Further exploring the FUI

Jeff Atwood recently wrote an entry about the Fake User Interface (FUI), and how spammers use it to install spyware on unsuspecting user's PCs.

Trawling through the comments, you get various suggestions as to how to combat the problem. But they won't work. Things like disabling javascript, banning javascript alert(), having a random window chrome, even educating users about spyware; all of them are doomed to failure, because of the two invariants:

  • Spammers will always innovate, and
  • Users will do whatever is necessary to continue doing whatever they originally were doing.

Going off Jeff's original example: if a user is searching for information on lilies, and is presented with a warning page saying they have a virus, generally, they will download the program and run it, with the expectation they can eventually get back to their lilies.

The problem is that we expect the general user to manage their own PC, when in reality, they have no idea what they're doing. We don't expect everyone to be able to service their own car, so why do we expect everyone to be able to service their own PC?

The solution then is obvious -- and it's what corporations have been doing for a decade now: a managed PC solution.

You deliver the user a strictly locked down PC. No installing applications -- perhaps, even no running of applications not on a whitelist. They can download MP3s and videos fine, but that stray executable they download is effectively neutered. The important thing here is the user does not have administrator access to their PC. They don't even know the password. Want to install an application? File a support request.

I already do this for my dad; and his PCs generally run stably, virus- and spyware-free for years on end. And there's not even a virus scanner installed! Compare this to my sister's computer (where she has admin), and you see the stark contrast. Her PCs generally last 6-8 months before they contract something.

Comments

Submitted by Joelith on Tue 19/08/2008 - 21:33

But Peter, isn't what you are describing the iPhone? No user (except for people like me that have purposefully hacked the phone) knows the administrator password. They can't install anything unless it comes through the App store. And no application can become available through the App store unless that application has been approved by Apple. And all applications are sandboxed and can't generally access the data of other applications. And even if an application gets through Apple can remotely disable the application if they later discover a problem. So you, of all people, are telling people to buy an iPhone? What kind of topsy-turvy world is this?

I'd also like to comment and Peter will probably disagree, turning off javascript is dumb. The web won't work. Web 2.0 (or whatever other horrible expression you want to use) relies on javascript. Google maps, Street view, Flickr etc all rely on javascript. Turn it off and the web becomes unusable. Turning off javascript is not a solution and the average user will become very frustrated, very quickly if they try it.

Submitted by nemesis on Tue 19/08/2008 - 22:30

Embedded devices, like mobiles, is a different game. Nokia does something similar with Symbian (unsigned applications are heavily sandboxed -- applications need to be certified that they're not malicious by the signing authority before they get more privileges).

Maybe an alternative solution to my managed desktop idea is to mandate that all applications have to be signed by a signing authority (and no, this doesn't necessarily have to be Microsoft).

The problem of course with relying on the signing authority is that they can't catch everything. Microsoft's WHQL signs drivers, certifying that they pass Microsoft's stability requirements. But some driver manufacturers (*cough* Nvidia) intentionally circumvent the process.