Linked by Thom Holwerda on Thu 3rd Nov 2011 22:54 UTC
Mac OS X And so the iOS-ification of Mac OS X continues. Apple has just announced that all applications submitted to the Mac App Store have to use sandboxing by March 2012. While this has obvious security advantages, the concerns are numerous - especially since Apple's current sandboxing implementation and associated rules makes a whole lot of applications impossible.
Thread beginning with comment 495893
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Good move
by Neolander on Fri 4th Nov 2011 17:44 UTC in reply to "Good move"
Neolander
Member since:
2010-03-08

You raise some interesting points.

First, I agree with you that it's difficult for a legacy operating system to make application sandboxing mandatory. Some compatibility will be broken, sooner or later. However, OS vendor control on applications is not the only way to do that. You can also do it the Microsoft way, by pushing an OS release that breaks compatibility, but is advantageous in other ways, like Windows x64 breaks DOS compatibility. At some point, everyone will use the new release, although it can take some time.

Reply Parent Score: 2

RE[2]: Good move
by frderi on Fri 4th Nov 2011 19:26 in reply to "RE: Good move"
frderi Member since:
2011-06-17

First, I agree with you that it's difficult for a legacy operating system to make application sandboxing mandatory. Some compatibility will be broken, sooner or later. However, OS vendor control on applications is not the only way to do that. You can also do it the Microsoft way, by pushing an OS release that breaks compatibility, but is advantageous in other ways, like Windows x64 breaks DOS compatibility. At some point, everyone will use the new release, although it can take some time.


True, but name me one digital protection scheme which hasn't been compromized. Whenever there's software, there's bugs, and whenever there's bugs, there's exploits. DVD Copy protection, Blu-Ray, SSL Certificates are all living proof of this.


Second, although the implementation is more than perfectible, Android showcases that sandboxing can be introduced on a new OS without draconian OS vendor control.


To what benefit? Android leads the pack by far in terms mobile OS exploits.


Third, you state that vendor-controlled application stores make it easier to find and install software.


It makes it far more easier for the bulk of the non-tech users to find their software, since the Mac App Store is installed and available by default on the system.


word of mouth remains the main way of discovering new software with or without app stores.


For a couple of apps, yes. for many others, no. If you're a heavy user of a certain productivity suite to do the grunt of your work, the chance is big you already know the app you're going to install. But there generally won't be many of these apps sitting on your system. For most of the smaller utilities, where you are looking for a solution for a functionality you are missing, a centralized system which lists the available software is more beneficial. And often times, one gets to know newer, better alternatives when searching apps on a big app aggregator, you wouldn't have had the same convenient list of available applications with just a few keystrokes while using search engines like Google.

As for installation itself, it is made easy not by the use of app stores themselves, but by the standard application packages they use. You are right that application stores are better for paying applications, though, but I don't know up to which point (PayPal is a universal mean of buying software on the internet, and software can use the same kind of DRMs as app stores to reduce piracy).


I think uncurated payment over the internet is currently not without its quirks, they're a mixed bag in terms of user experience at best. There might be delays between the purchase and the availability of the application to the end user because of limited resources in purchase processing at the application vendor, vendor-provided payment systems might not be up to par to security precautions and are more prone to be compromised and their information harvested, or worst of all, the vendor might not deliver on the goods at all, because of scam schemes or because they just went out of business. The Mac App Store eliminates all these. It offers a streamlined and predictable purchase and install process that is not available at this level on other software aggregators on the internet.

Edited 2011-11-04 19:35 UTC

Reply Parent Score: 1

RE[3]: Good move
by Neolander on Fri 4th Nov 2011 21:08 in reply to "RE[2]: Good move"
Neolander Member since:
2010-03-08

True, but name me one digital protection scheme which hasn't been compromized. Whenever there's software, there's bugs, and whenever there's bugs, there's exploits. DVD Copy protection, Blu-Ray, SSL Certificates are all living proof of this.

I'd argue that DVD and Blu-Ray encryptions are broken by design, like many other forms of DRM, because they rely on distributing a "secret" copy of the decryption key with every single device and software that can playback them. In such circumstances, it is obvious that the decryption key will be leaked by someone at some point.

SSL Certificates have a bit of this "secret known by a large crowd" problem too : in an organization that is large enough to validate hundreds of websites a day, can people really guarantee that no employee will ever go rogue and use his certification authority for nefarious purposes ? Come on...

To the best of my knowledge, there is no such known flaw with the design of sandboxing in itself. What requires extreme care is the default permission set which every software gets, because it cannot be easily changed after a release. But pretty much every other kind of flaw can be fixed with OS updates without any loss of compatibility among API-compliant software.

"Second, although the implementation is more than perfectible, Android showcases that sandboxing can be introduced on a new OS without draconian OS vendor control."

To what benefit? Android leads the pack by far in terms mobile OS exploits.

This is why I'm talking about the quality of the implementation. On Android, the default sandbox settings are very restrictive, so that pretty much every application requires special security permissions, needs to get out of the sandbox. As a consequence of that, the dialog used to confirm those permissions is very subtle and frequent, and as such few users bother checking it.

Then there are exploits which avoid the sandbox altogether. Those rely on the fact that system components, which are most likely to be exploited, are not sandboxed properly themselves. I don't know Android well enough to tell what kind of vulnerability it has, but on iOS there was a vulnerability that allowed root access to iDevices by opening a specially crafted PDF file. My question is : why is the PDF reader able to get root access to the device at all ? With proper sandboxing, an exploit in the PDF reader would only allow a cracker to have a look at the PDF reader's private data, which is a much, much less interesting trick.

"Third, you state that vendor-controlled application stores make it easier to find and install software."

It makes it far more easier for the bulk of the non-tech users to find their software, since the Mac App Store is installed and available by default on the system.

Fair point, but doesn't this argument also hold for other repository systems where you can freely add other software sources to your OS beyond the vendor-provided one ?

"word of mouth remains the main way of discovering new software with or without app stores."

For a couple of apps, yes. for many others, no. If you're a heavy user of a certain productivity suite to do the grunt of your work, the chance is big you already know the app you're going to install. But there generally won't be many of these apps sitting on your system. For most of the smaller utilities, where you are looking for a solution for a functionality you are missing, a centralized system which lists the available software is more beneficial.

It will also put you in front of heaps of thousands of different software to do the same thing, with no quick way of deciding what works best for your purposes except for relatively flawed indicators such as "featured" or "frequently downloaded" (also known as "popular" in some circles).

So since exploring everything and making informed choices is not envisionable for most people in such centralized systems, you end up relying on others (magazines, websites, relatives...) to do the work for you. Which is why I say that word of mouth remains the #1 way of finding software even in big centralized software libraries.

And often times, one gets to know newer, better alternatives when searching apps on a big app aggregator, you wouldn't have had the same convenient list of available applications with just a few keystrokes while using search engines like Google.

This is the positive side of things. The negative side of things is that if there's a lot of choice you'll end up going through a lot of uninteresting garbage (for you !) before finding what you're looking for.

As an aside, I rarely use Google or iterative repository exploration to choose software myself. I only do that for stuff which I'm not deeply interested in. For stuff which I care more about, I try to find a good website/magazine/book/specialist on that matter and to follow its advice. But you may argue that I'm not part of "non-tech users", and as such may work differently.

"You are right that application stores are better for paying applications, though, but I don't know up to which point (PayPal is a universal mean of buying software on the internet, and software can use the same kind of DRMs as app stores to reduce piracy)."

I think uncurated payment over the internet is currently not without its quirks, they're a mixed bag in terms of user experience at best. There might be delays between the purchase and the availability of the application to the end user because of limited resources in purchase processing at the application vendor,

Fair point. Centralization does allow for some performance optimization.

vendor-provided payment systems might not be up to par to security precautions and are more prone to be compromised and their information harvested,

Which is why I'm a PayPal advocate : the transaction is managed by a large third party which is specialized in managing online transactions and as such can take the right decisions as far as security is concerned.

Now, you may argue that it is the same thing with Apple. Yet there is a difference. Apple are the developers of Mac OS and own many large software on the Mac platform, they are not a neutral third-party when it comes to taking decisions about what software gets allowed on their platform. PayPal are only a banker, and as such don't give a damn about what transactions they process as long as it financially benefits their business (which is largely unrelated to desktop/mobile software). Also, Paypal don't want the bad PR of banning important customers unless they really can't avoid doing otherwise, while Apple are crazy enough to do it anyway ("Zomg ! Images of prehistoric women WITH BREASTS ??? BURN !!!").

or worst of all, the vendor might not deliver on the goods at all, because of scam schemes or because they just went out of business.

Vendors only get out of business once, and it takes a finite and short time to do that, so I believe this is a relatively minor concern. About scam, when you buy something on Apple's App Stores, you have to make a purchase decision based on a description that has been written on the software's vendor. If it's incorrect, I don't know if you can get a refund from Apple, but PayPal do have a refund policy when the vendor doesn't provide the expected good.

Edited 2011-11-04 21:15 UTC

Reply Parent Score: 2

RE[3]: Good move
by JAlexoid on Fri 4th Nov 2011 23:35 in reply to "RE[2]: Good move"
JAlexoid Member since:
2009-05-19

To what benefit? Android leads the pack by far in terms mobile OS exploits.


Since Android most exploits are actually social engineering exploits*, not technical ones, iPhone leads in phishing exploits by a wide margin.
On the technical exploits side iOS and Android are on equal footing.

* - the one's that you are counting.

Reply Parent Score: 2