Windows Security Through Annoyances?

techmuse writes "According to News.com, Microsoft's next version of Windows will let you know that you are looking at (supposedly) secure data by putting personalized text, such as the names of your dogs (a null list in my case), in window borders, and will also hide the data unless the window has no others on top of it. That should make it very usable, and speed adoption of security features -- especially among people who need to be able to see the data in two partially overlapping windows at once."

So......

[PS-SCUD]

How is that more secure than the little combination lock icon?

One problem solved

[El Cubano]

From the article:

Graphics cards are a security problem, because they contain their own pool of memory.

MS could just drop support for all video cards that have their own memory in favor of ones with integrated or shared memory (a la i810 family). Then the OS can have direct control over every aspect of the cards memory because it actually resides in main memory.

How will this help?

[toasted_calamari]

Seems to me that putting a fancy border on the window doesn't make it impossible to spoof. the contents of the border are stored in a file somewhere, and presumably the file can be read. if the file can be read, its contents can be outputted into an insecure window. Of course, I am probably wrong...

On the other hand, I dont think this will be as annoying as the story submitter claims.

a half good idea...

[cubal]

the window borders thing isn't a bad idea, but as for making content disappear in the background... "hullooo, earth to microsoft"

Re:So......

[spectral]

Probably because it's personalized, it's harder to spoof the window. Password boxes using data that only the OS knows and personalized for that computer are better. At least, if all dialog boxes looked one way, then up came a popup that looked compeltely different, it's pretty damned obvious it's a fake, and you don't want to put sensitive stuff in it.

Wow this is...So...Great....?

[Azureflare]

What the...What does this mean? Secure data will have different looking windows? Shouldn't they be concentrating on other things, such as actual security vulnerabilities? Seems like they're trying to say "look we're paying attention to security!" without actually doing anything that is effective...

All I know is, I'm not buying Longhorn; I don't need MS holding my hand wherever I go. This seems like just another "feature" where something can go wrong...

Re:Is this type of attack really that prevalent

[seinman]

Not much now, because people aren't expecting everything to be so secure. In the future, when it's expected that what you're looking at is secure, attacks like this could be come more widespread.

But what does "Security" mean?

[subreality]

While I agree that security should be easy, you can only dumb it down so much. If the entire knowledge that the user has is that a window is "secure", they are only getting a warm fuzzy feeling, not real security.

For real security, you need to know WHAT has been secured. Examples include:

Data was encrypted in transit.
Data is authenticated to come from XXX source, according to YYY certificate authority.
This window is protected from being viewed by PCAnywhere.
This data has DRM, and is protected from being copied to another computer.

Unless you tell the user WHAT the security is, they will make poor decisions about what to do with the data. Putting the name of their dog on the window doesn't provide that information.

Re:So......

[molo]

Maybe MS shouldn't let remote web pages control how my windows look. I *want* the status, button, and menu bars. Allowing remote pages to remove them is a bug IMO. Mozilla, yum.

Re:One problem solved

[cyberformer]

This just about says it all. A security problem for whom?

Ask any computer user, from a home web surfer to an IT manager, what they consider to be the worst security threats. My guess is they would list things like MS Outlook viruses, buffer overflows, ActiveX controls, spam and Gator. Would anyone but the MPAA mention graphics cards?

Re:Why redefine a working metaphore?

[alefbet]

Instead of adding new and experimental UI features, why not use a feature found on nearly every OS and that most end users will recognize - in this case, the lock symbol that indicates whether you're on a secure site or not. Obviously such a symbol would need to be something sufficiently different, but this is a well established (despite being lacking any standard specification) UI element that would require nearly no new training by the end user.

The point of this new UI element is that it needs to be difficult to spoof. If your machine is compromized in some way (via a trojan, perhaps) and an untrusted process attempts to masquerade as a trusted dialog, it can probably be convincing if the user interface element is the same on all or many machines. A lock icon would be easily spoofable. But if the appearance is visibly different on every machine and only applications with a certain type/level of trust can discover this appearance, then users can be more sure windows aren't masquerading.

A lot of things about the technology formerly known as Palladium scare me, but if it could be implemented in an open architecture where the machine owner has the keys, I think good things could happen.

Just my $0.02.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:So......

[lightspawn]

Because any website can pop up a fake window with a little GIF of a lock in the corner

Why not just prevent them from doing that, then?

This is like "inventing" a problem

[nirbasito]

How does vanishing data from a secure window when its not on top anymore makes the data substansially more secure? If anyone has allready hacked into that system it maybe safely assumed that he has access to memory... I agree it is safer in case you are watching porn and someone walks into the room...but in real business world people view confidential information when they know that there is no one to look upon their shoulders. IMHO this is just another gimmick ....."OH look I have a secure window!! I dont care if I open this strange looking attachment that came by email .....ZAP!!!"

Re:How does Microsoft know my dogs' names?

[cosyne]

All your pets' names are belong to Microsoft?

Seriously, given the number of people who use a pet's name for a password, displaying a list of them on the screen seems like a huge security risk.

Hey, I've got a wacky idea

[the_skywise]

Why not secure the interface so hackers CAN'T pop up a new window outside the client window area!!

Oh wait, that would deprive MS of ad revenue...

No no, much easier to put up a purty border of your kids middle hyphenated names because malicious hackers would never figure out where that configuration information is stored (regedit).

"Honey, why does Thomas-Clark's name keep appearing in the border of my window underneath this ad for a web cam?"

More McSoftware...

[tds67]

...from Microsoft. Pay no attention to what's going on behind the software curtain, just watch something soothing and comfortable like pet names on your window borders and trust someone else to be your data security nanny. Just more dumbing down of computer users, if you ask me (Score:5, Pessimistic)

I'll tell you why it's great...

[lpret]

9 times out of 10 the only way to get information or whatnot is through social engineering. Kevin Mitnick is a prime example. For all of his uber-tech prowess, he still relies on fooling people into giving him access/information. Even his technical work has social aspects that are key to the success of the crack.

Furthermore, I think that this could turn out to help security much more than some obscure feature. It is this low-level, "no shit sherlock" kind of basic security that is much more needed.

Re:One problem solved

[BJH]

No, what they're trying to do is this: provide a cryptographically-guaranteed path for data to the graphics card, that cannot be intercepted.

What this allows is secure playback of DRM-protected material, in such a way that it is impossible for the user to grab the data.

Once manufacturers jump on the bandwagon, you'll end up with a PC with "Palladium-enhanced" components, such as the DVD drive, hard drive, video card and sound card, where you are unable to do anything at all with data streams from sources (the HDD or DVD drive) to sinks (the video or sound card) that's not permitted by the supplier of that data. In other words, forget ripping your DVDs or CDs.

Doesn't make sense to me

[einhverfr]

It is fundamentally possible to target the weakest link of any security system. If I cannot create a lookalike window, then I just have to trick Windows into doing that for me. For example, the mere fact that I have an SSL certificate does not mean that you are safe submitting your credit card to my site, although it means you know who I am and can contact me or my company if something happens. SSL requires, in order to be effective, a visible address, and a popup window with no address bar has no way of verifying the address for the customer ;-) So I already have a way of attacking this trust and at least making it hard for the user to track me down.

Tricks like these are not addressed by this approach which means that Microsoft still hasn't learned that con artists are probably the most likely to be able to get your confidential information ;-)

Re:One problem solved

[OeLeWaPpErKe]

The security problem is not that anyone else might access your data that way. The problem is that *YOU* might access your data that way.

Re:Not so secure

[zurab]

Hmm, okay, so let's say I make a Microsoft-ish spoof page with a border that has "king", "snoopy" or "brutus" all around, and half the visitors will recognise their page with their unique pooch's name on it, and will give me their credit card number in total confidence. Hmmm ....

I was thinking that too. Then I read the article:

"A hacker can create a spoof page with dogs' names running along the border but, in all likelihood, not one reading "Buffy, Skip and Jack Daniels--and in that order," Biddle said."

True, but anyone could just create a similar-looking window, and just put words "Secure Window" instead of "Buffy, Skip and Jack Daniels". Guess which one will look to be secure and which one will not.

Also, if this system is not clearly explained to non-savvy users (and I am guessing it will not be), then there will be other implications as well - such as people typing in their passwords, or realizing their pet name *is* their password, etc. I look forward to how they implement this and confuse users.

Re:So......

[ealar dlanvuli]

Hide the address bar and put a fake one up...

Yes, becauser we know custom XUL prompts won't give the user a rather obvious security message... really they don't. It's exactly the same level as a page I could just browse to without trying to...

I was going to mod you down, but they still don't have the damn -1 incorrect.

Re:How does Microsoft know my dogs' names?

[Anonymous Coward]

Yeah, I'm getting sick and tired of companies asking for personal information (Mother's maiden name, birthday, social security number) as proof of who I am. Some of the information is public record anyway. Now I have to protect my pets names as secret -- and hope the vet doesn't want to hack into my information.

There are technical means to do this much better, but society seems to be afraid of using cryptographic means.

Would the personalised text really help?

[Anonymous Coward]

Think about this for a minute:
The computer has to come with some text built in from the start. Let's say it will be "this is a secure window". Ok, great. Now think of the 99% of computer users out there. How many of them will actually bother to change that default text to something more original? 10%? 5%? 1%?
Now put yourself in the shoes of a typical computer user and think about this: you're out there surfing the web, when out of nowhere comes this window with the text "this is a secure window" running around the border all fancy-like. And what do you know, the window claims to be from a sysadmin, saying they need you to enter your password. How many average users would happily comply? 50%? 80%? 95%?
Great idea Uncle Bill, more zombies for me to command!

Re:Security?

[Tesral]

Heck, America can't figure out how to secure its borders when thousands of years ago, China came up with a solution that can be seen from space.

Small correction if I might. The great wall of China cannot be seen from space. This is a common misconception. Recall that at its best the Wall is no wider than an American two lane highway, which also cannot be seen from space. ("from space" defined as at least orbital altitude)

Secondly, as far as security is concerned the wall, which is not one wall but a series of interlocked fortifications, stopped nothing that really wanted over it. Like computers, Wall security is only as good as the people that have the keys. As the guard had the keys, not the Emperors, sufficient bribes got anyone through that wanted through.

Please, in future diatribes get the incidental facts straight. Thank you.

Now, Microsoft wants you to give them the keys. Being that they do not see fit to obey the law of the land, a simple thing, are you trusting them with you computer security? Something that is at least as "important" as the law, and to my mind even more so.

Emulating NGSCB

[kwench]

And now for something completely different...

What about a emulation that runs NGSCB? E.g. some kind of Wine or Bochs? You could easely compromise secured connections (and windows) because for the host OS they're running in normal, unprotected memory.

Even worse: What about a NGSCB client that pretends to be a real NGSCB-aware OS but is a fake in reality? You say asymmetric encryption? I say: Once these NGSCB-ready computers are out, it's only a matter of days until /. runs a story about cracked private keys.

Done by close integration with IE?

[Anonymous Coward]

Won't this feature require close integration between the operating system and the browser?

I was under the impression...

[ca1v1n]

...that inconvenience makes any system less secure, because lazy people will do stupid things to alleviate the inconvenience. This seems like a step in the wrong direction.

Re:Oh this is bright...

[pair-a-noyd]

Ah yes, but the new Windows is *supposed* to protect you, remember?

The whole point of it is, if someone can get 60 seconds alone with your box, you're SOL..
And even if they can't get physical contact with your box, if they really want in, they will get in.
There are a lot of ways. With all the miniture cameras out now, well, you know the rest of the story..

I used to sell Tempest PC's to the gubmint a number of years back and learned a few things about physical security in the process.
They used isolated power supplies, fiber optic for any lans, faraday caged buildings and rooms, you name it.

And the really secured machines were DEEP underground in a faraday cage in a concrete bunker and ran on battery banks that were disconnected from the charge source before the systems were powered up. And to prevent tampering, guards were posted with M16's..

Now THAT was security.. They went from that, during the cold war, to losing hundreds of laptops in the post cold war era.. Some security eh??

If you don't maintain physical control of your box then you can not be certain of privacy and integrity of your data. Most people think that with the stupid password on their W2k or XP box that their stuff is private. Wrong. I can boot up Knoppix and your hard drive is mine to do with as I please.
I can email your private data out, FTP it out, http upload it anywhere I want, burn it to a CD or RW, FTP it all into a laptop with an ethernet x-over cable, dump it to zip disks, I could go on and on.

A person that can get to a box in the middle of the night and has a few hours to spare can have a real playday with your box and a Knoppix CD. I've shown this to customers and they crap all over themselves when they discover that that dipstick password "security" is utterly useless.
Knoppix+Windows box+ethernet+time alone=b0xen_0wnership..

Of course this is no concern to M$, they just care about you listening to music on your PC and paying per listen. And they have to stop those EVIL LINUX people from watching movies on their LINUX BOXES. All of these new proposals are not about security, they are about THEM controlling YOU..