Untrusted software and security click-through warnings
Alexander Sack
asac at jwsdot.com
Mon Oct 15 17:08:45 UTC 2007
On Mon, Oct 15, 2007 at 05:31:23PM +0100, Ian Jackson wrote:
> João Pinto writes ("Re: Untrusted software and security click-through warnings"):
> > 2 - fake software, or "companion" software
> ...
> > Case 2 can only be addressed by educating people on how to use the
> > internet on a safely manner, again, typing random commands from an
> > untrusted web site is a major security risk for any OS, and it is a
> > very common practice for Linux users in particular
>
> At the moment a user can unwittingly compromise their system just by
> clicking on one thing on a website and then saying `yes' a few times.
>
> What I'm suggesting is that if they want to do that they should be
> required to do something a little more complicated which is more
> likely to trigger an actual decisionmaking process. Like, for
> example, typing random commands they found on a webpage.
how about using a captcha-like mechanism to trigger this decisionmaking
process?
- Alexander
More information about the Ubuntu-devel-discuss
mailing list