All the Perl that's Practical to Extract and Report

Are You Sure You Want To Do That Which You Don't Understand?

pudge on 2005-05-09T23:33:38

Part of Apple's security paradigm is to ask the user before potentially dangerous actions are executed. This sounds nice, but it has a serious flaw: the users don't understand the questions or the proposed answers.

This cropped up recently when a user noted that Dashboard widgets can install and execute automatically from a web page. The question is asked: what about malicious widgets? Widgets can only execute certain actions -- like network access -- if they declare their intentions, and if they do, the user is asked something to the effect of, "Do you want to use this widget?" when it is run for the first time.

Me, if that window pops up when I haven't told the computer explicitly to install and run a widget, I'll say no. But most people won't. Most people don't understand what a widget is, why it might have been installed and run, and what might happen if they say yes, and what might happen if they say no.

Apple used the same "fix" for the running new applications for the first time when it is being run via a protocol handler or a file. "You've never run this application, are you sure you want to run it now?" Sure, why not?

The real fix there is to not ever launch an application for the first time -- ever -- unless explicitly run by a user action. That's not complicated. But Apple wants to be able to have applications, when they first appear on a new volume, registered with the system, register file and protocol handlers. But they shouldn't. That is the security problem itself.

Similarly, with Dashboard widgets, launching them in any way except through the Dashboard UI should simply be disallowed. You can install it by double-clicking, but not execute it. That would go a long way toward protecting ignorant users, which is most of them, probably including me and anyone else reading this, as there's a lot about these systems we don't know all that well.

Ignorant admins

mary.poppins on 2005-05-10T04:05:07

I think this is a specific case of the general trend in PCs: people want control over the machine, but are not interested in learning to do so competently.

My hero would be someone who comes up with a way to give people enough control to make them happy, while still making it hard for them to fall prey to malware. I don't think it's possible, though.

Re:Ignorant admins

cog on 2005-05-10T09:07:21

people want control over the machine [...] are not interested in learning to do so competently.

Even though that might be the case sometimes, I'm pretty sure many users out there are interested, but just don't have what it takes, which includes resources (somebody teaching them, perhaps), sufficient knowledge to support what they're about to learn, etc.

Actually, I don't even think some of them would understand the concept of having "control over the machine"... many of them think they already have it :-\

Design habit.

clintp on 2005-05-10T13:28:34

I know it's a design guideline for the Windows teams (long web page about this somewhere, can't find at the moment) that basically says: if the user won't understand the message and/or there's nothing they can do about it, there's no point in prompting them.

The discussion came out of the installer asking questions like "I've found a different version of FOO.DLL, would you like to replace it?". Grandma isn't going to understand that. Even someone with experience might not be sure how to answer that. (If I say yes, then I *might* break existing packages. If I say no, the package I'm installing surely won't work. WhatdoIdo?)

Around here, I'm all for little-or-no prompting just keep good records of what happened.

Training wheels don't help much

bluto on 2005-05-10T16:08:35

One of the problems with development of large programs/systems is that errors/conditions seem to get summarized, more and more, the closer they get to the user. This tends to remove most of the useful information for the knowledgable end-user. Even if the errors are annotated as they move up the call tree, there is a tendancy to only display one unified message to the user -- I'm assuming to avoid confusing them.

Just yesterday on my Mac, Norton AntiVirus said something meaningfull like "Virus updated failed". Great. If there was a "More Details" button I could at least have a chance of determining if there was a network problem, the server was down, a local disk problem, whatever. As it was I felt like a dumb user, which in this case I was, and was forced to try the usual braindead things like: quit/relaunch, try again, reboot.