re: Is this really a vulnerability or just hype? Results of my tests, check the facts.
Sunday, June 7, 2009 at 8:26 am
Windows Vista Annoyances Discussion Forum
Posted by lbecque
(8 messages posted)
I agree with you Daniel that this is still a threat to the clueless who click yes
to everything. But no OS, security package, firewall or anti-virus is going to make
things completely safe for people who ignore these warnings and don't know what they
are doing. Ignorance aside, if the option to prompt you is turned on with this FF
extension then it is no worse than the many other ways in Windows that you can click
on something and it warns you that you are about to run an application or do something
that affects the security of your PC.
The fault that I see is that MS installed this extension with the prompt option turned
off, which is easily changed but many people won't know to do this. Also, IE has
the same problem and I don't see a way to correct this.
On Sunday, June 7, 2009 at 6:13 am, Daniel Weinreb wrote:
>Even if it asks the user first (which, as you point out, is NOT the default), it's
>still a security vulnerability in practice. Consider how this works for an ordinary
>person (my Dad). He is offered a useful service, if he clicks on some link. So
>he clicks. A message comes up saying "blah, blah, incomprehensible techie stuff,
>blah, blah: do you want to get the nice service that you asked for, or do you want
>to not get it?" Of course, he answers yes.
>
>(Same for the messages that Firefox pops up when there is a PKI problem such as
an
>expired certificate, or a totally bogus certificate, or no certificate, at a server.)
|
All messages in this thread [show all]
 |  |  | re: Is this really a vulnerability or just hype? Results of my tests, check the facts. (lbecque: Sun, Jun 7, 2009, 8:26 am) |
| |
| |
| |
Return to the Windows Vista Discussion Forum
|
|
