Linked by Thom Holwerda on Thu 3rd Nov 2011 22:54 UTC
Mac OS X And so the iOS-ification of Mac OS X continues. Apple has just announced that all applications submitted to the Mac App Store have to use sandboxing by March 2012. While this has obvious security advantages, the concerns are numerous - especially since Apple's current sandboxing implementation and associated rules makes a whole lot of applications impossible.
Permalink for comment 496000
To read all comments associated with this story, please click here.
RE[5]: Good move
by Neolander on Sat 5th Nov 2011 09:13 UTC in reply to "RE[4]: Good move"
Neolander
Member since:
2010-03-08

The biggest problem when it comes to security is software bugs. The bulk of exploits are based on the fact that there's a bug in the software that facilitates buffer overruns which allows one to execute code.

As far as I know, buffer overruns are not a fatality, and protections exist against them : read-only code and canaries at the CPU level, fixed-length buffers at the API level... But I agree with your general point that every software implementation is breakable, which is why careful testing of critical code and regular updates are so important.

"My question is : why is the PDF reader able to get root access to the device at all ?"

Point is it doesn't have to have to be exploitable, a bug which allows for improper code execution is enough.

"With proper sandboxing, an exploit in the PDF reader would only allow a cracker to have a look at the PDF reader's private data, which is a much, much less interesting trick."

Not necessarily. If memory is written outside the applications heap, its more than likely to have full access to the system allowing the malicious code (not the app itself) for any anything it wants to do.

Wait a minute...

On x86 CPUs, and I'm pretty sure it's the case on ARM too, there's a MMU and memory protection. When this feature is used to implement processes, the net result is that every software lives in a "private" chunk of RAM, and only communicates with other software through controlled communication channels.

So if a given software runs amok, it should only run amok within the boundaries of what it's allowed to do. Am I correct ?

Sure it does, and in the desktop space, there's been quite a few of them : tucows, download.com, versiontracker and macupdate are just a few. But these are merely aggregators not App Stores. They offer no guarantee of the purchase process and in most cases even about the availability of the listed application.

Not if you know what functionality you're looking for. You might search for an unrar app, a VNC client, an RSS Reader, … Doing those searches conveniently pops up a list of all available apps allowing you to pick the one with the functionality and price point you find appropriate for your needs.

Fair point : there is a trade-off between general usage convenience and decentralization. A centralized system gives an unreasonable amount of power to the repository owner, but also means centralized knowledge about software availability.

You're more likely being served in a better way if you just consult the app ratings and read the user reviews in the App Store.

Ratings and reviews are a mixed bag, in my experience. Sometimes they work, sometimes they don't.

Let's talk about ratings, first. While it is very easy to give binary ratings to stuff which you feel is excellent or extremely bad, it is much harder to express mixed feelings in a rating, and if a large number of people do it the information is likely to be averaged away. Typically, I take a rating that is less than "perfect" as a warning, but it doesn't give me much more information without an attached written reviews.

As for reviews themselves, when you're dealing with a small and informed user base, such as on some computer hardware websites, they can be very helpful. But when the user base grows, there is a growing number of parasites who post poor-quality reviews, or stuff which does not even qualify as a review (the "I have a big dick" or "First" variety of comments). On frequently reviewed software, the noise often ends up erasing the insightful information, unless you're ready through 4 pages of comments to get an idea about each piece of software.

To fight this tendency, some websites which use ratings and reviews, like Amazon, have a way for users to say "this review is insightful" or "this review did not help", which in my experience works quite well. But I don't think Apple have this in their stores.

Why wait 2 months for a published magazine to pick up a newly released app? This used to be my methodology of working in the past, but now we're talking about the nineties, when broadband wasn't among us yet and magazines with CD-ROMs were still a huge deal.

This is why I also mentioned websites and relatives, which in the Internet age are sure much faster than magazines ;) Magazines still have their use though, as they can provide higher-quality reviews than other solutions for "big" software which doesn't change a lot in time such as office suites, image and video editors, CAD tools...

You browse trough the list, you look at the user ratings, reading the reviews and description, and look at the screenshots. I don't see much difference in the selecting process. When you like something its a quick trip to the the buy button and you have it working. Instant gratification. The barrier can't get much lower than this.

Again, you're right that centralization does have its good sides, including convenience for everyday use.

Reply Parent Score: 2