Perhaps the biggest risk when making a change in the name of security is all the things that may have been relying on the previously-lax security settings. After all, disabling an insecure feature is easy. The hard part is disabling it while retaining compatibility with people who were relying on that feature.
In the security investigations I’ve been involved with, perhaps the largest chunk of my time is spent trying to find a way to mitigate the security hole without breaking existing customers. (And it’s the Line of Business scenario that is the biggest question mark.)
Here’s a real-life example: Consider a sports web site which sells a service to subscribers wherein the site creates a pop-up window whenever a game’s score has changed or some other significant event has occurred. That way, you can leave your browser minimized and go about your day, but when something happens in the game, it will pop up an alert. The round of security changes in Windows XP SP2 broke this site because the rules on positioning of pop-up windows were tightened so that pop-up windows could not appear outside the browser itself. This prevents pop-up windows from being used to cover important browser elements (such as the status bar, the address bar, or a security dialog) and makes it harder for pop-ups to masquerade as system dialogs. But it also broke this company’s business model. And of course, if Microsoft does something that cause you to lose money, you sue. There were probably corporations that had internal web sites that relied on the ability to position pop-ups without restriction. Those corporations no doubt also complained about this change in the name of security.
来举一个现实的例子：假设有一个体育网站向客户销售一种服务，这种服务会在某场比赛的比分发生改变、或有重大事项发生时弹出一个窗口，如此你便可以将浏览器窗口最小化去做别的事，而当比赛出现变化时便会弹出提示。Windows XP SP2的一轮安全更新破坏了这一机制，因为弹出窗口的规则收紧了，现在弹出窗口不能在上级窗口范围之外弹出了。这一改变是用来放置窗口遮蔽浏览器的重要元素（如状态栏、地址栏，或某个安全对话框）的，也让弹出窗口冒充系统对话框的几率大减。然而这项措施也破坏了这家（体育网站）公司的商业模型。理所当然的是，如果微软公司的所作所为让你蒙受了经济损失，你当然会选择起诉。同样的，也有一些企业的内部网站依赖旧有的设计，来将弹出窗口不受限制地进行定位，这些企业也无一例外地抱怨这项以安全之名做出的改变。
As with most security changes that have compatibility consequences, a “safety valve” was added to return to the old insecure behavior for those customers who were relying on it. In this case, you can put the affected sites in the Trusted Sites zone and enable the “Allow script-initiated windows without size or position constraints” setting. But this is just a stop-gap, re-opening the security hole to let this site continue to operate the way it does. The real fix is not to rely on the security hole.