Anthony G. Atkielski wrote:
Or, would these be better off on a per-site basis?
The number of sites is so great for most uses that it would quickly
become impossible to manage a list of sites with separate settings for
each site.
I'm not sure I see that. The number of sites is
already so great, and users don't adjust anything
in IE .. not that I ever heard of. So how can it be
possible to be impossible to manage?
In practice, if the defaults are relatively sensible,
only a small proportion of sites would need some
adjustment. Less than 10% I'd think.
For those afficionadi who adjust like crazy, I think
the onus would be on them to design (and perhaps
build) a nice site adjuster that didn't slow them
down.
(Not that I'm saying it should be "per site" but I
just see "per site" as being much simpler to
conceptually handle for the users.
However, it should be possible to define, say, 6-10
categories of sites and then adjust the settings for each category; then
individual sites (or groups of sites, with wildcard specifications) can
be placed into the categories. The categories would run roughly from
most trusted to least trusted.
This is _roughly_ how MSIE does it, but MSIE has too few categories and
they are impossible to change. Firefox should have more categories
_and_ addition or deletion of categories (this latter function could be
limited to the Registry or a configuration file, as it would be too rare
to justify building a user interface for it).
Ah, ok that answers my earlier question - the
set of categories is fixed as far as the user is
concerned.
For example as you enter a new site, the little
bar appears at the bottom giving you the option
to turn on features that are spotted, if you trust
the site?
Hmm ... sounds like a pretty good idea. But where would the settings be
recorded?
With the relationship information for the rest
of the site "of course" :-) I say that knowing
that such information isn't recorded as yet...
Also, entering a new site would be too late. If your settings are too
liberal by default and the first thing the site does is download spyware
or something, you're out of luck, even if you click to change the
settings after entering. You'd have to have a way to protect yourself
before you visit the site.
That's why I suspect that Firefox will always
deliver 'safe out of the box.' Start out safe,
and then loosen up. The trick seems to be
that Firefox has to suggest that something
is being tried and there is an opportunity to
loosen up.
One way to do this is to be able to specify the default category for any
sites that are not explicitly named in some other category. You could
set this category to the least trusted category and protect yourself, or
you could set it to a more trusted category for a "richer" surfing
experience with minimal fuss.
On MSIE, I have the default settings for sites severely restricted, so
they can do virtually nothing unless and until I explictly place a site
in a more liberal category.
That sounds perfect.
Bear in mind that the target user as expressed
here has been the average user. So the notion
would be that Firefox is shipped 'secure' out of
the box, and experienced users can loosen things
accordingly.
No problem there. It would all depend on what default settings you ship
with the browser. You could set it to be very secure or very friendly,
Exactly!
Whether that survives as a policy, I know not.
I don't know, but it's a sad fact that most people favor features over
security until they get burned, so the tendency is to loosen up over
time. I don't personally care as long as I still have the option of
locking down the browser myself, but if I can't lock it down, I won't
use it. I predict that Firefox will become less and less secure as time
passes. It happens to just about all products, barring some spectacular
security breach that makes people worry about security again
temporarily.
That tendency was built up over time when there
was relatively little threat and relatively unrelatable
threats. Times they are a-changing! If the network
of users is given a useful tool and shown why it
helps defeat real persistent threats then I suspect
they'll use it. As long as it is seen to work.
[all Flash stuff - I entirely agree.]
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
