Dailydave mailing list archives
a war on all fronts is a war on none
From: dave <dave () immunitysec com>
Date: Thu, 01 Jul 2004 16:52:48 -0400
The following is a really good point, and one the Windows 2003 team fubared up.
-dave http://blogs.msdn.com/michael_howard/archive/2004/06/27/167367.aspx Perhaps this one will be a little less controversial than my previous post!When I review threat models, I often target it on the mitigations, making sure they are good, solid and well thought out. One mitigation type that worries me is when a team mitigates a threat by asking the user/admin to make a trust decision. As a rule of thumb, this is not the best mitigation. Sometimes you must ask the user, I understand that, but fewer trust dialog boxes is often safer.
Case in point is IE in XPSP2 - have you noticed a number of dialog asking users to make security decisions have “gone away”? Rather the browser simply enforces a default security policy and tells you what it just did (in a bar above the HTML content.) For example blocking ActiveX controls, or blocking pop-ups and so on. If you want to change the policy then go ahead, but the default is not to prompt the user.
Net net: We've found that constantly asking users to make trust decisions is generally not a good thing. Invariably, people will see the dialog, and to them it'll read, “Do you want to get your job done” and they'll hit 'yes' with little or no regard for the consequences.
So now, we just enforce a default security policy. Simple, really. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- a war on all fronts is a war on none dave (Jul 01)
- Re: a war on all fronts is a war on none H D Moore (Jul 01)