Saturday, 15 October 2011

The Dangerous Mod

Popup Worry

Kaspersky continues to perform as one of the best available Internet security packages, and although everyone is only ever one slip away from a major breach and a catastrophic loss of reputation, I would not hesitate to recommend it. Maybe that's why I've given this little popup notification a bit more attention than it warrants at first sight.

A look in the usual forum or three reveals that people have indeed found messages like this one quite confusing. For one thing, they are unforgivably ambiguous. Is it the application, or the modification, that is being flagged as "potentially dangerous"? And quite separately, which one is it that has no digital signature - the original app, or the process (installer) trying to update it?

Then there's the question of relevancy when it comes to "98% of users trust this application". Do they trust the modified or unmodified version? And why exactly do they trust it? You don't have to be particularly security savvy to know: the mere fact that "more than a million" users have run a program, doesn't prove it's not malware. Aren't those users being a little bit cavalier, at this time of apparently ubiquitous fake certificates?

Of course, clicking "Help" does nothing to improve matters, unless you count as progress, advice on how to prevent these pesky warnings from appearing at all. The so-called "Help" link just takes you to a description of popup warning management options within the security app itself, completely oblivious to the context of your present dilemma!

Finally, I have to grumble about the available options. None of these is entirely satisfactory. Yes, I trust - as we have just been told - obviously risks running a "potentially dangerous modification of the application". Yet how is a typical user supposed to evaluate the Restrict option? Why on earth would you ever consider allowing "dangerous operations" in the first place?

As for the seemingly safe Block option: nothing terrifies me more than the prospect of trying to update my wife's iPad2 to iOS5, as I am destined soon to do, then being blocked halfway through an elaborate backup / restore operation because the necessary instructions are stuck in a blocked QuickTime Task. Where is the "Ask me later, when it actually tries to do something" option? Remember, almost everyone now has this kind of update configured to run automatically in the background. I probably won't want to have to deal with this warning as soon as it pops up. Yet it cannot be dismissed without making an apparently irrevocable decision about the fate of a potentially critical app.

Nor can it be ignored; it's a stay-on-top window.

Calm Down, Dear

Now, it goes without saying (to security experts like you and me :-) that the correct option is to click the inconspicuous little information icon beside the application name, and verify as many details as possible, sans signature. In this case, the app name, path, vendor, product version and create / modified dates check out, while I can see that it's the original app that had no sig. Hey, it's been running that way since July! Only now is the warning disambiguated: it's about the modification of an unsigned file.

Here, both the original file and the agency performing the modification are trusted. So I choose Yes, I trust and get on my way.

This rant is all about UI design and user guidance. Kaspersky, you might be as I contend, the best in the personal computing security business; but you sometimes make the mistake of assuming you're communicating with colleagues. Often instead, you need to explain as you would a child.

No comments:

Post a Comment