That's exactly the problem. Train users to press OK every time a security dialog pops up and the next thing you know, they click OK on everything.
The funny thing about signing, too, is that it only proves a bit of code hasn't been tampered with by anyone else. There is nothing at all
to prevent a fraudster obtaining a certificate and signing phishing code. Nothing
. Signed code is not safe. It's just provably untampered with.
So it's really all rather pointless as far as the human element of security goes.
Of course signed code is not necessarily safe code, but the resulting security dialog is good feedback that this program will run outside of the security sandbox.
Many users might choose to ignore it because they click OK on everything, but imho that doesn't mean it's pointless for everyone. That's not the problem of security dialogs but the problem of the users that ignore them (and of their friends and relatives that have to reinstall their PC for the umpteenth time again
I for one like to know if running some java applet or webstart app requires some additional trust from my side so that I have a choice to run the program or not.
But not considering exceptions at all is a big problem, too, because it means that things that should be considered sandbox safe now need to be out of the sandbox, which is a security flaw - people should never need to grant permission to their entire system just to allow something to use their graphics card, but under the current model they do.
Oh I absolutely agree that the current security model is too coarse, but that's a bit of a different discussion isn't it? (I mean, endorsed libraries won't fix that)
For the record, I do agree with Cas' proposition. Not so much because security dialogs are pointless, but as a way to make the scope of the security sandbox a bit more flexible, yet still controlled.
But one thing I'm not really confident about is the following scenario:
What if endorsed libraries start showing up, and one version of a library turns out to have a serious security flaw? What would stop dubious parties to keep using this particular version of this library? An expired certificate?