Re: ISSUE-101 Create "visiting known site that is now malware" use case as per ACTION-275

Wait, are you saying that this new use case might overlap with an
existing one?


Ian Fette wrote:
> I wonder if it doesn't fit with Installing? I.e. the Vicki use case
> ("Vicki is interested in finding out more about art auctions in the
> greater Boston area. She engages a search engine and tries to follow a
> link there. Her web browser consults a reputation service which has
> recorded that the link target will attempt to subvert the browser and
> install malicious software.") is listed as identified source,
> unidentified destination, installing. To me, the new use case seems like
> identified source, identified destination (she goes to that site often),
> installing.
> Although, to be honest, if someone disagrees it really doesn't matter to
> me how it gets classified... it just seems to me that it's most similar
> to the vicki case.
> -Ian
> On 10/9/07, *Close, Tyler J.* <
> <>> wrote:
>     This use case is now at:
>     <>
>     It doesn't fit into our current categorization of
>     Believing/Providing/Installing, since there is no user interaction,
>     so I've just marked it "No interaction" and left it out of the
>     category table.
>     --Tyler
>         ------------------------------------------------------------------------
>         *From:*
>         <>
>         [
>         <>] *On Behalf Of *Mary Ellen
>         Zurko
>         *Sent:* Friday, September 28, 2007 8:49 AM
>         *To:* <>
>         *Subject:* ISSUE-101 Create "visiting known site that is now
>         malware" use case as per ACTION-275
>         After much discussion, and great work on the part of all
>         participants to craft the most acceptable proposal, we are
>         resolving this issue according to the results of the poll.
>         The final proposal for the use case is:
>         Betty tries to connect to a web site at
>         <_>._ <>She
>         visits this site frequently to read various news and articles.
>         Since her last visit, the site <>
>         has been compromised by some method, and visitors are now being
>         infected with malware. At the time of the current request,
>         Betty's user agent now has information saying that
>         <> is a known bad site. What interaction, if
>         any, should occur?
>         The poll results are:
>         Accept: 7
>         (ian f, anil s, thomas r, johnathan n, dan s, audian p, phill h-b)
>         Abstain: 3
>         (jan vidar k, cristian s, rachna d)
>         Against:: 2
>         (tyler c, serge e)
>         Absent a material error in the count, I declare concensus on
>         this issue. The editors will add the use case to wsc-usecases,
>         and add Ian Fette to acknowlegements.
>         On a related note, I am sorry I was not around to give direct
>         feedback to people when the discussion tone occasionally slipped
>         out of the totally professional and respectful. I know everyone
>         is capable of engaged and even handed discussion, even when they
>         totally disagree with others, and that an occasional personal
>         and private reminder can go a long way towards halting any slips
>         that might occur.

Serge Egelman

PhD Candidate
Vice President for External Affairs, Graduate Student Assembly
Carnegie Mellon University

Legislative Concerns Chair
National Association of Graduate-Professional Students

Received on Wednesday, 10 October 2007 01:00:15 UTC