::scr Internet Explorer - Danger in numbers?

[Simon Wistow]

On Fri, Feb 22, 2002 at 11:49:48AM +0000, Ash Argent-Katwala said:
> Another day, another exploit

Hmm, 12 days since this was posted. Doesn't time fly? Could have sworn i
only started this reply a couple of days ago.

I've been thinking about this (well, security and usability anyway) for
a bit. We have (at least) two IAs on the list. I'm probably going to get
bitch slapped because of this by both sides but hey ho ..

Microsoft's problem is not that they're bad programmers - au contraire -
they're among the best programmers in the business. So why do they keep
having horrific security problems? 

Ignoring buffer overflows that is (hey, Microsoft do), which are
auditable for and therefore just shouldn't be in their code anymore. 

The big problem, in my opinion, is that they put usability before
security. The Mac-heads here will be chuckling about Windows and it's
HCI problems (at which point I could just *cough* trash can to eject a
cd *cough* glare at them) but Microsoft do go to a fair bit of effort
into making things just work for the user and COM/OLE have been huge
strides towards a more document centric interface ... it's just that it
always seems to end up causing security holes.

Basically there's a paradox (schism? difference of opinions?) - to use
security effectively you must really understand it but part of using an
interface is that you shouldn't have to understand it - it should just
work.

This paper : 

"Why Johnny can't encrypt" http://www.cs.cmu.edu/~alma/johnny.pdf 

is really interesting on the subject. Essentially it talks about how
security is useless if it's not used properly and how a new conceptual
model is needed.

So, is useable (intuitive?)  *and* secure software an impossibility?



 

-- 
: fast, cheap and out of control