Microsoft defends intrusive dialog in Visual Studio Code that asks if you really trust the code you've been working on

'All the subtlety of a GDPR cookie banner and the charm of Clippy'


Visual Studio Code program manager Chris Dias has defended an intrusive new "Workspace Trust" dialog, saying it is to "raise awareness that there are many attack opportunities when you download code from the internet."

The feature, introduced last month in version 1.57, was initially described as "extra security against code execution when browsing unfamiliar source code."

Unfamiliar code in this context might include code the developer has just written. For example, create an empty folder, add a readme.txt (or even leave it empty), open the folder in VS Code, and the editor presents a scary dialog asking "Do you trust the authors of the files in this folder?" The options are either to "enable all features" or to "browse folder in restricted mode."

Visual Studio Code running in 'Restricted mode'

Visual Studio Code running in 'Restricted mode'

Restricted mode "tries to prevent automatic code execution by disabling or limiting the operation of several VS Code features: tasks, debugging, workspace settings, and extensions," state the docs.

According to Dias, VS Code "is capable of running code from the workspace on your behalf to provide a richer development experience," which exposes developers to risks such as "the npm module that steals your crypto wallet private keys."

Dias noted there are multiple ways in which VS Code and its extensions execute code, some of them automated, such as pre-launch tasks that build a project for debugging, and potentially could have "an extra task executing arbitrary code unrelated to the build."

Jupyter notebooks run code, as does ES Lint, a linting tool for JavaScript. Initially, Dias explained, the team introduced warnings before all such actions, but then felt that multiple prompts for different purposes were worse than a single prompt for the whole workspace. In VS Code, opening a folder is equivalent to opening a workspace.

Dias acknowledged the ugliness of the dialog that "is pretty big and it keeps coming up for every new folder you open, unless you take action to configure it." However, he said that when the team tried "passive notification," or disabling trust until specifically enabled, "usage data showed a very low rate of granting trust through the passive notification. In user studies, we watched people spend all their time thinking they had broken something."

A large modal dialog pops up whenever VS Code opens a folder for the first time

A large modal dialog pops up whenever VS Code opens a folder for the first time

Therefore the current design has one modal, intrusive dialog that, once passed, enables everything. There is even an option to "trust the authors of all files in the parent folder" so that the feature can in effect be disabled for an entire collection of projects. There is also an option in Settings – Security to disable the feature completely.

The consequences of not trusting a folder: many features do not work

The consequences of not trusting a folder: many features do not work

The feature is problematic, as VS Code users were quick to observe. "I was very happy to figure out how to disable the new 'Workspace Trust' feature in #vscode … if I didn't trust the code it wouldn't be on my system," said one. "It has all the subtlety of a GDPR cookie banner and the charm of clippy," said another. "When you ask #microsoft to make #vscode secure this is the stuff they come up with. #VistaPrompt," was another take.

Workspace Trust does have a use case: safely browsing suspect code. But the notion that all the source code on a developer's PC is suddenly untrusted by default is an odd one, and modal dialogs are a blunt instrument that developers may confirm simply in order to get on with their work. Modern JavaScript projects, for example, often have thousands of files, many buried under a directory called node_modules. It is not humanly possible to check each one, and a huge number of different authors may be involved. Asking the developer to declare that they trust those authors may not materially improve security.

A developer commented to one of several GitHub issues seeking to improve or remove the feature by complaining that VS Code is "gradually sliding from sweet simplicity into a DevOps platform designed for users with no IT experience."

Workspace Trust is well intentioned but the feature seems out of step with the philosophy of an editor that is lightweight and does not get in the way.

That said, the feature is optional and perhaps achieves the goal of raising awareness of the risks "when you download code from the internet." Dias promised a number of fixes and improvements "coming in the 1.58 release based on your input." ®


Other stories you might like

  • We can unify HPC and AI software environments, just not at the source code level

    Compute graphs are the way forward

    Register Debate Welcome to the latest Register Debate in which writers discuss technology topics, and you the reader choose the winning argument. The format is simple: we propose a motion, the arguments for the motion will run this Monday and Wednesday, and the arguments against on Tuesday and Thursday. During the week you can cast your vote on which side you support using the poll embedded below, choosing whether you're in favour or against the motion. The final score will be announced on Friday, revealing whether the for or against argument was most popular.

    This week's motion is: A unified, agnostic software environment can be achieved. We debate the question: can the industry ever have a truly open, unified, agnostic software environment in HPC and AI that can span multiple kinds of compute engines?

    Arguing today FOR the motion is Rob Farber, a global technology consultant and author with an extensive background in HPC and in developing machine-learning technology that he applies at national laboratories and commercial organizations. Rob can be reached at info@techenablement.com.

    Continue reading
  • But why that VPN? How WireGuard made it into Linux

    Even the best of ideas can take their own sweet time making it into the kernel

    Maybe someday – maybe – Zero Trust will solve many of our network security problems. But for now, if you want to make sure you don't have an eavesdropper on your network, you need a Virtual Private Network (VPN).

    There's only one little problem with commercial VPNs: many of them are untrustworthy. So, what can you do? Well, run your own of course is the open-source answer. And, today, your VPN of choice is Linux's built-in VPN: WireGuard.

    Why WireGuard rather than OpenVPN or IKEv2? Because it's simpler to implement while maintaining security and delivering faster speeds. And, when it comes to VPNs, it's all about balancing speed and security.

    Continue reading
  • Boffins demonstrate a different kind of floppy disk: A legless robot that hops along a surface

    This is fine

    Those of us who fear future enslavement by robot overlords may have one more reason not to sleep at night: engineers have demonstrated a few of the legless, floppy variety making some serious leaps.

    Animated pancake-like droids have demonstrated their ability to execute a series of flops in a fashion their creators – soft robotics engineers based in China – describe as "rapid, continuous, and steered jumping."

    "Jumping is an important locomotion function to extend navigation range, overcome obstacles, and adapt to unstructured environments," Rui Chen of Chongqing University and Huayan Pu of Shanghai University said.

    Continue reading

Biting the hand that feeds IT © 1998–2021