Now suppose that Microsoft "marks" every document that comes from the web as suspect, and every document from a Longhorn/MSN as safe. Effectively, the web gains a "dirty bit". Marketting executives tell consumers: Microsoft protects you from the dirty web by clearly labelling everything that comes from there. They say this as part of the process of differentiating their new products from the Web.
But it's not just web pages, is it? Almost all Word or Excel files basically have the "dirty bit" - when you fire them up, you are asked if you trust the file and if you want to run the macros.
Content which can have embedded code, and which is sourced from an unknown entity, should not be trusted. This is as true of Word files as it is of web pages.
For minimum inconvenience for the user, we need to identify untrusted content, and pretend that it's actually still being served from where it originally came from, with all the attendant security precautions. That way, other content can be displayed without worry. It seems to me that the right way to do that is mark saved web pages with their origin - which is what the MOTW is.
Microsoft then turns around as says: "the whole web is dirty".
It turns to the Mozilla Foundation and says: "hey, you guys (gals)
agree with us - you use the dirty bit too. We all think the web
is dirty. That's why we (Microsoft) invented this alternative
that users can buy.
Do you think Longhorn has a magic solution to the untrusted content problem?
Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
