21 December 2006

Vista vs. email

This blog post was interesting:

http://windowsvistablog.com/blogs/windowsvista/archive/2006/12/19/windows-vista-and-protection-from-malware.aspx#comments

It's an interesting expectation, that Vista would magically be immune to malware attacks - but that expectation is taken seriously in this post, which views the problem through the eyes of the totally inexperienced user. By blocking access to all incoming attachments, Vista's native Windows Mail is able to foil 8 of the 10 common attacks tested - the ones that got through, did so by using file types that some email applications don't block.

My expectations are far more modest:
  • System should be immune from clickless attack
  • User should receive accurate risk information
  • System should act within the bounds of that risk information
  • Should malware go active, user should be able to clean it
Jim's assessment treats the user as a passive component that has to be protected by the system acting on the user's behalf. I see that as unrealistic, and not only because it's a "mission impossible" task, but also because most users will disable total attachment blocking and then lose that degree of "protection". So what works for great disclaimable advertising copy - "used as directed, Windows Vista is immune to 8 out of 10 common email attacks" - works less well when users actually use the system to do real-world things.

For many (most?) users, blocking all attachments is too broad a sword to live with. What these users expect, is to look at an email message and attachment link, and assess whether the attachment is safe to "open". That in turn requires information about the attachment file type that is easy to understand (as a large number of raw .ext is not) and can be relied upon (in contrast to Vista's default "open based on hidden info rather than visible .ext" behavior).

Windows has been designed with many things in mind, but type discipline is not one of them. There's been great stress on per-user rights in NT, in keeping with the needs of corporate IT, but this maps poorly to consumer needs. The code/data distinction has been undermined, and the unrealistic objective of "you can do everything without having to know anything" assumes that consumers won't have the skills to assess and act upon file type risk information.

The last point, "should malware go active, user should be able to clean it", is a topic in itself, which goes about safety awarenss that stretches from maintenance OS through "Safe Mode" and into safe handling for suspect locations, such as newly-discovered drives or subtrees that are designated as holding risky material, much as "My Documents" is designated as holding "user data".

Here are a couple of unrelated quick things...

Screening spam

Another thing I'd like to see in an email application is better filtering, based on criteria other than various text matches. Specifically, I'd like to filter out "messages" that have under 100 characters of visible message text plus embedded (or remote) images. This is emerging as a common form of spam, with two effects; firstly, there's no text to filter/match, and secondly, the entire "message text" can be one huge clickable surface.

Firefox's killer feature

Spell checking within text edit fields - a must-have, in an age of online text composition e.g. blogging, forum posts, comments and web mail!

Up until now, Microsoft has positioned spell checking as part of MS Office, with the unique vendor advantage of integrating this application component into the OS (e.g. Outlook Express).

These happy days should be over, thanks to Firefox 2, just as free Google email killed the acceptability of the 1-2M email storage norm for paid-for ISP email "services".

No comments: