Shoutbox

quote:

---

Originally posted by wincy
However I think that security is one of the most important things and would be nice if someone decide to develop something like WLM Safe (maybe starting from the new 6.0 source code).

---

If you want to send me the source code, I can send you my e-mail in a PM. This might be something worth looking at. Obviously I would still credit you for your work

quote:

---

Originally posted by wincy
That's all. I put my best effort and lot of passion in WLM Safe development, but I face the fact that the script is no longer usable and that's why I understand your decision to remove it from the Scripts' database.

However I think that security is one of the most important things [...]

---

Security is indeed one of te most important things. Hence why it is also very important to make such detectors in the correct way. Which means minimize the risk of false positives (which wasn't a problem with WLM Safe), but also to minimize the false feelings of protection (which was a big issue).

Yes the setup-like dialog looked nice, but it had no place in this script. The whole design of the script made it so that it looked like it did quite a lot more than it actually did and that it protected you from extremely many things; while in fact it did not. Remember that a false feeling of security is very quickly created with the general user; people are easily fooled.

And on top of that there was the privacy invasion... Which in the end all lead to removal from the DB.

Bottom line is that creating a security oriented product is not that easy at all and way more difficult than it sounds. And I'm not talking about the actual detection process, but how it is presented. Detecting some bad URLs is one thing, even the easiest thing if you whish. How you present the whole thing to the user is quite something else. And because security starts with the mind set of the user (and NOT with what your product can do!* ), it is actually very vital to have your interface and design of the product spot on and to the point, nothing less, but absolutely also nothing more!

So, loose the setup-like dialogs making people believe "oooh! It installs quite a lot and does some fancy eye candy! So this thing must be very inteligent, great, smart, checking with some advanced tools etc,  and thus will protect me from everything bad people will send to me. I'm safe now..." and instead make a simple, but still nice looking, message dialog stating exactly what the script does (checking some known URLs, nothing more, nothing less) and give a warning that unknown bad URLs might still slip thru. And you will have a cracking product!!

And make sure your numbers are correct of course
And talking about numbers.... the number of users don't say a thing about how safe or correct your detection is. It only gives an indication of how popular it is... Even a bad and fake, but nice looking, thing might get very popular.. .so....

------


* There is quite a good analogy here which most people would understand: teach people to wear a seatbelt and drive safety and follow the traffic rules, instead of inventing all kinds of (electronic) stuff which make them believe they are safe and can do whatever they want.