Matthew Paul Thomas wrote: > Uwe Schilling, Thomas Nardone: As I have already explained several > times, this is far from the only time programs need to open windows > unprompted; and conversely, even with a browser blocking popup windows, > a determined Web site author can still open popup windows or things that > look like windows. Therefore, trying to distinguish real prompts from > fake ones by whether they open manually or automatically is dangerously > wrong. Better defence mechanisms include making Web windows more > obviously non-native (with help from both the browser and the Ubuntu > theme), and more informative handling of downloaded executables (Windows > Vista and especially Mac OS X do a much better job of that than Ubuntu > does).
That was not the point I was making. The point is, that, yes, there are applications that open pop-up windows on my computer. However, none of these applications asks for the system password! Ever! If "some evil guy from the internet" pretended to be my friend Bob and told me hi via skype, I would soon find out because he doesn't know anything about me, but nothing would be lost, if I asked back "How are you?". But now you start teaching people to give their systm password to some arbitrary pop-up windows. Do you agree that there is a difference if a pop-up window has administrator status or not? That is the difference I am pointing towards. So far, there was no higher interest in determining if something was started by the actual application or if it just pretended to be. At least, it was on immanent risk to your system. But by training people to give their system password to pop-ups, it becomes one. That is the point I want to make. Making web windows look less native would definitely help to prevent damage, but for the moment, they look pretty much alike. Thus, at least for the next half year (until karmic) the danger I described persists. And even afterwards, it does not seem obvios to me, that then everybody will be able to distinguish the windows by their style. It still seems to pose an unnecessary risk. -- [Jaunty] Update Notifier icon would provide useful status information https://bugs.launchpad.net/bugs/332945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
