[LINK] Study shows pop-up warnings are ineffective
Marghanita da Cruz
marghanita at ramin.com.au
Wed Oct 1 17:11:27 AEST 2008
Ivan Trundle wrote:
> On Wed, Oct 01, 2008 at 11:52:29AM +0930, Glen Turner wrote:
>> I much prefer the SELinux approach. Deny the activity and audit it.
>> Put an alert on the screen saying the activity was denied. Give a
>> audit review tool which allows denied requests to be authorised in
>> the future. This approach moves the consideration of security out
>
> My brother-in-law tells me that this is exactly how his team manages
> this activity in his (large) federal government department (but in MS
> Windows). The review process takes up to four days, but this is better
> than many other departments, which have no review process at all.
>
> It was interesting to hear his views on the word 'trust', and what it
> means in this context: given the thread discussion.
>
> His view (and he is no Microsoft shill) is that Microsoft does a
> better job of delivering the required security regime and patches (in
> concert with Auscert) than Mozilla, and the level of trust and
> obligation is markedly different.
>
...
and here is mozilla's view
> A number of press articles surrounding Symantec’s Internet Security Threat Report, and other recent similar reports from Cenzic and Secunia, are offering the confusing and incorrect conclusion that the effective security and safety of web browsers can be measured by simply counting the number of vendor disclosed software flaws.
....
<http://blog.mozilla.com/ftr/2008/04/15/security-metrics-that-matter/>
--
Marghanita da Cruz
http://www.ramin.com.au
Phone: (+61)0414 869202
More information about the Link
mailing list