"This page has unknown potential security risks."

F

Frank

Certified not a majority
Veteran
... "Are you sure you want to continue?"

What the heck? It's a share with an XP computer, I use passwords and a private workgroup...

Or, how about this one:

"Remote Desktop cannot verify the identity of the computer you want to connect to.
...
Do you want to connect anyway?"

No, I'm not going to upgrade that PC to Vista, no matter how much you try to scare me, Microsoft!

But I know plenty of people for whom that might work. Scare tactics.
 
It's the Windows way. It assumes that whatever you just tried to do was a mistake and asks "are you sure?" As opposed to the Unix way that assumes you are actually intentionally doing what you want and only tells you if it doesn't work for some reason (unless you tell it to be interactive/verbose).
 
Heh yeah that's one of MS's ways, but Frank is referring to the little "are you sures" that go with connecting a Vista comp to a XP comp. It's psycho-warfare; reduce your confidence a little bit at a time until you feel good/better about upgrading something that doesn't need to be.

Tho I suppose there really are legit reasons for it to say that. Vista did supposedly improve Remote Desktop's and the file sharing's security.
 
Frank said:
Or, how about this one:

"Remote Desktop cannot verify the identity of the computer you want to connect to.
...
Do you want to connect anyway?"

No, I'm not going to upgrade that PC to Vista, no matter how much you try to scare me, Microsoft!

But I know plenty of people for whom that might work. Scare tactics.
Click to expand...

No, that prompt is totally legit.

You're about to send your login credentials to another machine, and if it's not in a kerberos protected domain network, your computer has no idea whether that machine really is who it says it is.

You can get rid of the prompt by running mstsc.exe, and clicking Options->Advanced->Authentication Options, and picking "Always connect, even if authentication fails".
 
Frank said:
... "Are you sure you want to continue?"

What the heck? It's a share with an XP computer, I use passwords and a private workgroup...
Click to expand...

My guess is that Explorer is hitting a desktop.ini that references some sort of script or plugin.

The point is your computer has no idea if the machine you connected to is really in a private workgroup or that just cause it's in a private workgroup doesn't mean someone in that workgroup isn't out to get you.

So it needs to ask before it runs any sort of script.

There probably an option somewhere to tell it "yes it really is in a private workgroup, and yes I really know what I'm doing".
 
Bouncing Zabaglione Bros. said:
It's the Windows way. It assumes that whatever you just tried to do was a mistake and asks "are you sure?" As opposed to the Unix way that assumes you are actually intentionally doing what you want and only tells you if it doesn't work for some reason (unless you tell it to be interactive/verbose).
Click to expand...

Thats better than the Apple way, which seems to assume you dont want to do anything. Having to reconnect individually to each of my network shares (up to 6 per computer) is not fun in the slightest. For easy usability XP > OSX.
 
Dooby said:
Thats better than the Apple way, which seems to assume you dont want to do anything. Having to reconnect individually to each of my network shares (up to 6 per computer) is not fun in the slightest. For easy usability XP > OSX.
Click to expand...

Saying "someone else is worse" is not really a valid excuse as to why MS products still have these issues.

I'm disappointed that this basic philosophy of treating your users like complete idiots has still not been changed despite the alternative that unix has been showing for years. Same with the security model.
 
Bouncing Zabaglione Bros. said:
Saying "someone else is worse" is not really a valid excuse as to why MS products still have these issues.

I'm disappointed that this basic philosophy of treating your users like complete idiots has still not been changed despite the alternative that unix has been showing for years. Same with the security model.
Click to expand...
Amen. It irritates me a heck of a lot.

Even creating a new "power admins" group or such by turning off all that "self protection" nonsense for members would make me quite happy.
 
Bouncing Zabaglione Bros. said:
I'm disappointed that this basic philosophy of treating your users like complete idiots has still not been changed despite the alternative that unix has been showing for years. Same with the security model.
Click to expand...
Well, the point is that most users (> 90%, IMO) are complete morons (when it comes to computers). I bet that all users on this board know at least a handful of stories how some of their computer-illiterate friends whacked their windows installation and/or got virus/malware/spyware infected. But since these less-than-pro-users are the majority of microsoft's audience they need to focus on them.

BTW, i think it's funny how people cry foul about the security holes in windows, but also cry foul, when microsoft tightens up security.
 
N00b said:
Well, the point is that most users (> 90%, IMO) are complete morons (when it comes to computers). I bet that all users on this board know at least a handful of stories how some of their computer-illiterate friends whacked their windows installation and/or got virus/malware/spyware infected. But since these less-than-pro-users are the majority of microsoft's audience they need to focus on them.
Click to expand...

If you treat them that way, they will be.

N00b said:
BTW, i think it's funny how people cry foul about the security holes in windows, but also cry foul, when microsoft tightens up security.
Click to expand...

Have they tightened up security, or just given us a load of requesters that are so annoying most people try to turn them off straight away, whilst still not actually giving us a decent security model?
 
aaaaa00 said:
No, that prompt is totally legit.

You're about to send your login credentials to another machine, and if it's not in a kerberos protected domain network, your computer has no idea whether that machine really is who it says it is.

You can get rid of the prompt by running mstsc.exe, and clicking Options->Advanced->Authentication Options, and picking "Always connect, even if authentication fails".
Click to expand...

yep. ssh prompts you with a similar yes/no question the first time you ssh into a machine.
 
Bouncing Zabaglione Bros. said:
If you treat them that way, they will be.
Click to expand...
That's surely one way to see it. But actually I have not seen the majority of users become any more responsible or proficient the last ten years. Mostly they are still morons. Security and convenience always have always been antagonists. More security means less convenience and vice versa. And because most people are lazy they will always choose convenience over security, if security is not forced upon them.
Bouncing Zabaglione Bros. said:
Have they tightened up security, or just given us a load of requesters that are so annoying most people try to turn them off straight away, whilst still not actually giving us a decent security model?
Click to expand...
I think they have given us a moderate increase in security for a bit of inconvenience while trying to stay as compatible as possible. I'm not saying that UAC is perfect, but it's a step in the right direction. I'm sure Microsoft could have come up with something better, but only at the cost of compatibility. And that would probably have been not such a good idea. I don't think so many people will turn off UAC, because Joe Average doesn't know where to do that. Besides once your computer is up and running you won't see UAC that much. If you do, you are probably installing drivers and software all day or need to update your software (SQL Server 2005 pre/post SP2 comes to mind here). Personally I don't see it more than once or twice a day.
 
20 years ago when I used to spend my time hacking Unix systems at university, just for the fun of it, there was a saying.

There were two sorts of unix systems, secure systems and usable systems.

The general concensus was the more usable and less intrusive the system, the less secure it was, and it pretty much held true. A lot of the mechanisms we used to gain root priviledges relied on pivilidge escalations through user stupidity.

The same is probably true today, MS has taken a big beating on the security front with XP. But I think the mistake being made is that the average user at home prefers usability over security while the opposite is true for people running IT departments.
 
You must log in or register to reply here.

Similar threads

W
  • Locked
My E3 2011: Skyrim, Rage, ME3, Batman: GC, Torchlight 2, TR, Prey 2, XCOM & more...
Replies
19
Views
6K
tabs
tabs
S
Vista observations and opinions
4 5 6
Replies
110
Views
13K
Kaotik
Kaotik
A
NVIDIA Q4: Ouch! $481M revenue, <30% margins
2
Replies
21
Views
10K
silent_guy
S
Arwin
GlovePIE, Sixaxis and Others
Replies
2
Views
21K
Arwin
Arwin
A
NVIDIA Q1 Financial Results
Replies
5
Views
4K
Sunrise
S
Back
Top