[cap-talk] Windows Vista: security by admonition
david.nospam.hopwood at blueyonder.co.uk
Sun Jun 4 23:33:31 EDT 2006
Toby Murray wrote:
> Hi cap-talk,
> Don't know if anyone's still following this one, but a new post on
> Vista's User Account Control is a little illuminating, if only for the
> insight it gives into the mindset of the guys who are working on this
> thing. It appears to me that they've decided that the internal structure
> of Windows makes some problems difficult to solve (such as being able to
> infer the amount of authority to attach to UI events) and that
> therefore, these problems have to be shifted back to the user to solve.
> Hence, these UAC dialogs.
My response, just picking up on one specific issue from that post:
# Stop using accessibility as an excuse for insecure design
# Sunday, June 04, 2006 11:19 PM by David Hopwood
# It's pretty silly to keep using accessibility as an excuse for not fixing
# the vulnerabilities due to malware sending keystrokes, reading the screen
# contents, etc.
# The vast majority of apps are not accessibility tools. So allowing all
# apps to send keystrokes, and continually bothering the user just in case
# a piece of malware did this, is a clear failure to observe least
# Instead, the apps that actually need to be able to send keystrokes, read
# the screen, etc. (accessibility tools, macro players, automated GUI testing
# tools, and screen grabbers) should be marked, so that only they can do
# those things.
[Providing these programs with a capability would be better than marking, but
I don't expect Windows to become a capability system.]
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk