Linked by Thom Holwerda on Thu 3rd Nov 2011 22:54 UTC
Mac OS X And so the iOS-ification of Mac OS X continues. Apple has just announced that all applications submitted to the Mac App Store have to use sandboxing by March 2012. While this has obvious security advantages, the concerns are numerous - especially since Apple's current sandboxing implementation and associated rules makes a whole lot of applications impossible.
Thread beginning with comment 495905
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Good move
by frderi on Fri 4th Nov 2011 19:26 UTC in reply to "RE: Good move"
frderi
Member since:
2011-06-17

First, I agree with you that it's difficult for a legacy operating system to make application sandboxing mandatory. Some compatibility will be broken, sooner or later. However, OS vendor control on applications is not the only way to do that. You can also do it the Microsoft way, by pushing an OS release that breaks compatibility, but is advantageous in other ways, like Windows x64 breaks DOS compatibility. At some point, everyone will use the new release, although it can take some time.


True, but name me one digital protection scheme which hasn't been compromized. Whenever there's software, there's bugs, and whenever there's bugs, there's exploits. DVD Copy protection, Blu-Ray, SSL Certificates are all living proof of this.


Second, although the implementation is more than perfectible, Android showcases that sandboxing can be introduced on a new OS without draconian OS vendor control.


To what benefit? Android leads the pack by far in terms mobile OS exploits.


Third, you state that vendor-controlled application stores make it easier to find and install software.


It makes it far more easier for the bulk of the non-tech users to find their software, since the Mac App Store is installed and available by default on the system.


word of mouth remains the main way of discovering new software with or without app stores.


For a couple of apps, yes. for many others, no. If you're a heavy user of a certain productivity suite to do the grunt of your work, the chance is big you already know the app you're going to install. But there generally won't be many of these apps sitting on your system. For most of the smaller utilities, where you are looking for a solution for a functionality you are missing, a centralized system which lists the available software is more beneficial. And often times, one gets to know newer, better alternatives when searching apps on a big app aggregator, you wouldn't have had the same convenient list of available applications with just a few keystrokes while using search engines like Google.

As for installation itself, it is made easy not by the use of app stores themselves, but by the standard application packages they use. You are right that application stores are better for paying applications, though, but I don't know up to which point (PayPal is a universal mean of buying software on the internet, and software can use the same kind of DRMs as app stores to reduce piracy).


I think uncurated payment over the internet is currently not without its quirks, they're a mixed bag in terms of user experience at best. There might be delays between the purchase and the availability of the application to the end user because of limited resources in purchase processing at the application vendor, vendor-provided payment systems might not be up to par to security precautions and are more prone to be compromised and their information harvested, or worst of all, the vendor might not deliver on the goods at all, because of scam schemes or because they just went out of business. The Mac App Store eliminates all these. It offers a streamlined and predictable purchase and install process that is not available at this level on other software aggregators on the internet.

Edited 2011-11-04 19:35 UTC

Reply Parent Score: 1

RE[3]: Good move
by Neolander on Fri 4th Nov 2011 21:08 in reply to "RE[2]: Good move"
Neolander Member since:
2010-03-08

True, but name me one digital protection scheme which hasn't been compromized. Whenever there's software, there's bugs, and whenever there's bugs, there's exploits. DVD Copy protection, Blu-Ray, SSL Certificates are all living proof of this.

I'd argue that DVD and Blu-Ray encryptions are broken by design, like many other forms of DRM, because they rely on distributing a "secret" copy of the decryption key with every single device and software that can playback them. In such circumstances, it is obvious that the decryption key will be leaked by someone at some point.

SSL Certificates have a bit of this "secret known by a large crowd" problem too : in an organization that is large enough to validate hundreds of websites a day, can people really guarantee that no employee will ever go rogue and use his certification authority for nefarious purposes ? Come on...

To the best of my knowledge, there is no such known flaw with the design of sandboxing in itself. What requires extreme care is the default permission set which every software gets, because it cannot be easily changed after a release. But pretty much every other kind of flaw can be fixed with OS updates without any loss of compatibility among API-compliant software.

"Second, although the implementation is more than perfectible, Android showcases that sandboxing can be introduced on a new OS without draconian OS vendor control."

To what benefit? Android leads the pack by far in terms mobile OS exploits.

This is why I'm talking about the quality of the implementation. On Android, the default sandbox settings are very restrictive, so that pretty much every application requires special security permissions, needs to get out of the sandbox. As a consequence of that, the dialog used to confirm those permissions is very subtle and frequent, and as such few users bother checking it.

Then there are exploits which avoid the sandbox altogether. Those rely on the fact that system components, which are most likely to be exploited, are not sandboxed properly themselves. I don't know Android well enough to tell what kind of vulnerability it has, but on iOS there was a vulnerability that allowed root access to iDevices by opening a specially crafted PDF file. My question is : why is the PDF reader able to get root access to the device at all ? With proper sandboxing, an exploit in the PDF reader would only allow a cracker to have a look at the PDF reader's private data, which is a much, much less interesting trick.

"Third, you state that vendor-controlled application stores make it easier to find and install software."

It makes it far more easier for the bulk of the non-tech users to find their software, since the Mac App Store is installed and available by default on the system.

Fair point, but doesn't this argument also hold for other repository systems where you can freely add other software sources to your OS beyond the vendor-provided one ?

"word of mouth remains the main way of discovering new software with or without app stores."

For a couple of apps, yes. for many others, no. If you're a heavy user of a certain productivity suite to do the grunt of your work, the chance is big you already know the app you're going to install. But there generally won't be many of these apps sitting on your system. For most of the smaller utilities, where you are looking for a solution for a functionality you are missing, a centralized system which lists the available software is more beneficial.

It will also put you in front of heaps of thousands of different software to do the same thing, with no quick way of deciding what works best for your purposes except for relatively flawed indicators such as "featured" or "frequently downloaded" (also known as "popular" in some circles).

So since exploring everything and making informed choices is not envisionable for most people in such centralized systems, you end up relying on others (magazines, websites, relatives...) to do the work for you. Which is why I say that word of mouth remains the #1 way of finding software even in big centralized software libraries.

And often times, one gets to know newer, better alternatives when searching apps on a big app aggregator, you wouldn't have had the same convenient list of available applications with just a few keystrokes while using search engines like Google.

This is the positive side of things. The negative side of things is that if there's a lot of choice you'll end up going through a lot of uninteresting garbage (for you !) before finding what you're looking for.

As an aside, I rarely use Google or iterative repository exploration to choose software myself. I only do that for stuff which I'm not deeply interested in. For stuff which I care more about, I try to find a good website/magazine/book/specialist on that matter and to follow its advice. But you may argue that I'm not part of "non-tech users", and as such may work differently.

"You are right that application stores are better for paying applications, though, but I don't know up to which point (PayPal is a universal mean of buying software on the internet, and software can use the same kind of DRMs as app stores to reduce piracy)."

I think uncurated payment over the internet is currently not without its quirks, they're a mixed bag in terms of user experience at best. There might be delays between the purchase and the availability of the application to the end user because of limited resources in purchase processing at the application vendor,

Fair point. Centralization does allow for some performance optimization.

vendor-provided payment systems might not be up to par to security precautions and are more prone to be compromised and their information harvested,

Which is why I'm a PayPal advocate : the transaction is managed by a large third party which is specialized in managing online transactions and as such can take the right decisions as far as security is concerned.

Now, you may argue that it is the same thing with Apple. Yet there is a difference. Apple are the developers of Mac OS and own many large software on the Mac platform, they are not a neutral third-party when it comes to taking decisions about what software gets allowed on their platform. PayPal are only a banker, and as such don't give a damn about what transactions they process as long as it financially benefits their business (which is largely unrelated to desktop/mobile software). Also, Paypal don't want the bad PR of banning important customers unless they really can't avoid doing otherwise, while Apple are crazy enough to do it anyway ("Zomg ! Images of prehistoric women WITH BREASTS ??? BURN !!!").

or worst of all, the vendor might not deliver on the goods at all, because of scam schemes or because they just went out of business.

Vendors only get out of business once, and it takes a finite and short time to do that, so I believe this is a relatively minor concern. About scam, when you buy something on Apple's App Stores, you have to make a purchase decision based on a description that has been written on the software's vendor. If it's incorrect, I don't know if you can get a refund from Apple, but PayPal do have a refund policy when the vendor doesn't provide the expected good.

Edited 2011-11-04 21:15 UTC

Reply Parent Score: 2

RE[4]: Good move
by frderi on Sat 5th Nov 2011 00:53 in reply to "RE[3]: Good move"
frderi Member since:
2011-06-17

I'd argue that DVD and Blu-Ray encryptions are broken by design, like many other forms of DRM, because they rely on distributing a "secret" copy of the decryption key with every single device and software that can playback them. In such circumstances, it is obvious that the decryption key will be leaked by someone at some point.


The biggest problem when it comes to security is software bugs. The bulk of exploits are based on the fact that there's a bug in the software that facilitates buffer overruns which allows one to execute code. The only way of making sure your system isn't compromised is to unplug it from the network and write the software it runs yourself. However, this doesn't tend to be a desirable use case these days. :-) Bottom line : Everything which is software is breakable. The point with running sensible security measurements is that you need to minimize the risks as much as possible.


To the best of my knowledge, there is no such known flaw with the design of sandboxing in itself.


As with any software implementation, its bound to have bugs and thus its exploitable. If the zero-day bug gets discovered by someone looking for them who has ill intentions, most of the time this information just gets sold in black markets online and it ends up in the hands of malware writers which exploit them in their code.

My question is : why is the PDF reader able to get root access to the device at all ?


Point is it doesn't have to have to be exploitable, a bug which allows for improper code execution is enough.


With proper sandboxing, an exploit in the PDF reader would only allow a cracker to have a look at the PDF reader's private data, which is a much, much less interesting trick.


Not necessarily. If memory is written outside the applications heap, its more than likely to have full access to the system allowing the malicious code (not the app itself) for any anything it wants to do.


Fair point, but doesn't this argument also hold for other repository systems where you can freely add other software sources to your OS beyond the vendor-provided one ?


Sure it does, and in the desktop space, there's been quite a few of them : tucows, download.com, versiontracker and macupdate are just a few. But these are merely aggregators not App Stores. They offer no guarantee of the purchase process and in most cases even about the availability of the listed application.



It will also put you in front of heaps of thousands of different software to do the same thing, with no quick way of deciding what works best for your purposes except for relatively flawed indicators such as "featured" or "frequently downloaded" (also known as "popular" in some circles).


Not if you know what functionality you're looking for. You might search for an unrar app, a VNC client, an RSS Reader, … Doing those searches conveniently pops up a list of all available apps allowing you to pick the one with the functionality and price point you find appropriate for your needs.


So since exploring everything and making informed choices is not envisionable for most people in such centralized systems, you end up relying on others (magazines, websites, relatives...) to do the work for you. Which is why I say that word of mouth remains the #1 way of finding software even in big centralized software libraries.


You're more likely being served in a better way if you just consult the app ratings and read the user reviews in the App Store. Why wait 2 months for a published magazine to pick up a newly released app? This used to be my methodology of working in the past, but now we're talking about the nineties, when broadband wasn't among us yet and magazines with CD-ROMs were still a huge deal.


This is the positive side of things. The negative side of things is that if there's a lot of choice you'll end up going through a lot of uninteresting garbage (for you !) before finding what you're looking for.


You browse trough the list, you look at the user ratings, reading the reviews and description, and look at the screenshots. I don't see much difference in the selecting process. When you like something its a quick trip to the the buy button and you have it working. Instant gratification. The barrier can't get much lower than this.

Reply Parent Score: 1

RE[4]: Good move
by frderi on Sat 5th Nov 2011 00:54 in reply to "RE[3]: Good move"
frderi Member since:
2011-06-17


You are right that application stores are better for paying applications, though, but I don't know up to which point (PayPal is a universal mean of buying software on the internet, and software can use the same kind of DRMs as app stores to reduce piracy). Which is why I'm a PayPal advocate : the transaction is managed by a large third party which is specialized in managing online transactions and as such can take the right decisions as far as security is concerned.


Paypal is also a lot more complex and it doesn't offer you the guarantee that the vendor is genuine. The Mac App Store is all about one-click purchasing to make the purchase experience as simple as possible.


Now, you may argue that it is the same thing with Apple. Yet there is a difference. Apple are the developers of Mac OS and own many large software on the Mac platform, they are not a neutral third-party when it comes to taking decisions about what software gets allowed on their platform.


If you know a bit about Apple as a company, you know that Apple makes money off its hardware. They're a product company, selling solutions to customers, but when it comes to making money, its the devices, the hardware that makes the money, not the software. The software is an unique selling point for their hardware. Which is the main reason they do low-cost software and bundle entry level apps for free and ship low cost upgrades unlike companies which view themselves as software companies and try to maximize profits on their software products.

Granted, they did several pro apps as well, but if you know what happened behind the scenes of these products and how Apple ended up with them, its more that Apple rolled into them than anything else. Apple never planned to do Final Cut Pro. It was a project at Macromedia from the creator of Premiere before Macromedia refocused on serving the internet application space and ended up merging with Adobe. Apple took it off Macromedia's hands because they knew it was a good product, they wanted it on their platform badly in order to ensure hardware sales, but nobody was interested in bringing Final Cut to market for their platform. They tried selling it for two years after they bought it, but still nobody was interested. They eventually just kept it and sold it themselves at a reduced price because of the positive effects it would have on their hardware sales.

Apple aren't all that interested in competing with with their app providers just for the sake of getting more software sales. There's no money (and gain) for Apple to do all the software for their platform. Its not what they're about. Apple chooses to do a few products as well as they can and ignore the rest so total software dominination does not fit in this vision. They tend to do entry level consumer apps to provide entry level solutions to their customers, and are happy leave the pro stuff to others. Suites like iWork basically is AppleWorks for the 21st century, an entry level app. As a testament to this, apple never did a fully fledged productivity suite for their platform, unlike some of their competitors like Sun or Microsoft did.


"Zomg ! Images of prehistoric women WITH BREASTS ??? BURN !!!").


You can always consult the CD-ROMs of magazines for apps which display prehistoric women with breasts… Oh wait. :-)


Vendors only get out of business once, and it takes a finite and short time to do that, so I believe this is a relatively minor concern.


I was only giving some examples, big and small, to illustrate my argument that everything else is a mixed bag and what makes a centralised purchase store better.

Reply Parent Score: 1

RE[3]: Good move
by JAlexoid on Fri 4th Nov 2011 23:35 in reply to "RE[2]: Good move"
JAlexoid Member since:
2009-05-19

To what benefit? Android leads the pack by far in terms mobile OS exploits.


Since Android most exploits are actually social engineering exploits*, not technical ones, iPhone leads in phishing exploits by a wide margin.
On the technical exploits side iOS and Android are on equal footing.

* - the one's that you are counting.

Reply Parent Score: 2

RE[4]: Good move
by frderi on Sat 5th Nov 2011 01:00 in reply to "RE[3]: Good move"
frderi Member since:
2011-06-17


Since Android most exploits are actually social engineering exploits*, not technical ones, iPhone leads in phishing exploits by a wide margin.
On the technical exploits side iOS and Android are on equal footing.


I don't know under which rock you have been hiding, you might want to read up on this to review your opinion.

http://reviews.cnet.com/8301-19512_7-20096832-233/android-malware-u...

http://www.phonearena.com/news/Android-security-issues-soaring-warn...

http://www.computerweekly.com/Articles/2011/10/28/248306/Android-no...

Reply Parent Score: 1