Usability problem

  Jan 28, 2004

As I'm sure you are, too, I'm suffocating under the pressure of the latest, meanest badass of an e-mail worm. This happens every once in a while, I've sort of learned to live with it as one of the downsides of the interconnected electronic information superhighway society, or whatever the hell they call it this week.

Every time the new badboy e-mail worm introduces itself to the world, we get another discussion about the lack of security in Microsoft Outlook and Outlook Express. Every time some kid says that Microsoft have not secured their product properly, that they've basically forgot to add security to Outlook and its cousin Outlook Express.

That's when I ask what the hell kind of security measures are Microsoft supposed to add? The worm comes attached as a compressed folder containing an executable file, are they supposed to make it completely impossible to send or receive compressed and/or executable files? Are they, perhaps, supposed to make it impossible to execute executable files at all? Kind of takes the edge off the functionality of an OS doesn't it? Are they supposed to make it impossible to programmatically access the Outlook addressbook, what?

The way I see it, there are two problems: the stupid, inane, inexperienced, blue eyed or just generally computer inept user problem, and, a usability problem. The aforementioned users need to get a big red honking and flashing warning message when they decide to run or open attachments which are compressed folders or executable files. That's a usability problem.

Security problem? I don't think so. We're beyond that, today's e-mail worms aren't automagically executed VBScripts that run in the Outlook preview pane, they're applications which are executed because users don't know better.

Now I better get back to drowning in email.

Permanent link

Previous   Next >

Comments

  1. I do not think any email born virus has anything to do with lack of security on the client. It is people stupidity and lack of common sense, that's the flaw and half of the virus itself.

    Comment by David Collantes at 13:49, 28 Jan, 2004 #

  2. The biggest viruses in history have all had a social side to them, compelling? the silly zombie at the other end to open them. Your story is so true =]

    Comment by cyberhill at 08:08, 29 Jan, 2004 #

  3. That is exactly the group of people that email worm virii are aimed at, and are quite successful because of the fact that most people are not computer obsessed and just use them for basic contact and word processing.

    Comment by Tarsh Einfallsreich at 08:59, 29 Jan, 2004 #

  4. Tarsh: Computers mustn't be an obession for a user to be able to understand that an executable program can do mean things to your computer. Reading comprehension and common sense should be sufficient.

    Comment by Tomas at 09:40, 29 Jan, 2004 #

  5. I didn't get this virus either. Nobody loves me. :-(

    My dad is the Main IT Honcho at his company. He has frequent stories about how he sends warnings about the latest mail virus and still someone manages to infect himself and crapflood the rest of the network. And then claim "I didn't get that warning!"

    If computers only had seat belts...

    Comment by Johan Svensson at 12:56, 29 Jan, 2004 #

  6. Johan: Seat belts, or, even better, catapult seats.

    Comment by Tomas at 13:05, 29 Jan, 2004 #

  7. Tomas: Common sense and mose computer users.. gernally don't mix well.

    Comment by Tarsh Einfallsreich at 21:22, 29 Jan, 2004 #

  8. I think your statement certainly applies to virii, but worms are a different matter. Sure, the worm is initially run via execution of some attachment. But the next step-- the thing that hurts you, me, and the Internet at large-- is that the operating system sends hundreds of copies out without ever notifying the user. I think that's a big hole that is solely Microsoft's responsibility to close. Nothing should be able to send email without approval by the user.

    Comment by Eamon at 02:08, 30 Jan, 2004 #

  9. Eamon: No operating system that I know of prompts or informs the user everytime, or anytime, an application tries to send information to the Internet, so I don't see why Microsoft should be singled out as the bad guy.

    Even if such a prompt existed, the user who ran the application, without even contemplating the possibility of it being malicious, is likely to acknowledge the prompt for the application to communicate via Internet either way...

    Comment by Tomas at 11:13, 30 Jan, 2004 #

  10. Nobody starts blaming Berkeley or AT&T or whatever for someone writing malicious UNIX software, right? I agree with you, it's silly to blame Microsoft for the stupidity of others. But I guess Microsoft in turn has to blame themselves for letting this on themselves. I mean, it's very easy for a user to justify blaming Microsoft for not having elaborate warning schemes or whatever if they in even one instance have but a simple warning. It's very easy to say: "Well if you can warn me, you can do something about it! If you know that there's a problem, fix it!"

    But as with so many other issues in the world, fixing blocks so that executable files cannot execute or whatever is not a cure for the disease, but a cure for the symptoms. The disease itself is the stupidity of users, and I guess this is something we all have to get used to. There will never ever be a lack of stupid computer users.

    Comment by Marcus Stade at 02:06, 01 Feb, 2004 #

  11. GOTO 1
    REM :-)

    Comment by David Collantes at 06:13, 01 Feb, 2004 #

  12. Ironically enough, I reinstalled XP, and someone sent me a .zip file. Outlook spat out a big honking flashing "You are not allowed to open this attachment".

    Sadly, it only contained some .jpg files, but anyhow, the functionality seems to be default in Outlook Express. That means the inane users have turned it off for some reason (probably the reason for which I turned it off)

    Also, I read on IDG (swedish newssite) that Mr. Gates plans to kill spam by inserting cpu-delays in mass-mailing. One mail will not labor the cpu noticeably, but 100's or 1000's will quickly push it to it's knees. How this will affect real business remains to be seen. Also he had some crazy idea about digital post-stamps that would make the mass-mailer pay a fee everytime a user expresses that he did not want that specific mail. (who this fee goes one may wonder.. spontaneously I'd say _microsoft_)

    Comment by Lego at 12:35, 05 Feb, 2004 #

The discussion has been closed on this entry. Thanks to everybody who participated.

Jogin.com

Devil's Advocate Extraordinaire

Ads

Recent Entries

  1. Later
  2. Penis tax
  3. Traffic
  4. Free Willy
  5. Boooring