Comments on: Skinny-Dipping with Microsoft: Bill Cheswick

By: dockblog // hamburg » Blog Archive » Bill Cheswicks “Windows OK”

Thu, 02 Mar 2006 16:30:26 +0000

[...] Beitrag zum gleichen Thema bei usablesecurity.com [...]

By: Bill Cheswick

Bill Cheswick — Fri, 15 Jul 2005 15:28:21 +0000

Actually, my Dad wouldn’t make the determination. We, or his system administrator would. If we couldn’t bring up the minimum he needs on Windows OK, then perhaps (since I am designing this system for him) it is not done quite right.

I envision the process thus: The administrator installs Windows OK, checks the apps my Dad needs, installing software as necessary (could include games…) and then locks the machine. In the ideal implementation, neither the game nor other applications could further modify the system, including spyware installation, etc.

I think this model would be useful to naive home users, but could also extend nicely to corporate and government intranet residents. BTW, in the latter cases, the administrator could unlock and modify the system remotely using appropriate crypto. They’d be the only ones allowed to. Such remote management products already exist and are in wide use. BTW, I think there is a viable business model remotely supporting my Dad and customers like him. We techies wouldn’t mind paying a few bucks to get our weekends back.

By: Ping

Ping — Thu, 07 Jul 2005 16:31:35 +0000

Given what Bill said about his dad not caring about the spyware as long as he could get his work done, it would be interesting to find out whether his dad would actually bother to buy Windows OK. The offering of Windows OK would present home users with a tough choice between the risk of infection by spyware versus the risk of not being able to use the software they want, where lots of future unknowns factor into both risks.

Perhaps the ultimate answer to that can only be told by the market. Or perhaps a better option would be not to create another version of Windows but to make the only version of Windows retain the capability to install third-party software but come configured like Windows OK by default.

By: mez

mez — Thu, 07 Jul 2005 15:41:20 +0000

I agree with Bill and bdpayne. My mom is like Bill’s dad; she has a very, very small number of things she wants to do, and there are many flexible features she’s always worried about using unknowningly because of the security implications. It’s not the whole market we need to restrict, but there’s a real market for the folks who can, should, and want to run restricted and safely.

By: Andrew

Andrew — Thu, 07 Jul 2005 15:34:59 +0000

I don’t like the use of the term skinny-dipping in this context. For most people, skinny-dipping is kind of fun and exciting. Using the Internet without protection is not fun and exciting. I think a more accurate might be something like “sleeping around”. In general, I like the use of hygiene and personal and public health metaphors to try to get the security message across.

By: bdpayne

bdpayne — Thu, 07 Jul 2005 14:58:11 +0000

Certainly not all users would be ok with a limited feature set. However, with the rise of web-based applications and with many users only using a minimal feature set (e.g., I can think of many people that only use a web browser, mail app, and office suite), perhaps something like this would be a good option for a non-trivial subset of computer users?