Linked by Thom Holwerda on Fri 13th Jul 2012 23:47 UTC
Internet Explorer "It's never good to scare away your customers. It's even worse if you don't realize you're doing it. That was me. Like most folks in the developer community, it's been years since I last used Internet Explorer as my daily browser. Oh sure, we all keep copies around for web development work, but Firefox, Chrome, and Safari now rule the web roost. Unfortunately, that was not the case with the Blurity userbase." Wise lesson from Jeff Keacher.
Thread beginning with comment 526916
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Think about the children
by Alfman on Sun 15th Jul 2012 19:10 UTC in reply to "RE[3]: Think about the children"
Alfman
Member since:
2011-01-28

tanzam75,

Certificates can only identify WHO wrote a piece of code, not what it does or what the author's intention is. Even the most "trusted" CA's are compromised from time to time - it's only ever newsworthy when false microsoft or google certs are issued, but I'm pretty sure this happens every day with other brands that aren't under a microscope.

Even when certificates are issued legitimately to legitimate developers, how are end users supposed to know this? The certificates really don't tell us what is safe to install. Furthermore, even signed code from known sources can be compromised, and exploited by hackers. Developers may or may not be aware of it. And even if they are, now they're faced with revoking the certificate used to sign all their software and potentially cause interruptions for their existing customers (which is why certificates shouldn't be shared in the first place between all their software like you suggested).

So certificates do help provide some additional trust measures, but they aren't ideal for security. If you have any doubt about this, just recall the IE COM component debacle - it's a prime example of why certificate "identity" does not lead to "security".

We should have more emphasis on fine grained application sandboxing to keep dangerous applications from having their way on user systems, regardless of the code's "identity".

In other words, ideally the OS should allow us to download and play a game from any source without concern for the safety of the rest of my files/applications - not much different from how we visit web sites.

Reply Parent Score: 3

RE[5]: Think about the children
by zima on Wed 18th Jul 2012 19:25 in reply to "RE[4]: Think about the children"
zima Member since:
2005-07-06

Sandboxing (presumably together with users being asked about permissions) will probably just bring "UAC tiredness" - maybe even multiplied, training people to accept everything or to block everything in panic.

No way out of (more or less) walled gardens for general population, I'm afraid.

Reply Parent Score: 2