unity-design team mailing list archive
-
unity-design team
-
Mailing list archive
-
Message #00262
Re: [Fwd: Re: Update manager]
> Ryan Prior
>
> My common sense says that it won't be a big problem, and I haven't
> seen anyone be confused in that way yet. Pop-unders containing
> advertisements definitely trigger that reflex, but as this is a very
> orderly and useful widow without any garish images or exclamation
> points, I think we are treading on relatively safe ground.
>
It is accepted that the icon is NOT very useful and also ignored,
But the present problems with the update-manager behavior are:
1: If the user either accidentally dismisses/chooses to install later ,
he has no easy way to do the update! He is forced to go through the
update manager.
2: Due to the above the update manager unnecessarily clogs up the
windows list without the users consent, since the user is forced not to
close the window.
3: The system is making the user get acclimatized to a pop-up/pop-under
windows as an acceptable behavior! this method has to be discouraged.
This is a security risk and it only time before it is exploited.
Update manager is nothing more than another system process and therefore
shouldnt be allowed to act on its own...
If similar "shortcuts" are to be used for the whole system?
Imagine if instead of a notification asking for user to choose to force
quit/cancel force quit a non-responding app , the system decides to
force quit on its own! and then show a pretty bubble saying "System
closed the misbehaving app"! Rarely there is something that the user can
do than to force close the app. Its not done to prevent the element of
surprise and such behavior more of an annoyance!
To achieve an acceptable decent solution:
1: Update manager should show an interactive notification/morphing alert
box, saying "Updates are available" and then the user decides what he
wants to do.
2: If the user decides to delay the update for a few mins/hrs... he
should be able to easily access the update manager without the need to
navigate through the menus... This is only done by having a reminder in
the panel/new icon on the desktop/reminder in the FUSA or Indicator
applet. Or another way is to minimize the interactive
notification/morphing alert box to the edge of the screen to remain as a
remainder.
In no way the system should decide what windows it can open...
If this is allowed it is only a matter of time before someone develops a
worm which uses this behavior and pops-up a window similar to the update
manager which also asks for the user password allowing the worm to take
control of the system using this password info.
*Is ubuntu only going to realize this security risk after someone*
*develops a proof of concept worm or a real virus* ?
If this is done linux will no longer be THE secure OS.
All windows in the window list should only be triggered by the user, all
other system process should only trigger a notification.
cheers,
mac_v
Follow ups
References