feedback requested: security warning text

Networking & Multiplayer
#1

Hello there,

I know this is a hot topic, but we’d like to request some feedback about possible improvements for the text (and appearance) for the Applet Warning text which is shown for untrusted applets.

This is the text that is shown when you click or hover over the security icon in 6u10+ .

Currently it displays a very helpful to an average user “Java Applet Window”.

We’re considering something along this lines: you move the mouse over the warning icon, a tooltip pops up with something like this:

Be cautious what you type and click: the window was created by untrusted application.
Application address:
Click the icon for more information.

Clicking the link redirects the user to a page expanding this info.

I understand that most of you would want the warning to go away completely. Not going to happen for a while, but we have a chance to improve what we have.

Dmitri

#2

What does the browser show you when something ‘dangerous’ is about to happen?
-> a yellow bar with a oneline message, it has a context-menu, and a [ x ] button to get rid of it.

IF you REALLY want to be more informative than “Java Applet Window” (and I’d say: please don’t!!), THEN a yellow bar, that behaves exactly as in the browser, might be least intrusive.


http://www.indiespot.net/files/java_alert_small.png

IMHO the current situation (yellow triangle) is better than your “…be cautious…” proposal, and better than my ‘yellow bar’, but being very specific about how dangerous applet windows are, is a sure way to scare away your clients.

#3

The message should concisely describe exactly what untrusted applets can do that a normal application cannot.

What can a sandboxed (untrusted) applet do that an AJAX application cannot? If the answer is “nothing”, then the message should say nothing. Otherwise, it should say what the untrusted applet can do.

“Be cautious what you type and click” is not specific, and probably scares people for no reason.

If it has to be a warning, and it’s just as safe as an AJAX app, then perhaps the tooltip should simply say “Java Applet Window” or “Java Applet Window [more info]”

#4

Thanks for the feedback. Well, people complained that yellow triangle doesn’t give enough information. So the idea is to leave it there, but give more info when you click or hover over it- basically an explanation.

Dmitri

#5

Maye it would be better if it wouldn’t be an ‘alert icon’ but a ‘java cup’ ?

#6

I still don’t understand what the warning is for. There’s got to be a reason for keeping it, right?

#7

Java applets can create [un]decorated toplevel windows, which can look to the user like some system dialog, and request password/etc.
So this is to prevent spoofing - the user should know that his input goes into an untrusted application.

#8

Why not limit the bounds of the window?

I mean, when the window can only have a certain size, it would be just as ‘dangerous’ as Flash, which could just display the graphics of a window, and ask for your password / creditcard.

#9

Ok, well, ignoring for the moment that spoofs can be made with HTML, or an untrusted applet could be scaled to 100% of the window size and a warning wouldn’t show. And ignoring that modern browsers have phishing filters.

Perhaps it should say something along the lines of “This isn’t a web page - it’s a Java applet. Don’t enter passwords, credit card numbers, or other personal data. [more info]” Where [more info] would be a link, if needed. I’m basically paraphrasing from definitions of phishing.

#10

I don’t think you can do that with HTML. You can’t show an undecorated window that way, or a window that fills whole screen.

Really? Show me an applet that can do that =) Barring bugs this applets can’t hide security warning (banner/icon).

I don’t think browser’s filters will catch this kind of phishing - you’re mixing the concepts.

I think that’d be scarier than what we suggested, no? We’re trying to make it less scarier.

Dmitri

#11

Not sure what you mean. Flash can’t open native top level windows AFAIK. All it can do is ask browser to open a new window, and I don’t think it can be undecorated either, at least no according to this:
http://www.webdesign.org/web/web-programming/javascript/opening-a-new-window.7705.html

Don’t you think limiting the window size will be even more limiting to the user and developer?

Dmitri

#12

Flash can go fullscreen, try it in YouTube, right next to volume control.

however, keyboard input is deactivated, for security reasons…

That is how Adobe handled it, why not go for the same strategy?

  1. undecorated? -> no key input
  2. window fills more than x% of the screen? -> no key input + subtle warning, just like Flash
#13

The window was created by an untrusted application.
Click the icon for more information.

I wouldn’t put to much text into the tooltip since there is a “click for more info” option planed. Reduce it to a minimum and elaborate elsewhere (just IMHO)

#14

Darn it… >:(

technical people often underestimate what endusers think when they read ‘beware’ / ‘caution’ / ‘untrusted’.

If in doubt, do it like Flash… seriously.

#15

Both Flash and Siverlight have similar restrictions regarding full screen mode (keyboard input is limited, esc exits FS unconditionally, you can only enter FS in response to user input - mouse clicked/key pressed).

We’re doing something similar for JavaFX - an untrusted FX application will be able to show FS window w/o warning icon (JavaFX runtime itself is a trusted application, which is why it can do this, but very very carefully), but with exact restrictions like Flash 10 and Silverlight have.

Perhaps this could be implemented in the jdk as well.

That’s what we’re trying to do here, a subtle warning, no? You still get all the functionality, except for this little icon.

Also, this would break backwards compatibility, obviously.

We could probably introduce some sort of jar or applet property or something that will say “hey, I agree to all those restrictions, just don’t show the security icon”.
That way only applications which expect to work with these restrictions will be

Dmitri

#16

I agree, your wording sounds better. I think we had of that as well, but for some reason it been expanded.

#17

I just want to make sure everybody understand that I do appreciate everybody’s input, and it will be considered.

#18

I was thinking of sites that spoof another sites login form. Really easy to do, especially since Google Account login is on a lot f different sites.

Here is an applet taking up 100% of the window content. Tested in FireFox. It doesn’t show a warning. There are other JS tricks besides this one.
http://www.brackeen.com/appletwindow/

Maybe they don’t. I don’t have any examples where a page with a Java applet is marked as malware. But maybe that’s where it should happen, since browsers warn against malware, phishing, etc.

If the goal is to make it less scary that what is implemented in 6u10, don’t show any warning icon. If the problem is undecorated windows, only show the icon on undecorated windows.

#19

We can’t follow Flash everywhere when it is related to security. Flash just can’t do lots of stuff that Java platform (even untrusted applets) can.

#20

You misunderstood me (or I misunderstood you). The Warning icon is only shown for Java top level windows.

Try creating a JFrame - not a browser window - from that app, and you’ll see a warning sign.

The window you shown can not be mistaken for a native login password, it has all attributes of a browser window (a url bar with the url, internet exporer icon, and status bar)

The problem is not only undecorated windows, ANY windows. It is possible to create a complete replica of any native window in Java.

Dmitri