Untrusted software and security click-through warnings

Alexander Sack asac at jwsdot.com
Mon Oct 15 17:08:45 UTC 2007


On Mon, Oct 15, 2007 at 05:31:23PM +0100, Ian Jackson wrote:
> João Pinto writes ("Re: Untrusted software and security click-through warnings"):
> >   2 - fake software, or "companion" software
> ...
> > Case 2 can only be addressed by educating people on how to use the
> > internet on a safely manner, again, typing random commands from an
> > untrusted web site is a major security risk for any OS, and it is a
> > very common practice for Linux users in particular
> 
> At the moment a user can unwittingly compromise their system just by
> clicking on one thing on a website and then saying `yes' a few times.
> 
> What I'm suggesting is that if they want to do that they should be
> required to do something a little more complicated which is more
> likely to trigger an actual decisionmaking process.  Like, for
> example, typing random commands they found on a webpage.

how about using a captcha-like mechanism to trigger this decisionmaking
process?

 - Alexander





More information about the Ubuntu-devel-discuss mailing list