I'm evaluating some PKI smartcards, and it most certainly does NOT give me a warm and fuzzy feeling when the manufacturer instructs the user to disable security settings.

Here is a screenshot from the user manual of a certain product that insists Windows security must be set to this mode in order to use the card:

I'll grant you that some of Microsoft's "security" is likely a racket to extort extra money out of vendors to have their products "certified".

However, it is wholly unacceptable for a vendor to instruct the computer adminstrator to blindly turn off security.

A preferred solution would be for the vendor to formally list which subset of features can be used without reducing security. I'm rather doubtful that accessing a smartcard requires permissions such as "try(ing) to install software", "make changes to my computer", or "make changes to Windows settings".

Said vendor also requires the VC2008 runtime to be installed, which is another no-no in my book.

.

back to main page contact