Linked by Thom Holwerda on Tue 1st Mar 2011 00:28 UTC
Mac OS X It's sad to see that even after all these years, we still have to write articles like this one. It's all over the web right now: a new backdoor Mac OS X trojan discovered! Code execution! Indicative of rise in Mac malware! Until, of course, you actually take a look at what's going on, and see that not only is it not in the wild, it can't really do anything because it's a beta.
Thread beginning with comment 464532
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Maybe I'm crazy...
by kaiwai on Wed 2nd Mar 2011 09:46 UTC in reply to "RE[2]: Maybe I'm crazy..."
kaiwai
Member since:
2005-07-06

How about not giving average applications access to so much user data (which they really don't need) as a default setting, but giving the user the option to choose to do so for software which requires it, with an UAC/gksudo-like window ?


Apple already provide sandboxing API's but unless Apple enables a way where applications refuse to run unless they're sandboxed I simply don't see things changing. The solution is there, it has been there for quite some time but are you willing to be told that 99% of your applications will fail to run because they're not using sandboxing by default?

There is security on one side of the coin and on the other side the practical considerations.

Reply Parent Score: 2

RE[4]: Maybe I'm crazy...
by Neolander on Wed 2nd Mar 2011 10:37 in reply to "RE[3]: Maybe I'm crazy..."
Neolander Member since:
2010-03-08

OSX provides the feature, sure, but is it really pushed forward ?

Do the Apple guys put agressive sandboxing in Xcode's basic application, as a default Xcode setting ? Do they mention sandboxing in their tutorials and doc ? Sure, if it's just some random feature lying around along with the thousand of others, things are certainly not likely to change... Until the day where security issues will become critical, that is, and that day Apple will have no choice but to *brutally* sandbox everything, the UAC way (and we both know how effective this is, as you mention it in your comment).

Edited 2011-03-02 10:40 UTC

Reply Parent Score: 1

RE[5]: Maybe I'm crazy...
by kaiwai on Wed 2nd Mar 2011 12:53 in reply to "RE[4]: Maybe I'm crazy..."
kaiwai Member since:
2005-07-06

OSX provides the feature, sure, but is it really pushed forward ?

Do the Apple guys put agressive sandboxing in Xcode's basic application, as a default Xcode setting ? Do they mention sandboxing in their tutorials and doc ? Sure, if it's just some random feature lying around along with the thousand of others, things are certainly not likely to change... Until the day where security issues will become critical, that is, and that day Apple will have no choice but to *brutally* sandbox everything, the UAC way (and we both know how effective this is, as you mention it in your comment).


Yes, Microsoft has pushed it as soon as it appeared in Windows and same with Apple when it first appeared in Mac OS X. Developers don't add it because they're lazy but I do think there is one way they can get people to do it - by making it a requirement for applications submitted to the AppStore. If they make it a requirement for the AppStore then you might find vendors.

Btw, UAC doesn't sandbox a thing - UAC is temporary privilege escalation and nothing to do with sandboxing. All UAC tells you is that an application is requesting privilege escalation but but it doesn't actually sandbox the application in anyway when running as a normal user. Windows has sandboxing and Adobe is finally using it for Acrobat X (but not comprehensively) in much the same way that Google has taken advantage of sandboxing in Windows and Mac OS X.

Edited 2011-03-02 12:55 UTC

Reply Parent Score: 2