February 23, 2006

iVirus, Mr & Mrs Smythe, Shaking the Incumbents, Ping on convenience, Gmail on inconvenience

Curious that Apple's Safari wasn't mentioned in recent discussions about High Assurance certs. Which brings us to a rash of sightings of Mac Viruses. Well, three at least. Unfortunately the media can be relied upon to over-play the appearance of Mac Viruses, and downplay the Microsoft ones. That's because one is rare and the other is common. Although that will change over time, I predicted Macs won't be overly troubled by it this year, so they'd better do the right thing!

More signs of aggressive play by media corporates seen. This time, "Mr & Mrs Smith" have been accused of playing on your PC with more than the normal funny going's on. It's not clear what it means when they say "like a root-kit" but maybe you should play that movie at your mother-in-law's place first.

Dave discusses the effect of Skype on the telecoms industry. Curiously, although these forces have been building up for a decade (does anyone remember the first IP phone?) and we've been discussing it for even longer, it takes a big success like Skype to actually shake the incumbents. Exactly the same thing is happening in the DRM world as the incumbents are waking up to the success of iPod. Business plans and ideas are flashing around just like the good old dotcom days.

Ping launches an essay on how to solve phishing. He starts out from a principle that bears thought:

I have an idea about how to solve the phishing problem. Although proposals to solve phishing are not yet as common as proposals to solve spam, there certainly have been quite a few of them, so you would be right to wonder what makes this proposal any different or any more likely to work.

So, right up front, here is the key property of this proposal: using it is more convenient than not using it.

This principle has been bubbling around for some time, awaiting a pithy encapsulation. Think about it - you use Skype because it is more convenient than not. You use SSH for the same reason. You probably benefit from SSL when you benefit only because you had to do nothing to make it happen. And Philipp points at how easy it is to turn off security:

Without any guarantees, here are two tips that will make sure you will receive these new features as soon as they are available (and if you're lucky, they will start working right away):
  • If you are using an https connection to access GMail, remove the 's' (i.e. the address should read "http://mail.google.com"). Eventually, all the new services will support https, but they typically don't initially...
  • The comments are worth a read - for any security guy that needs to be reminded about how users really respond. Including this one which has more FC significance:

    Embedding Google Talk inside Google Mail is going to create a real problem for some people.

    I work for a bank where all external IM is forbidden. We can only go through auditable internal IM applications. This is enforced by a proxy server that blocks access to all known IM servers including MSN Messenger, Yahoo, ICQ, AOL, Google Talk, Jabber, etc.

    If the Compliance nazis hear that we can access Google Talk from Google Mail, they will block Google Mail too.

    I don't suppose there's much hope in asking, but is there any way we can have a special version of Google Mail _without_ access to Google Talk?
    Posted by: Anonymous Banker at February 10, 2006 03:17 AM

    Posted by iang at February 23, 2006 02:40 PM | TrackBack

    "Curious that Apple's Safari wasn't mentioned in recent discussions about High Assurance certs." That's because Apple has never sent a representative to any of the relevant meetings, or participated in any of the discussions. Incidentally, I wouldn't use this fact to infer anything one way or the other about Apple's views towards the proposals for extended validation (aka "high assurance") certificates; Apple's apparently a somewhat opaque company, and I've been involved in other unrelated initiatives where it was difficult to find someone at Apple to participate.

    Posted by: Frank Hecker at February 23, 2006 11:10 AM

    "Unfortunately the media can be relied upon to over-play the appearance of Mac Viruses, and downplay the Microsoft ones." Downplay M$? The media does this? Exaggerate any Apple product besides the ipod...the media does this too??? This statement CLEARLY represents the thoughts of the general public...

    Posted by: Joe B at February 24, 2006 12:58 AM

    Frank - yes, I agree. I don't know what to make of it.

    Joe - well, of course. Mac viruses are rare so they will be played up. Microsoft viruses are so common that they are simply not news. Also, Microsoft seem to be simply better at manipulating the media - just an impression - and can be relied upon to make sure that the "newsworthiness" of Mac viruses receives at least equal airplay to the "un-newsworthy" Microsoft security mess.

    Posted by: Iang at February 24, 2006 04:09 AM
    Post a comment

    Remember personal info?

    Hit preview to see your comment as it would be displayed.