very much in a little guy company
working with very McDonald level users, many tens of thousands of them --
we get exposed to their OS frustration every day).

Rob.

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:edLQ%232FsGHA.4752@xxxxxxxxxxxxxxxxxxxxxxx
Thoughtful analysis and interesting proposal, but I doubt it would fly.

I watched as MS at the end of the beta for XP trimmed down the firewall
capability so that it allowed any outbound traffic. They received much
harsh
feedback for this, but basically said, amongst other things, that the
user
experience with other firewalls from "popup notices" etc. was not at all
good,
etc. and that they were avoiding that. A little time passed and we are
now
back over on the other side.

If there were a central authority such as you suggest, then who funds it,
how do I know that I should actually trust it, how much does it cost me
to verify to it that what I want registered should be registered, etc..??

Roger

"Rob R. Ainscough" <robains@xxxxxxxxxxx> wrote in message
news:OV2maQAsGHA.4004@xxxxxxxxxxxxxxxxxxxxxxx
The problem:

User installs an application that needs to communicate to SQL servers
and/or FTP servers and/or web services. Being a good user they have
some type of firewall and anti-virus software (most of the time it is
preconfigured so the user doesn't even know what they have). The
problem, whenever the user installs any applications (or even games)
they are either presented with a message saying "block/unblock" message
and sometimes even messages suggesting the application could be a virus.
So the user doesn't really understand this message at all and could pick
either option or just ignore the message entirely (and in many cases
with games, the message is hidden behind the full screen DX9 game so the
user is completley unaware until after then exit the game wondering why
it doesn't work. In some cases the firewall/anit-virus software will
not even provide a prompt and just block the application 24/7. As a
result the application may not work and/or the user can't play online
and you get one very frustrated user (either in a work environment or a
home environment). In fact, users get so frustrated that they stop
using their PC and move on to other things in life.

Microsoft do seem to be aware of this user experience problem after my
initial look at Beta 2 of Vista and how it grays out everything except
the program needing communication. Unfortunately, this is still "in the
way" for your average user and I don't believe this will help increase
the PC base of users. We've been hovering at 1 in 5 people having
computers for a long time now so there is obviously a large "market
share" to tap into.

I have a possible solution:

Any application that will be released on a public level should register
itself with an authority. The OS will then query the authority whenever
any application is installed, if the application has been validated by
the authority installation, then communications will be permitted for
that application. This process could become automated (similiar to how
SSL certifications are aquired) at trusted companies/sites. What this
does is provide user confidence and at the same time insulates them from
having to deal with security.

I think Microsoft really need to smell the coffee here, because their
path of "that's just the way it is" does nothing for anyone involved in
the business of PC's and software development. What I'm seeing in Vista
is better, but doesn't go far enough to insulate the user from security.
In fact, in Microsoft's own book(s) on security, they clearly identify
that security should NOT be in the way. I for one would like to see
even a modest increase in market share from 1 in 5 people to 2 in 5
people (that's effectively doubling market share) -- this is good for
everyone. What Microsoft are failing to do is accept the reality of
their situation (you can't tell the user it's their job to ensure their
secure, they will just simply say no it isn't and stop using the PC --
not up for debate period), sure it will require more work, more money,
and new "entities" to manage my proposed solution but the long term
benefits will easily pay off and since we already have entities that do
very similar functionality (Verisign, Networksolutions, etc. etc.).

What do you think?

Rob.







.

Relevant Pages

  • Re: win xp firewall
    ... Trust me a friend of mine and I tested it. ... Closing popup after popup would, IMO, qualify since ... I also never referred to it in particular as a 'security ... > The firewall is not ment to block services that are already on. ...
    (comp.security.firewalls)
  • Re: Security and the User experience
    ... Why should we trust Verisign, ... Microsoft should be placed square in the resource funding for starting this ... Trimming the firewall down or pumping it up is still ... having to deal with security. ...
    (microsoft.public.security)
  • Re: win xp firewall
    ... Trust me a friend of mine and I tested it. ... Closing popup after popup would, IMO, qualify since ... I also never referred to it in particular as a 'security ... > trust the XP firewall... ...
    (comp.security.firewalls)
  • Re: Windows Server 2003 domain trust issue
    ... That was tracked down to the Watchguard firewall at the remote ... DNS functioning (I should say that the odd thing is that there was already ... checking the status of the listed ports. ... Depending on how much you REALLY trust the other people, ...
    (microsoft.public.windows.server.dns)
  • Re: Is additional firewall necessary?
    ... deactivate any desktop firewall, but by not using such a firewall ... NOT use a feature or to NOT trust some random stranger. ... When it comes to deciding the level of security to be taken, ...
    (comp.security.misc)