I am in full agreement with your opinion. I do not think security is an "all or nothing" property, and I do think that mechanisms can be considered effective even if they do not protect against attackers with some level of skill or motivation. After all, there is no complete security and security is, and has always been, considered as "perceived assurance".
I do not think that a fact that a mechanism can be somehow circumvented makes it useless. "Keepng the honest people honest" is a good enough legitimation for a mechanism to exist as well as "moving the bar higher". However, the only problem I can see in this case is the opening of a possibility of a false sense of security. Security mechanisms do not have to be perfect, but their perceived strength by their users shall be set right.
For this I personally think that the mechanism is great and useful, but should be presented by Microsoft accordingly, hence: as a useful security-related feature, not as a complete bullet-proof protection tool.
Hagai.
Hagai Bar-El - Information Security Analyst Tel.: 972-8-9354152 Fax.: 972-8-9354152 E-mail: [EMAIL PROTECTED] Web: www.hbarel.com
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
