Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows Security Through Annoyances?

timothy posted more than 11 years ago | from the must-have-started-as-a-joke dept.

Windows 401

techmuse writes "According to News.com, Microsoft's next version of Windows will let you know that you are looking at (supposedly) secure data by putting personalized text, such as the names of your dogs (a null list in my case), in window borders, and will also hide the data unless the window has no others on top of it. That should make it very usable, and speed adoption of security features -- especially among people who need to be able to see the data in two partially overlapping windows at once."

cancel ×

401 comments

Sorry! There are no comments related to the filter you selected.

FIRST DUMP (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5915131)

Don't be a turkey

Click here [bumperdumper.com] and get your Bumperdumper today!

Re:FIRST DUMP (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5915145)

ps, i love you timothy

Installing windows securly (instructions) (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5915150)

Works every time...

Welcome to Microsoft's Windows 3.11 Install step by step (Text Only). This will give you an idea on how to do this when and if the time arises for you to either reinstall the operating system, install for the first time or upgrade your present operating system.

Well for this I will show you the install for Microsoft Windows 3.1. Now follow the following steps.

1. Install MSDOS first using the 3 install disks.
2. Once this is done boot up using hard drive.
3. Now go to the A: prompt by typing A: and hitting enter
4. Now type Setup

The "Welcome to Setup" screen will now appear. Hit enter to continue.
You will now be prompted for custom or express setup. Just hit enter for Express
Windows will start copying files to the hard drive, let this continue.
You will then be prompted for disk 2, insert disk 2 and hit enter to continue.
Windows will continue to copy files.
Then the screen looking for "Name" and "Company" will appear and the mouse will become active. Fill in your name and company, click on continue when finished.
You will then be asked to verify the information, click on continue
If using a boot disk to install you will get message about copying system files, click cancel to continue.
Now you will be prompted for Disk 3. Insert before clicking on "Continue"

Windows will continue to copy files..

Now you will be prompted for Disk 4. Insert before clicking on "Continue"

Windows will continue copying files to the hard drive, let this continue.

Now you will be prompted for Disk 5. Insert before clicking on "Continue"

Windows will continue copying files to the hard drive, let this continue.

Now you will be prompted for Disk 6. Insert before clicking on "Continue"

Windows will continue copying files to the hard drive, let this continue.

You will get the a warning about config.sys and autoexec.bat changes, click ok to continue.

And now you have an option to install your printer. Use no printer attached (you may install a printer from windows itself) and click "Install".

Windows install is finished. You may now watch the tutorial on using windows and a mouse or you can skip it. Select as needed

And that is it all finished. Return to dos and reboot the computer to access windows 3.1

Re:Installing windows securly (instructions) (0)

Anonymous Coward | more than 11 years ago | (#5915254)

I agree. Following those instructions would result in a lot of annoyances, such as: 1. A closed source operating system 2. Not even being able to run most MS-only software even though your entire computer is being used up by Microsoft. 3. Annoying command prompt 4. Inability to use most open source software 5. Difficult to impossible to connect to the internet. 6. Crashes more than even other windows versions. Reasons to do this: 1. Even more secure that Linux - ZERO REMOTE SECURITY HOLES! 2. Bragging rights 3. During a cable internet installation, give the installer a choice between Linux and Windows 3.1.

second (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5915151)

second

FAIL FAIL FAIL (0)

Anonymous Coward | more than 11 years ago | (#5915297)

FAIL FAIL FAIL

please, be aware, you suck.

Iam sure Anderson will thank MS (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5915155)

when they are destroying the next Enron's digital DRM documents cos they got busted by the fed's

You know what? (-1, Offtopic)

utdpenguin (413984) | more than 11 years ago | (#5915157)

Will all these supposed subscribers seeing these stories early, you'ld think we coudl get some decent first posts instead of the garbage above. Sheesh.

I jsut got to positive karma again,b ut somehow, it doesnt feel right. Mod away.

I'll give you the skinny on FP (0)

Anonymous Coward | more than 11 years ago | (#5915375)

We subscribers get to see the article early, true, but we have to wait like everyone else to post. That means refreshing Slashdot every couple of seconds. That isn't fun.

There are other options in finding out when you can get a FP, but I won't go into them. You see, no one can be told how to troll - you have to learn the art of trolling yourself.

Re:I'll give you the skinny on FP (1)

utdpenguin (413984) | more than 11 years ago | (#5915399)

I realize that subscribers might nto be able to guarantee a first port. but they could make their first post ATTEMPTS better. For instance, they could include something that is actualy creative. Or semi-ontopic even when trolling. My beef here is wiht the QUALITY of fps. What I wouldnt give to jsut ONCE see a witty attempt. I woulda thought the extra viewing time allowed subscribers would have helped to facilitate this by allowing them to THINK instead of firing off the usual thoughtless reaction.

What next? (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5915160)

What will they do next? I really don't want them to be putting information anywhere, even if it is on my machine. I don't know about all you others out there, but I give MS VERY few personal details. I don't want it to end up like this. [myftp.org]

So...... (4, Insightful)

PS-SCUD (601089) | more than 11 years ago | (#5915162)

How is that more secure than the little combination lock icon?

Re:So...... (5, Informative)

seinman (463076) | more than 11 years ago | (#5915193)

Because any website can pop up a fake window with a little GIF of a lock in the corner. But those dog names will be stored somewhere secure, that they can't access, so you know if you see them that your own computer is generating that data. Makes sense, although it'll be hard to explain and teach to the vast majority of computer users.

Re:So...... (5, Insightful)

molo (94384) | more than 11 years ago | (#5915259)

Maybe MS shouldn't let remote web pages control how my windows look. I *want* the status, button, and menu bars. Allowing remote pages to remove them is a bug IMO. Mozilla, yum.

Re:So...... (4, Insightful)

Psx29 (538840) | more than 11 years ago | (#5915298)

What about public computer terminals though?

Re:So...... (0)

Anonymous Coward | more than 11 years ago | (#5915309)

But those dog names will be stored somewhere secure, that they can't access, so you know if you see them that your own computer is generating that data.

Yes, but how many people have a dog called "dog" or "spot"? It's like talking to the dead or guessing passwords... you just pick the most common.

Re:So...... (5, Interesting)

RoLi (141856) | more than 11 years ago | (#5915310)

Because any website can pop up a fake window with a little GIF of a lock in the corner.

How can a website possibly fake the lock-icon which happens to be on the toolbar?

But those dog names will be stored somewhere secure, that they can't access, so you know if you see them that your own computer is generating that data.

Actually I think it's either a desperate try to distract users from real security problems (like the millions of servers that get infected each year despite MS being only a minor player on SQL and webservers, or the even more desktops...) or it's a clever plan to complete the big database in Redmond with the last thing they don't know about you yet: The names of your dogs.

So far, I haven't heard about any "websites faking lock icons and doing nasty stuff", but even though Apache is a much larger target, all big worms hit IIS.

I think somebody at Redmond still treats security as a 100% pure PR-problem. Just do anything about security, no matter how stupid the idea is, as long as it's from Microsoft, there will always be simple minds that will say:

Makes sense

Mod parent up: +1 funny please.

Re:So...... (5, Informative)

Scaebor (587064) | more than 11 years ago | (#5915372)

How can a website possibly fake the lock-icon which happens to be on the toolbar?

Due to the special "features" of IE, it is possible to eliminate the status bar (not task bar) where the lock icon usually resides. By then creating a page using frames it would then be possible to replicate the look of the status bar without much trouble at all, even including the text of the page loading sequence using something so simple as an animated gif.

Re:So...... (2, Insightful)

lightspawn (155347) | more than 11 years ago | (#5915327)

Because any website can pop up a fake window with a little GIF of a lock in the corner

Why not just prevent them from doing that, then?

Hey, I've got a wacky idea (2, Insightful)

the_skywise (189793) | more than 11 years ago | (#5915371)

Why not secure the interface so hackers CAN'T pop up a new window outside the client window area!!

Oh wait, that would deprive MS of ad revenue...

No no, much easier to put up a purty border of your kids middle hyphenated names because malicious hackers would never figure out where that configuration information is stored (regedit).

"Honey, why does Thomas-Clark's name keep appearing in the border of my window underneath this ad for a web cam?"

Re:So...... (2, Insightful)

spectral (158121) | more than 11 years ago | (#5915210)

Probably because it's personalized, it's harder to spoof the window. Password boxes using data that only the OS knows and personalized for that computer are better. At least, if all dialog boxes looked one way, then up came a popup that looked compeltely different, it's pretty damned obvious it's a fake, and you don't want to put sensitive stuff in it.

Re:So...... (0)

Anonymous Coward | more than 11 years ago | (#5915296)

Which is why I like running themes, even in windows xp. I can usually figure out the fakes at first sight (they always fuck up some detail. I dunno why they don't just make a real dialog and screen shot it, then NOT jpg it), but sometimes it's nicer to know inherently that it's wrong. Being in linux makes this easy. When I'm in Mac OS X, it's easy.

In XP? Yep, easy. 2k is a bit more difficult, but then not too bad: different color scheme. :)

Re:So...... (1, Interesting)

Anonymous Coward | more than 11 years ago | (#5915301)

That little lock in the coner is just that, little. Most people miss it unless they are specifically looking for it. If I understand this correctly, you can customize the look of the window that has secure text to your liking. Ie: perhaps it has a different font, or everything is in red, of perhaps there could be a watermark on the window that says: No Peeking! These would be harder to spoof, becuase presumably the attacker doesn't know that you like to use the phrase: No Peeking! on your confidential documents.

Yet another Windows article this week (-1, Troll)

Overly Critical Guy (663429) | more than 11 years ago | (#5915380)

Gee. Yet another Windows article intended as flamebait for anti-Microsoft Slashbots. Not only that, but notice how editorializing the headline is.

Is there a clear FUD campaign that has suddenly been initiated against Longhorn?

Re:So...... (0)

motorhead (82353) | more than 11 years ago | (#5915396)

Who asked for any of this crap?

Prevent attacks? (5, Funny)

Anonymous Coward | more than 11 years ago | (#5915164)

Information on secured windows will vanish if another window is placed on top of it or shifted to the background. Erasing the information will prevent certain types of attacks and remind people that they're dealing with confidential material, Biddle said

What kinds of attacks would those be? The over the shoulder snoop sort?

Re:Prevent attacks? (5, Funny)

sTavvy (669239) | more than 11 years ago | (#5915258)

good if your looking at p0rn at work, and the boss walks past though!

Re:Prevent attacks? (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5915359)

Come on, people. How many times do you have to be told?!

your != you're

Get it right, you imbicile! You sound like a moron, subject matter notwithstanding.

Re:Prevent attacks? (2, Funny)

Anonymous Coward | more than 11 years ago | (#5915415)

It's "imbecile", you asshat.

Re:Prevent attacks? (4, Informative)

SClitheroe (132403) | more than 11 years ago | (#5915314)

Over the shoulder snooping is certainly one way. A greater concern is an app that takes a screen capture of your desktop or the contents of certain windows, and sends it off to another machine.

I wonder how MS will handle cutting and pasting information between secure and insecure windows? Or even between secure windows, for that matter?

Why redefine a working metaphore? (3, Interesting)

Masem (1171) | more than 11 years ago | (#5915167)

Instead of adding new and experimental UI features, why not use a feature found on nearly every OS and that most end users will recognize - in this case, the lock symbol that indicates whether you're on a secure site or not. Obviously such a symbol would need to be something sufficiently different, but this is a well established (despite being lacking any standard specification) UI element that would require nearly no new training by the end user.

Re:Why redefine a working metaphore? (2, Interesting)

gfoulk (648347) | more than 11 years ago | (#5915257)

Because a window, most likely a web popup wanting you to click "install", would incorporate the standard security graphic to make it look like a trusted security patch, or whatever. Sure, probably everyone here would see through the ploy, but your average Windows user may not.

Re:Why redefine a working metaphore? (2, Insightful)

alefbet (518838) | more than 11 years ago | (#5915269)

Instead of adding new and experimental UI features, why not use a feature found on nearly every OS and that most end users will recognize - in this case, the lock symbol that indicates whether you're on a secure site or not. Obviously such a symbol would need to be something sufficiently different, but this is a well established (despite being lacking any standard specification) UI element that would require nearly no new training by the end user.
The point of this new UI element is that it needs to be difficult to spoof. If your machine is compromized in some way (via a trojan, perhaps) and an untrusted process attempts to masquerade as a trusted dialog, it can probably be convincing if the user interface element is the same on all or many machines. A lock icon would be easily spoofable. But if the appearance is visibly different on every machine and only applications with a certain type/level of trust can discover this appearance, then users can be more sure windows aren't masquerading.

A lot of things about the technology formerly known as Palladium scare me, but if it could be implemented in an open architecture where the machine owner has the keys, I think good things could happen.

Just my $0.02.

Re:Why redefine a working metaphore? (-1, Redundant)

njyoder (164804) | more than 11 years ago | (#5915294)

why not use a feature found on nearly every OS and that most end users will recognize - in this case, the lock symbol that indicates whether you're on a secure site or not.

Probably because a lock symbol would be totally useless. Any fake window can easily draw a lock symbol, thus defeating the mechanism.

Re:Why redefine a working metaphore? (2, Funny)

Kursh Run (604344) | more than 11 years ago | (#5915357)

Well first off, the tiny lock symbol at the bottom of the screen is a great idea in theory-- but like the need-oil-indicator in your car some people just don't notice it. Now, if you walked out to your car one morning to find it has changed colors and the dash said "please give me oil boss" then we would probably see less stranded blonde soccer moms mini vans on the side of the road. This is a good thing, personally I think it's cool-- it will just depend on its implementation. Hopefully it will not become skinnable, the last thing we need is skinned SKIN-YOUR-SECURE-WINDOW!! ! pop up advertisements.

its called... (1, Funny)

josepha48 (13953) | more than 11 years ago | (#5915170)

...security through stupidity...

Why does this sound like an april fools joke....

Now if this isn't a "form" story what is... (4, Funny)

L0stb0Y (108220) | more than 11 years ago | (#5915171)

New Madlibs for Slashdot! Now you too can create Slashdot Stories with these fun, GNU Madlibs!

For example:

Windows ____________ through Annoyances~

or

It's a great new __________ but can it run _______?

And the all time favorite, In _______ the ________ ___________s onto you!

Re:Now if this isn't a "form" story what is... (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5915197)

It's a great new dildo but can it run up your asshole?

Re:Now if this isn't a "form" story what is... (0)

Anonymous Coward | more than 11 years ago | (#5915241)

Windows reliability through annoyances

It's a great new idea but can it run linux?

In Soviet Russia, the secured windows are placed onto you!

Re:Now if this isn't a "form" story what is... (1)

Luigi30 (656867) | more than 11 years ago | (#5915270)

Can I try? Windows sucks through Annoyances! It's a great new Linux but can it run X? In Soviet Russia, the hackers logs onto you! I'm so bored.

One problem solved (3, Insightful)

El Cubano (631386) | more than 11 years ago | (#5915173)

From the article:

Graphics cards are a security problem, because they contain their own pool of memory.

MS could just drop support for all video cards that have their own memory in favor of ones with integrated or shared memory (a la i810 family). Then the OS can have direct control over every aspect of the cards memory because it actually resides in main memory.

Re:One problem solved (0, Troll)

PS-SCUD (601089) | more than 11 years ago | (#5915189)

Yes.........and make windows as good for gaming as Linux.

Re:One problem solved (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5915223)

OH BOY!! Fabulous point! Linux has tuxracer! yay!

Re:One problem solved (5, Funny)

spectral (158121) | more than 11 years ago | (#5915243)

Humans are a security problem, because they contain their own pool of memory too. Let's get rid of them. Deleting a person's memory is easier than the video card's too: One click of the trigger is all it takes. Just Point and Click.

I'd have no clue how to wipe out my video card's memory. (No, shutting off the computer won't do it. I've seen plenty that when they turn back on, the last screen visible is there for a split second.)

Re:One problem solved (0)

Anonymous Coward | more than 11 years ago | (#5915245)

Mmm. Interesting thought. While they're at it they could also drop all support of USB storage devices (they can be used to transmit evil MP3's and "secret data"), all monitors (after all, the graphics card is only a security problem because it displays "secret data" on the monitor) and all keyboards (keyboards are only used by hackers anyway, everything should be done with a 104-button mouse).

Re:One problem solved (3, Informative)

spectral (158121) | more than 11 years ago | (#5915280)

The problem is that the memory in graphics cards aren't wrapped in to the security model. Therefore, anything with access to reading some memory from the video card (not too uncommon I'd imagine), can go and grab everything. Including the current screen contents.

Video cards therefore need to be modified to be secure and support access control on their memory, the way the CPU's privileged mode (and whatever hardware they're going to tack on to make palladium work 'better') allows the OS to control what can access certain parts of main memory.

USB: Handled by the OS. Easy to deal with. Monitors: would require hardware tapping, much harder to do (Especially remotely). Keyboards: Again, MOSTLY handled by the OS. (Windows passes most every key combination through hooks, except ctrl+alt+del. They'll probably change this so that if a secure window is on top, no hooks grab the data.)

Etc. etc. I don't argue that it's a bad idea (that there needs to be changes to the video card hardware to support this properly), it's just very poorly worded in the article.

I wonder if maybe the 3d support being used helps this? If you define everything as a texture, then you only need to secure certain textures (the secure ones), not the entire screen. Therefore things running unmanaged still work just fine. 2d accelerated blits might also do the trick, but probably not as well. (Do the 2d accel blits have a concept afterwards of what a window is, and therefore to hide a certain one? Probably not..)

Re:One problem solved (4, Insightful)

cyberformer (257332) | more than 11 years ago | (#5915264)

This just about says it all. A security problem for whom?

Ask any computer user, from a home web surfer to an IT manager, what they consider to be the worst security threats. My guess is they would list things like MS Outlook viruses, buffer overflows, ActiveX controls, spam and Gator. Would anyone but the MPAA mention graphics cards?

Re:One problem solved (1)

JWSmythe (446288) | more than 11 years ago | (#5915366)

I don't quite understand this one. I can't say that I've ever heard of a virus or anything resembling a security issue that used video memory to pull off anything..

Only a few things, like BO and the viruses/worms that installed VNC, did much of anything with reading the video, but at that point, they were well past getting control of the system.

It sounds like M$ is trying to push a bunch of video hardware manufacturers out of the business too.. Not nice...

How will this help? (4, Insightful)

toasted_calamari (670180) | more than 11 years ago | (#5915175)

Seems to me that putting a fancy border on the window doesn't make it impossible to spoof. the contents of the border are stored in a file somewhere, and presumably the file can be read. if the file can be read, its contents can be outputted into an insecure window. Of course, I am probably wrong...

On the other hand, I dont think this will be as annoying as the story submitter claims.

Re:How will this help? (3, Informative)

Chester K (145560) | more than 11 years ago | (#5915362)

the contents of the border are stored in a file somewhere, and presumably the file can be read.

Under NGSCB, you won't necessarily have access to certain files on your system -- therein lies the security; it basically uses the data in that secure file as proof that "hey, if the OS lets me show you this, then I'm trustworthy!"

Please select. (0)

Anonymous Coward | more than 11 years ago | (#5915177)

Are you sure you want to look at secure data?

yes cansel

Re:Please select. (0)

Anonymous Coward | more than 11 years ago | (#5915252)

Are you sure you know how to spell correctly? English spelling is very irregular.

Yes Hansel Getal

Re:Please select. (0)

Anonymous Coward | more than 11 years ago | (#5915406)

I ploblably need some lessons...

How does Microsoft know my dogs' names? (5, Funny)

JoshuaDFranklin (147726) | more than 11 years ago | (#5915192)

So to use this new super-secure Windows I'll have to type in huge lists of information that is boring to me?

Re:How does Microsoft know my dogs' names? (4, Funny)

dr_dank (472072) | more than 11 years ago | (#5915333)

No need to worry. A backend to the Total Information Awareness database ought to fill in the blanks for you.

Re:How does Microsoft know my dogs' names? (4, Insightful)

cosyne (324176) | more than 11 years ago | (#5915349)

All your pets' names are belong to Microsoft?

Seriously, given the number of people who use a pet's name for a password, displaying a list of them on the screen seems like a huge security risk.

a half good idea... (3, Insightful)

cubal (601223) | more than 11 years ago | (#5915194)

the window borders thing isn't a bad idea, but as for making content disappear in the background... "hullooo, earth to microsoft"

Is this type of attack really that prevalent (4, Interesting)

Dajur (168872) | more than 11 years ago | (#5915196)

The article makes it sound like this is to prevent those web pages that make themselves full screen and look just like a desktop, but honestly how often is this tactic even used?

Re:Is this type of attack really that prevalent (4, Insightful)

seinman (463076) | more than 11 years ago | (#5915231)

Not much now, because people aren't expecting everything to be so secure. In the future, when it's expected that what you're looking at is secure, attacks like this could be come more widespread.

Re:Is this type of attack really that prevalent (2, Interesting)

Bendy Chief (633679) | more than 11 years ago | (#5915276)

Hopefully, in the future, people will be using browsers with halfway decent restraints for Javascript and other scripting languages.

I use Opera and Firebird and neither would ever let this sort of stupid attack fly. In fact, in Firebird, you can specifically disable some forms of window-resizing/moving script.

Re:Is this type of attack really that prevalent (1)

seinman (463076) | more than 11 years ago | (#5915291)

I use Opera too, and agree that more needs to be done than having your pet's names displayed in secure windows. Don't forget that the vast majority of computer users are idiots, and since Microsoft software is on the vast majority of computers, they have to write their programs to work for the lowest common denominator.

Re:Is this type of attack really that prevalent (1)

Bendy Chief (633679) | more than 11 years ago | (#5915337)

I don't mean this to a bash at Apple, in fact, I consider it a compliment, but anyway, Apple seems to have managed to put together software systems that work fine for the lowest common denominator and don't resort to Stupid Pet Tricks.

By and large Apple's choices aren't really all that innovative, just common-sense smart. Why can't others do the same?

Re:Is this type of attack really that prevalent (1)

Phroggy (441) | more than 11 years ago | (#5915358)

By and large Apple's choices aren't really all that innovative, just common-sense smart. Why can't others do the same?

"Common sense" isn't.

Re:Is this type of attack really that prevalent (1)

El Cubano (631386) | more than 11 years ago | (#5915321)

The article makes it sound like this is to prevent those web pages that make themselves full screen and look just like a desktop, but honestly how often is this tactic even used?

I don't know how often it is (or could be) used, but vnc-java is capable of exactly that. I can't imagine it would be too difficult to trick someone into clicking a link (on their java-enabled browser that allows the page to modify the status bar so you cannot see where the URL leads). If some one has the default windows desktop icons and settings (like most people) it could be very effective.

Re:Is this type of attack really that prevalent (1)

Chester K (145560) | more than 11 years ago | (#5915384)

The article makes it sound like this is to prevent those web pages that make themselves full screen and look just like a desktop, but honestly how often is this tactic even used?

When it comes to security, you should account for all the possibilities for circumventing it, not just the most common ones.

Though I have to wonder about the way they're going about doing all this. Windows already has a whole security infrastructure around the concept of desktops as securable objects, why not just use the existing Trusted Path keystroke (Ctrl-Alt-Del) to offer an option to switch to a "secure" desktop where only secure applications can be run?

Vanishing Windows (5, Funny)

TubeSteak (669689) | more than 11 years ago | (#5915203)

"Information on secured windows will vanish if another window is placed on top of it or shifted to the background. Erasing the information will prevent certain types of attacks and remind people that they're dealing with confidential material, Biddle said."
Microsoft is finally doing the /. crowd a favor. No more rushing to minimize a window when your boss walks by. Just make slashdot a 'secured' page and Alt-Tab anything else over top it. *POOF* it appears like you've been working all along!

bad summary (1, Funny)

Anonymous Coward | more than 11 years ago | (#5915207)

What's with article summary's on here lately? This one was so bad I actually had to read the article to find out what the hell he was talking about.

It's all so simple (1)

SpiffyMarc (590301) | more than 11 years ago | (#5915224)

The editors finally got tired of all the RTFA comments...

New Microsoft technology (0)

Anonymous Coward | more than 11 years ago | (#5915235)

Summaries through obscurity.

Secure data? (3, Funny)

Lu Xun (615093) | more than 11 years ago | (#5915208)

Is that 'Microsoft' secure or 'secure' secure?

Besides, I've always found that the little lock in the Mozilla window works fine.

It Could Be Worse (4, Interesting)

swdunlop (103066) | more than 11 years ago | (#5915219)

Anyone else remember B2 operating environments, and some of the silliness involving assigning dedicated colors to the borders of windows to announce the sensitivity level of the data contained within?

I can't wait for Microsoft to rediscover that feature.. B2 systems were great from an engineering point of view, but as far as usability went, it was so much complexity that users tended to try to defeat the security measures placed on them.

Wow this is...So...Great....? (3, Insightful)

Azureflare (645778) | more than 11 years ago | (#5915221)

What the...What does this mean? Secure data will have different looking windows? Shouldn't they be concentrating on other things, such as actual security vulnerabilities? Seems like they're trying to say "look we're paying attention to security!" without actually doing anything that is effective...

All I know is, I'm not buying Longhorn; I don't need MS holding my hand wherever I go. This seems like just another "feature" where something can go wrong...

A Trusted Path IS Great (3, Interesting)

njyoder (164804) | more than 11 years ago | (#5915398)

This IS a great thing, it's called a trusted path. This is a security concept that's been around for a long time, but isn't widely implemented. You may be familiar with another trusted path mechanism in windows, the log in screen. It requires you to hit CTRL-ALT-DELETE to login, this is done to prevent fake login programs from fooling users.

Shouldn't they be concentrating on other things, such as actual security vulnerabilities? Seems like they're trying to say "look we're paying attention to security!" without actually doing anything that is effective...

Trusted path mechanisms are a requirement to get the NSA B2 certification for an OS (see urls below), and it most definently is an effective security measure. This may not be terribly relevant to your average user, but to someone dealing with highly confidential information on a computer it is. This feature prevents a) fake windows/programs from giving out false information under the guise of a trusted program, b) fake windows/programs from getting a user to enter sensitive data by posing as a legitimate form for sensitive data entry.

http://www.radium.ncsc.mil/tpep/epl/epl-by-class.h tml [ncsc.mil]
http://www.astrolox.com/libraryc/orange.html [astrolox.com]

I'll tell you why it's great... (3, Insightful)

lpret (570480) | more than 11 years ago | (#5915417)

9 times out of 10 the only way to get information or whatnot is through social engineering. Kevin Mitnick is a prime example. For all of his uber-tech prowess, he still relies on fooling people into giving him access/information. Even his technical work has social aspects that are key to the success of the crack.

Furthermore, I think that this could turn out to help security much more than some obscure feature. It is this low-level, "no shit sherlock" kind of basic security that is much more needed.

Not so secure (2, Interesting)

Rosco P. Coltrane (209368) | more than 11 years ago | (#5915228)

The border of a secured page may contain information--such as the names of all the dogs that someone has ever owned

Hmm, okay, so let's say I make a Microsoft-ish spoof page with a border that has "king", "snoopy" or "brutus" all around, and half the visitors will recognise their page with their unique pooch's name on it, and will give me their credit card number in total confidence. Hmmm ....

Sounds like a crappy idea actually.

They should use audio (4, Funny)

Anonymous Coward | more than 11 years ago | (#5915232)

They should constantly play the red alert sound from star trek at full volume whenever the secure window has focus.

A Page from Lucas (1)

Shadow Wrought (586631) | more than 11 years ago | (#5915234)

I also heard that, borrowing from George Lucas' anti-photocopying technique, windows will employ the famous red font on red background method of making your secure information safe.

They will also happily let you know which information they think you ought to keep secure I'm sure;-)

One thing seems "obvious" to me... (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5915244)

It's obvious the Microsoft are getting more and more fucked every day. The Redmond reality distortion field is getting stronger.

The Ultimate Security (5, Funny)

SpiffyMarc (590301) | more than 11 years ago | (#5915248)

Sure, it's all well and good to display sensitive information with a special border, but what if someone writes down what they see and then leaves it just lying around? Where's your special borders then?

The solution is obvious: don't display the data at all!

Re:The Ultimate Security (1)

kLaNk (82409) | more than 11 years ago | (#5915373)

WTF? You got modded as "interesting"?

Security always competes with convenience. Imagine how convenient the world would be if we didn't have to worry about security. Everybody would have your credit card information, your shipping information, all of your personal information. You never again would have to fill out any kind of stupid form. That would rock! The world would be so CONVIENT!! (Convenient with a complete lack of security that is). It seems to me like you are saying the complete opposite.

Yeah, true, they would have excellent security when they showed you your bank balance. But wait, never mind, your bank balance wouldn't show up at all. It would be sent to your computer, saved in RAM and then....nothing. Oh so secure. Brilliant! Somebody run out and get a patent! Oh wait, pop-ups already are patented...

I do this already! (5, Funny)

glwtta (532858) | more than 11 years ago | (#5915250)

Information on secured windows will vanish if another window is placed on top

I've discovered this feature of windowed GUIs a long time ago - you cake take virtually any window, place it over your current window and POOF! the data vanishes, completely obsucred by the new window on top of it. Isn't it neat?

Re:I do this already! (1)

Phroggy (441) | more than 11 years ago | (#5915374)

Actually in Mac OS X I find it rather convenient to be able to see what's behind my semi-transparent terminal windows.

But what does "Security" mean? (4, Insightful)

subreality (157447) | more than 11 years ago | (#5915253)

While I agree that security should be easy, you can only dumb it down so much. If the entire knowledge that the user has is that a window is "secure", they are only getting a warm fuzzy feeling, not real security.

For real security, you need to know WHAT has been secured. Examples include:

Data was encrypted in transit.
Data is authenticated to come from XXX source, according to YYY certificate authority.
This window is protected from being viewed by PCAnywhere.
This data has DRM, and is protected from being copied to another computer.

Unless you tell the user WHAT the security is, they will make poor decisions about what to do with the data. Putting the name of their dog on the window doesn't provide that information.

CRT Monitors (1)

DJ Rubbie (621940) | more than 11 years ago | (#5915262)

I read somewhere that a device could be built to read CRT screens through walls by picking up stray electrons or electromagnetic waves generated by it. I doubt anyone can secure that other than changing the LCD screen to a more 'secure' format.

Wait, does this count as a 'Snooping-over-back attack'?

Re:CRT Monitors (1)

DJ Rubbie (621940) | more than 11 years ago | (#5915273)

Rather, changing the CRT screen to a more secure format, such as LCD

Re:CRT Monitors (3, Informative)

nolife (233813) | more than 11 years ago | (#5915345)

That would be tempest monitoring [google.com] .

You call those annoyances? (4, Funny)

inertia@yahoo.com (156602) | more than 11 years ago | (#5915290)

You call those annoyances? I call annoyances, opening a slashdot article and finding five topic icons going down the side of the screen.

New microsoft windows security vulnerability (0, Flamebait)

rmarll (161697) | more than 11 years ago | (#5915305)

Can allow malicious web designers to gain access to confidential data as well as your prize winning doberman's name.

Neil Stephenson says (2, Interesting)

poor_boi (548340) | more than 11 years ago | (#5915308)

What about van Eck phreaking [techtarget.com] ? Fido borders can't stop that. Of course its not a real very real threat, but it only takes once.

Expect your wife to receive hard copies of that 'questionable' pornography you enjoy so much from the van Eck'ing P.I. she hired (he looks like Tom Selleck :-)

Paranoia Strikes Deep
-boi

No good for me (1)

RetroGeek (206522) | more than 11 years ago | (#5915312)

Because I do not own a dog.

Your monitor's safe, not your hard drive (0, Flamebait)

jdhutchins (559010) | more than 11 years ago | (#5915316)

Windows is so full of holes, there will probably be many ways to defeat this. First of all, the names of all of text to be put around the screen has to be stored on the hard drive. I don't think Windows is psychic yet, so it's there somewhere. If it's there, it can be stolen. It'll just give windows another day before their first security bulletin comes out.
Users will enter "normal" words in to be displayed around secure windows. If a copy of the file can be gotten, even if it's encrypted, it shouldn't be too hard to try a dictionary attack on it and crack the file quickly. It won't be that hard from there to put this text in the border.
Only 1/2 hour after it's posted on slashdot, and possible hacks are already being thought out. By the time this stuff actually comes out, it'll probably have already been cracked for quite some time.

MS security? (1)

rufireproof (670995) | more than 11 years ago | (#5915318)

It seems to me, if Microsoft wanted to increase the security of its OS, perhaps they should start by removing the cancel button on the password login...

Not how it works, but how it looks. (5, Interesting)

immanis (557955) | more than 11 years ago | (#5915335)

Regardless of how much security this, in reality, will provide, it will provide a tremendous APPEARANCE of security.

Sure, it may work. It may even work well. But the important thing from a sales standpoint is that it will look very secure. And that sells better than actual security. Given their posturing over security in the past year, this is right in line.

This is like "inventing" a problem (3, Insightful)

nirbasito (670818) | more than 11 years ago | (#5915347)

How does vanishing data from a secure window when its not on top anymore makes the data substansially more secure? If anyone has allready hacked into that system it maybe safely assumed that he has access to memory... I agree it is safer in case you are watching porn and someone walks into the room...but in real business world people view confidential information when they know that there is no one to look upon their shoulders. IMHO this is just another gimmick ....."OH look I have a secure window!! I dont care if I open this strange looking attachment that came by email .....ZAP!!!"

com.com (4, Funny)

daVinci1980 (73174) | more than 11 years ago | (#5915352)

You *might* disbelieve the article because it comes from news.com.com, but I personally find them to be the highest caliber of news organization.

Right up there with the LA Times [latimes.com] , The National Enquirer [nationalenquirer.com] , and the Weekly World News [weeklyworldnews.com] .

Strange names for dogs (1)

Morel (67425) | more than 11 years ago | (#5915361)

Can't believe no one has commented on the example dog names: "...Buffy, Skip and Jack Daniels..."

I mean, this Petey Biddle has some WEIRD word association algorithm in his head or he has a fondness for boobs, vampires babes and booze.

On the other hand, don't we all?

More McSoftware... (2, Insightful)

tds67 (670584) | more than 11 years ago | (#5915386)

...from Microsoft. Pay no attention to what's going on behind the software curtain, just watch something soothing and comfortable like pet names on your window borders and trust someone else to be your data security nanny. Just more dumbing down of computer users, if you ask me (Score:5, Pessimistic)

Um, come again? (1)

psoriac (81188) | more than 11 years ago | (#5915387)

...and will also hide the data unless the window has no others on top of it. That should make it very usable, and speed adoption of security features -- especially among people who need to be able to see the data in two partially overlapping windows at once.

Maybe it's just me, but I can't see how preventing the very thing you need could possibly be considered making it more usable... but then again I guess this *is* Microsoft we're talking about.

Pathetic (0, Flamebait)

The Bungi (221687) | more than 11 years ago | (#5915394)

Microsoft is still working on how to implement this technology and what it will ultimately look like.

Oh, regardless, I expect "border with the names of your dogs" to become another cherished Slashdot meme, to be used out of context everywhere in futile attempts at humor. Right up there with "blue windscreens" and so on.

oh my... how ingenious!! (0, Flamebait)

hummer357 (545850) | more than 11 years ago | (#5915411)

MS really don't have a clue when it gets to security...sigh... ;-)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>