a war on all fronts is a war on none

[dave <dave () immunitysec com>]

The following is a really good point, and one the Windows 2003 team 
fubared up.
-dave


http://blogs.msdn.com/michael_howard/archive/2004/06/27/167367.aspx

Perhaps this one will be a little less controversial than my previous post!

When I review threat models, I often target it on the mitigations, 
making sure they are good, solid and well thought out. One mitigation 
type that worries me is when a team mitigates a threat by asking the 
user/admin to make a trust decision. As a rule of thumb, this is not the 
best mitigation. Sometimes you must ask the user, I understand that, but 
fewer trust dialog boxes is often safer.

Case in point is IE in XPSP2 - have you noticed a number of dialog 
asking users to make security decisions have “gone away”? Rather the 
browser simply enforces a default security policy and tells you what it 
just did (in a bar above the HTML content.) For example blocking ActiveX 
controls, or blocking pop-ups and so on. If you want to change the 
policy then go ahead, but the default is not to prompt the user.

Net net: We've found that constantly asking users to make trust 
decisions is generally not a good thing. Invariably, people will see the 
dialog, and to them it'll read, “Do you want to get your job done” and 
they'll hit 'yes' with little or no regard for the consequences.

So now, we just enforce a default security policy.

Simple, really.



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave