Ian G writes: > Question of clarification - do you mean that the > user is capable of adding and deleting these > categories? Or that they are a fixed set that > are pre-ordained?
They should not be a fixed set under any circumstances. The user must be able to modify the settings. However, the default installation should provide "reasonable" settings, whatever those might be. For most options, I'd suggest a disabled/ask/enabled choice. You can disable something entirely, you can enable it unconditionally, or you can specify that the browser should ask the user what to do. > Or, would these be better off on a per-site basis? The number of sites is so great for most uses that it would quickly become impossible to manage a list of sites with separate settings for each site. However, it should be possible to define, say, 6-10 categories of sites and then adjust the settings for each category; then individual sites (or groups of sites, with wildcard specifications) can be placed into the categories. The categories would run roughly from most trusted to least trusted. This is _roughly_ how MSIE does it, but MSIE has too few categories and they are impossible to change. Firefox should have more categories _and_ addition or deletion of categories (this latter function could be limited to the Registry or a configuration file, as it would be too rare to justify building a user interface for it). > For example as you enter a new site, the little > bar appears at the bottom giving you the option > to turn on features that are spotted, if you trust > the site? Hmm ... sounds like a pretty good idea. But where would the settings be recorded? Also, entering a new site would be too late. If your settings are too liberal by default and the first thing the site does is download spyware or something, you're out of luck, even if you click to change the settings after entering. You'd have to have a way to protect yourself before you visit the site. One way to do this is to be able to specify the default category for any sites that are not explicitly named in some other category. You could set this category to the least trusted category and protect yourself, or you could set it to a more trusted category for a "richer" surfing experience with minimal fuss. On MSIE, I have the default settings for sites severely restricted, so they can do virtually nothing unless and until I explictly place a site in a more liberal category. > Bear in mind that the target user as expressed > here has been the average user. So the notion > would be that Firefox is shipped 'secure' out of > the box, and experienced users can loosen things > accordingly. No problem there. It would all depend on what default settings you ship with the browser. You could set it to be very secure or very friendly, or anywhere in between. Obviously, it should be set by default with something that would suit the average user who isn't going to tweak the settings himself. Power users are going to change all the settings, anyway, so they don't care much about the defaults. > Whether that survives as a policy, I know not. I don't know, but it's a sad fact that most people favor features over security until they get burned, so the tendency is to loosen up over time. I don't personally care as long as I still have the option of locking down the browser myself, but if I can't lock it down, I won't use it. I predict that Firefox will become less and less secure as time passes. It happens to just about all products, barring some spectacular security breach that makes people worry about security again temporarily. > FWIW some people I have come across swear by Flash. Flash content is appropriate only in an extremely small number of cases where very multimedia-rich content fits in with the purpose of the site. In all other cases, it just gets in the way. Worst of all are the sites that have Flash as the first page on the site. The problem is that many clients will be impressed by Flash content, but they won't know or consider the problems that it raises. Flash content has to download, and Flash components are executable code that must run in a client-side binary executable, which means that they can carry viruses, worms, Trojans, etc. And on some browsers, such as MSIE, the only way you can protect against malicious ActiveX components is to turn ALL ActiveX components off ... which disables Flash. Overall, Flash is a really bad idea in most cases. I assume Firefox allows me to turn it off and keep it off ... right? > In my area, if I had the budget, I'd be moving a lot of client > work over to it. It's a performance risk, a security risk, and an ergonomic risk, all of which can threaten both your organization and the impression that you create for your site visitors. > I personally hate it but the systems I've seen make a whole lotta sense. There are a handful of reasonable applications for it. But a lot of Flash serves no purpose, and some of it could be better done with server-side or client-side scripting, which is safer, faster, and more ergonomic. -- Anthony _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
