Yeah, it really shakes brain and suddenly “install antivirus, install firewall, feel safe” doesn’t feel so smart and smug anymore. :)

Thanks for pointing this article out. I’ve got a whole different perspective on computer security now. Makes me want to learn more actually…

Yeah, article is timeless and priceless. Years since it was written and not much changed – bit sad.

And there is nothing wrong with solutions that are “good enough”. As long as we are aware about flaws and can balance them out.

BTW.. I too have advocated the WOT toolbar/plug-in to my readers, yet I have always had the same belief that you do — the model has quite serious flaws.
Yes.. that’s contradictory.. I know. But I believe that its “good” outweighs its “bad” and I don’t advise relying on it either. Personally, I combine it with SiteAdvisor or LinkScanner..

Isn’t WOT exactly one of those dumb security ideas? Enumerating badness? :) And resorting to crowd wisdom – which ranks high on my personal list of dumb ideas.

I am not saying it is bad, quite opposite. But it is definitely not approach I am willing to rely on.

One product I endorse to greet the bad guy at the front door is Web of Trust (WOT) – browser add on.

Comodo can be educated and is pretty flexible at that. :) But in paranoid mode it can drive users nuts even faster than UAC.

Yeah, Vista got UAC terribly wrong. It’s actually standard Linux approach – want to do something advanced, get asked about admin credentials. How complex was to copy that?..

Vista managed to educate users that first thing they must do is to go and disable part of security so it stops interfering every minute.

Vista UAC is a great idea – don’t allow things to run without explicit consent – but ends up being really annoying. UAC is more turd polishing though. Hopefully windows 7 may have some better answers.