The Web lives in a sandbox. An important one. It means that you can click around on links and “feel” safe (that is, until you go to a talk by Jeremiah Grossman).
On your desktop however, you have a binary situation. You either run some code that can do pretty much anything (ignoring file permissions and virtualization etc) or you don’t run that code.
One of the dialogs that I dislike is from OS X when you “download something from the Internet”:
I would love to see the stats that Apple may have on how people react to this. I can imagine a scenario where something has mistakenly been downloaded and run, but I would guess that 99% of the time a user goes through the following:
- Click on something to download an app
- Run the app, because I wanted to, hence me clicking on it
- I have no information here…. so I think I will just click yes!
Some will yell, “think of the children!” and that if this popup has stopped ONE virus or malware through, it is worth the pain for the other millions of up pops.
Surely we can do better. Of all of the features in the IE9 beta, one that may not shout out as you as much as fancy fast chess or goldfish bowls, is how they manage this situation.
In Dean’s whirlwind keynote presentation (very nicely produced!) he showed a feature where clicking on a particular .exe wouldn’t alert the user based on crowd data. Basically, if enough people have used foo.exe
and it is trusted, it can Just Get Through.
The virus scanning world is doing a lot of this on the backend. Places with scale can monitor the crowd and do a lot more than we have done now, and I can’t wait to see what comes of this.
We have talked about social permissions before. It will be great when I can see that Jeremiah Grossman is using a particular application for example ;) I look forward to a way out of app permissions hell.
September 17th, 2010 at 10:25 am
So if enough people have ran foovirus.exe it will have a free pass for everyone else, considering it’s not detectable by scanning? Sounds dangerous.
September 17th, 2010 at 11:06 am
I think the new security model is an interesting idea, but do you really trust other people to make security decisions for you? Those are the people that forwarded all these other trojans to you.
September 18th, 2010 at 12:26 am
@Jesus especially as virus writers will find a way to submit millions of “foovirus.exe is safe to open” messages to the crowd (or is it cloud ?)
September 18th, 2010 at 12:44 am
I think they are protecting a different threat vector. It is very easy to get someone to download something with the way browsers work. That thing gets indexed in spotlight. It might be named similarly to another program that you run often. This would in some cases get you to execute something that you shouldn’t without much trouble. For example, you could name it Mail or Safari and it would rank quite high in search. Just speculation but I am ok with it asking me. Collaboration doesn’t help this case because a fast spreading virus or malware by definition would have been installed by your friends and others.
September 18th, 2010 at 7:05 am
By the way, any idea how to disable that annoying OS X dialog?
September 18th, 2010 at 11:29 am
I designed something like this for Twitter apps awhile back:
http://www.flickr.com/photos/factoryjoe/3448360090/sizes/o/in/photostream/
September 20th, 2010 at 7:13 am
I think if there’s anything we learned from Vista, it’s that the pain of millions of popups should not be underestimated. And if you put too many unimportant popups out there, by the time an important one comes up the user will be desensitized into just clicking “Allow”.