Stuart, you are my hero ;-)
Stuart Ballard wrote:
> "Simon P. Lucy" wrote:
> >
> > >It is an optimal solution if you define optimal to be the best possible cost
> > >versus benefit. Most users use win9x which has virtually NO "Permission
> > >management". Anyhow, the password would be far from not doing "anything". 99%
> > >of unintentional or novice snooping is highly significant.
> >
> > Hmm. Its not best possible cost because it fixes the wrong
> > problem. Providing a non-functional passwording system on a more secure
> > operating system would simply irritate the users of those systems.
>
> Hmm. I do see your point, but on the other hand, we have *already*
> irritated such people more than enough by providing the non-functional
> "profile" system in the first place on systems (*nix and to a lesser
> extent Win2k) that already have much more sophisticated ways to deal
> with multiple users. In that situation, support for multiple mail
> accounts removed the only possible reason anyone might have wanted
> profiles on *nix... we have them anyway. And yes, as a user of such a
> system, I *do* find it irritating (although, I have to admit, Moz does a
> good job of making the unnecessary profiles functionality invisible and
> unobtrusive). Clearly, not irritating users of "real" operating systems
> wasn't a high design priority :)
>
> This feature can be implemented with a *reduction* in irritation to
> everyone, by turning profiles off altogether for sufficiently advanced
> OSs.
>
> > There are all sorts of mechanisms that allow that on both secure and non
> > secure operating systems. A screen saver with a password is only
> > one. Leaving a machine on without some kind of control would just avoid
> > any security anyway. It would take a lot longer to open a browser and
> > enter a password for the profile than it would to enter a password on a
> > screen saver or keyboard lock.
>
> Up until recently, I lived in a home with children and a single family
> computer. I also know several people who do so. In all these situations
> that I know of, I am the only person who would have the first clue where
> to look for profile data if I wanted to break this "security". The
> others range from "uh, what's a file?" to fully capable of figuring out
> and using most applications, and even doing simple HTML authoring.
>
> For the large proportion of households that don't contain an advanced
> computer user or script kiddie (I don't consider script kiddies advanced
> :) ) the mere existence of a password would be more than enough
> protection. We're talking about the "sister doesn't want annoying
> younger brother reading her email to her girlfriends about boys" kind of
> security. The sort of security provided by those journals that come with
> locks that I could pull apart with my bare hands if I really wanted to.
> The sort of security that is *all most home users really need*.
>
> Advanced users, of course, know that this security is inadequate for
> them. But advanced users also know how to get better security, so it
> doesn't *matter*.
>
> Stuart.
--
Regards,
Peter Lairo
