Wednesday, January 9, 2008
One thing I don't get is companies that should know better, like F-Secure and Microsoft, encouraging users to follow poor security practices. Microsoft with it's update pages, and F-Secure with its free online security check, are encouraging users to allow ActiveX and the like. Bad. Bad. Blackboard does the same thing by requiring faculty to trust signed applets in order to use certain fairly basic features, e.g., sending e-mail to the class One thing that someone might point out is that they may be using signed applets or the scripts may be delivered over an SSL/TLS connection, so the user can be fairly confident of its source. I don't buy that. If one of these applets does bad things to my system or my data, I may not notice for weeks, if at all. When I do realize something happened, can I trace it back to a particular signed applet? At that point, would I care?