The popularity of Java applets means that a vastly increased number of users will run untrusted software on a regular basis. Current security strategies that focus on limiting applet access to dangerous system calls are useful but insufficient; the ability of applets to freely manipulate even a portion of the screen display, combined with the ability to send information back to their source machines via the network, allows applets to mount trojan horse attacks by imitating the user interface elements of trusted software. It is infeasible to increase security by further limiting those applet abilities, because doing so would greatly limit the ability of applets to provide the interactivity and animation on which so much of their appeal is based.
Window personalization is a supplementary security strategy which is independent both of the strategies described above and of code signing. If users are strongly encouraged to personalize the appearance of the user interface elements of their trusted software, in ways that are highly recognizable to the user yet very difficult to predict by others, then the designers of rogue applets will not be able to mimic those user interface elements convincingly because the personalized aspects of the appearance will be unknown to them.
The window personalization strategy can be extended to any situation in which a user needs the ability to verify that a user interface is being presented by a trusted entity and not by an imposter. Two examples in which this need for verification may arise are automatic teller machines and point of sale transactions.