Can't protect people from themselves. That's what MS is trying to do by eliminating Hotmail access from email apps. At some point, you'd have to take away the computer to solve the problem. The onus is on the user to use reputable sources for their scripts and automator processes and for those sources to be vigilant themselves.
Nah, you're right, but I'm just worried about automatic scripts which have access to almost all areas of the system...
Surely there's got to be user authentication before a script is run.. Maybe?
Like when you open a script, you have to click 'run' and then it performs the task, as opposed to clicking on the script and having it perform automatically.
Nah, you're right, but I'm just worried about automatic scripts which have access to almost all areas of the system...
Surely there's got to be user authentication before a script is run.. Maybe?
Like when you open a script, you have to click 'run' and then it performs the task, as opposed to clicking on the script and having it perform automatically.
Jimzip
But even authentication doesn't solve all problems. A n00b OS X user that holds and admin account might just authenticate anything without thinking twice.
But following these two simple rules will solve anyone's problem:
1. Only download apps, AppleScripts, Automator scripts from trusted locations.
2. Think twice before authenticating.
Mac users also get extra security from obscurity so even if somebody doesn't follow steps 1 and/or 2, they still have a high chance of not running into any trouble.
I don't know, I see Automator Workflows becoming way, way more widespread than AppleScripts -- they're so many times easier to create.
Might not the increasing volume of reviewers and experts recommending Macs due to the lack of virii and malware + a possible iPod halo effect + Automator all together have the possibility of opening the flood gates for a spike of some nasty malware in the OS X world...?
And wouldn't then be a prudent idea for Apple to say, include a feature (can be turned off if you wish) that checks against an Apple online database when you first time you run an Automator Workflow, and warns the user if it's in a list of malware offenders?
I don't know, I see Automator Workflows becoming way, way more widespread than AppleScripts -- they're so many times easier to create.
Might not the increasing volume of reviewers and experts recommending Macs due to the lack of virii and malware + a possible iPod halo effect + Automator all together have the possibility of opening the flood gates for a spike of some nasty malware in the OS X world...?
And wouldn't then be a prudent idea for Apple to say, include a feature (can be turned off if you wish) that checks against an Apple online database when you first time you run an Automator Workflow, and warns the user if it's in a list of malware offenders?
I've got the feeling destructive commands will have warnings attached to them. Automator let's you combine scripted actions together. If you're only using scripts built using Apple's actions that ship with Automator, you're safe because any action that deletes or does anything destructive makes sure you understand that something is being deleted.
I doubt most people will go beyond the Automator actions that ship with 10.4.
So even if L0LF@g sends you a script and says it's an awesome script that organizes your photos in neat little folders when in fact it deletes them, when you run the script, the action that deletes files will prompt the user and ask him if it's ok to delete the file. The user can then decide to be stupid and click "Yes" or be smart and click "No".
Scripts using default Automator actions = safe
Scripts using actions downloaded or provided by 3rd-party for their own software = possibly unsafe
Besides, can't you just look at the script's structure from within Automator...all anyone has to do after downloading a script from untrusted sources is open it up in Automator and check for any harmful actions.
Yes that's true. But remember, a lot of mothers saving recipes on their iMacs won't know what a .aut file is if they get one in an e-mail..
Whatever, I wasn't necessarily saying I'm going to have trouble with it personally, I'm just worried about the less-compy-literate in the Mac community and what malicious "Automater Script Kiddies" could do.. Heheh, they're so gonna get labelled that..
Yes that's true. But remember, a lot of mothers saving recipes on their iMacs won't know what a .aut file is if they get one in an e-mail..
Whatever, I wasn't necessarily saying I'm going to have trouble with it personally, I'm just worried about the less-compy-literate in the Mac community and what malicious "Automater Script Kiddies" could do.. Heheh, they're so gonna get labelled that..
Jimzip
Yeah but I'm just saying that those mothers that may blindly open a .aut script will get warning dialogs explaining exactly what is happening like "Are you sure you want to delete your Home directory?" If the mother clicks "Yes", then she either shouldn't be using a computer or actually wants the script to delete her home directory.
Maybe Apple won't have the option of running Automator scripts automatically when opened "on" by default.
And I think the potential of having 3rd party actions is an important part of Automator. What's the point of having actions for only from Apple. If you use a certain 3rd party application very frequently, wouldn't it be nice to be able to automate it using any provided actions the developer has created?
Apple just needs to be smart about how they implement Automator in Mac OS X that's all. I see some great potential for it. I mean, I love Applescript and its tight integration with Mac OS X for automating things. But I am not great with scripting. Automator will be exactly what I am looking for. A visual scripting environment with drag and drop actions.
Maybe Apple won't have the option of running Automator scripts automatically when opened "on" by default.
And I think the potential of having 3rd party actions is an important part of Automator. What's the point of having actions for only from Apple. If you use a certain 3rd party application very frequently, wouldn't it be nice to be able to automate it using any provided actions the developer has created?
Apple just needs to be smart about how they implement Automator in Mac OS X that's all. I see some great potential for it. I mean, I love Applescript and its tight integration with Mac OS X for automating things. But I am not great with scripting. Automator will be exactly what I am looking for. A visual scripting environment with drag and drop actions.
Mike
Yes, 3rd-party actions/scripts will be an important part of Automator but users will just have to be smart about it and not download from untrusted sources. For the most part, users will either be using only the Apple actions and scripts, or download 3rd party actions and scripts from trusted developers.
As long as Macs retain less than 5% marketshare, you won't see harmful .aut scripts sent by e-mail. The only place where they might show up would be on shady sites or P2P networks but even that would be doubtful.
If the default action for double-clicking a .aut file is that it opens in Automator, that would solve a lot of the problem. Automator's interface would spell out what the script did with as much clarity as you could ask for.
I believe this is the current behavior with AppleScripts: They open in Script Editor, so that anyone can see what they do, and you have to specifically hit 'Play' to run them.
I don't know with what privileges Automator scripts currently run, but if they run with the privileges of the current user, the amount of damage a user could do would be most often limited to their own directory. Not good, but far better than, say, having /System wiped out.
I don't know with what privileges Automator scripts currently run, but if they run with the privileges of the current user, the amount of damage a user could do would be most often limited to their own directory. Not good, but far better than, say, having /System wiped out.
I have to disagree. The system can be reinstalled in 20 minutes, while users' documents are unrecoverable unless backed up. And from what I know I can tell that 90% of any users, regardless of the OS, haven't made a single back-up in their lives.
I would assume that an Automator action (script?) would 1. need authentication for admin actions just like any other script or command and 2. would warn the user before destructive beavior. If you or someone you know is going to blindily click through any such dialogs (actually admin authentication can't be clicked through blindly), well, whose fault is that? I fear the day we have the superfluous Windows, "Confirmation was given that this file is to be deleted. Is this what you want? Cancel/OK" dialogs (note the passive voice too ). I mean, what else do outside of buzzing a person with a taser whenever they go through a warning without reading it or downloading content from a dubious source?
1. You download Automator script from web and double click it
2. Script opens in Automator for preview of actions
3. You "authenticate" the script and it becomes an app
4. Double click the script to run actions, drag&drop on Automator to edit.
Shouldn't be too hard to do with the metadata engine running underneath. Make authentication to attach the same code to the script that iTMS songs use to authenticate your mac. Every script needs to be authenticated on each and every mac, user becomes responsible for running destructive scripts.
Comments
Surely there's got to be user authentication before a script is run.. Maybe?
Like when you open a script, you have to click 'run' and then it performs the task, as opposed to clicking on the script and having it perform automatically.
Jimzip
Originally posted by Jimzip
Nah, you're right, but I'm just worried about automatic scripts which have access to almost all areas of the system...
Surely there's got to be user authentication before a script is run.. Maybe?
Like when you open a script, you have to click 'run' and then it performs the task, as opposed to clicking on the script and having it perform automatically.
Jimzip
But even authentication doesn't solve all problems. A n00b OS X user that holds and admin account might just authenticate anything without thinking twice.
But following these two simple rules will solve anyone's problem:
1. Only download apps, AppleScripts, Automator scripts from trusted locations.
2. Think twice before authenticating.
Mac users also get extra security from obscurity so even if somebody doesn't follow steps 1 and/or 2, they still have a high chance of not running into any trouble.
Might not the increasing volume of reviewers and experts recommending Macs due to the lack of virii and malware + a possible iPod halo effect + Automator all together have the possibility of opening the flood gates for a spike of some nasty malware in the OS X world...?
And wouldn't then be a prudent idea for Apple to say, include a feature (can be turned off if you wish) that checks against an Apple online database when you first time you run an Automator Workflow, and warns the user if it's in a list of malware offenders?
Originally posted by Hobbes
I don't know, I see Automator Workflows becoming way, way more widespread than AppleScripts -- they're so many times easier to create.
Might not the increasing volume of reviewers and experts recommending Macs due to the lack of virii and malware + a possible iPod halo effect + Automator all together have the possibility of opening the flood gates for a spike of some nasty malware in the OS X world...?
And wouldn't then be a prudent idea for Apple to say, include a feature (can be turned off if you wish) that checks against an Apple online database when you first time you run an Automator Workflow, and warns the user if it's in a list of malware offenders?
I've got the feeling destructive commands will have warnings attached to them. Automator let's you combine scripted actions together. If you're only using scripts built using Apple's actions that ship with Automator, you're safe because any action that deletes or does anything destructive makes sure you understand that something is being deleted.
I doubt most people will go beyond the Automator actions that ship with 10.4.
So even if L0LF@g sends you a script and says it's an awesome script that organizes your photos in neat little folders when in fact it deletes them, when you run the script, the action that deletes files will prompt the user and ask him if it's ok to delete the file. The user can then decide to be stupid and click "Yes" or be smart and click "No".
Scripts using default Automator actions = safe
Scripts using actions downloaded or provided by 3rd-party for their own software = possibly unsafe
Besides, can't you just look at the script's structure from within Automator...all anyone has to do after downloading a script from untrusted sources is open it up in Automator and check for any harmful actions.
Whatever, I wasn't necessarily saying I'm going to have trouble with it personally, I'm just worried about the less-compy-literate in the Mac community and what malicious "Automater Script Kiddies" could do.. Heheh, they're so gonna get labelled that..
Jimzip
Originally posted by Jimzip
Yes that's true. But remember, a lot of mothers saving recipes on their iMacs won't know what a .aut file is if they get one in an e-mail..
Whatever, I wasn't necessarily saying I'm going to have trouble with it personally, I'm just worried about the less-compy-literate in the Mac community and what malicious "Automater Script Kiddies" could do.. Heheh, they're so gonna get labelled that..
Jimzip
Yeah but I'm just saying that those mothers that may blindly open a .aut script will get warning dialogs explaining exactly what is happening like "Are you sure you want to delete your Home directory?" If the mother clicks "Yes", then she either shouldn't be using a computer or actually wants the script to delete her home directory.
And I think the potential of having 3rd party actions is an important part of Automator. What's the point of having actions for only from Apple. If you use a certain 3rd party application very frequently, wouldn't it be nice to be able to automate it using any provided actions the developer has created?
Apple just needs to be smart about how they implement Automator in Mac OS X that's all. I see some great potential for it. I mean, I love Applescript and its tight integration with Mac OS X for automating things. But I am not great with scripting. Automator will be exactly what I am looking for. A visual scripting environment with drag and drop actions.
Mike
Originally posted by MPMoriarty
Maybe Apple won't have the option of running Automator scripts automatically when opened "on" by default.
And I think the potential of having 3rd party actions is an important part of Automator. What's the point of having actions for only from Apple. If you use a certain 3rd party application very frequently, wouldn't it be nice to be able to automate it using any provided actions the developer has created?
Apple just needs to be smart about how they implement Automator in Mac OS X that's all. I see some great potential for it. I mean, I love Applescript and its tight integration with Mac OS X for automating things. But I am not great with scripting. Automator will be exactly what I am looking for. A visual scripting environment with drag and drop actions.
Mike
Yes, 3rd-party actions/scripts will be an important part of Automator but users will just have to be smart about it and not download from untrusted sources. For the most part, users will either be using only the Apple actions and scripts, or download 3rd party actions and scripts from trusted developers.
As long as Macs retain less than 5% marketshare, you won't see harmful .aut scripts sent by e-mail. The only place where they might show up would be on shady sites or P2P networks but even that would be doubtful.
I believe this is the current behavior with AppleScripts: They open in Script Editor, so that anyone can see what they do, and you have to specifically hit 'Play' to run them.
I don't know with what privileges Automator scripts currently run, but if they run with the privileges of the current user, the amount of damage a user could do would be most often limited to their own directory. Not good, but far better than, say, having /System wiped out.
Originally posted by Amorph
I don't know with what privileges Automator scripts currently run, but if they run with the privileges of the current user, the amount of damage a user could do would be most often limited to their own directory. Not good, but far better than, say, having /System wiped out.
I have to disagree. The system can be reinstalled in 20 minutes, while users' documents are unrecoverable unless backed up. And from what I know I can tell that 90% of any users, regardless of the OS, haven't made a single back-up in their lives.
1. You download Automator script from web and double click it
2. Script opens in Automator for preview of actions
3. You "authenticate" the script and it becomes an app
4. Double click the script to run actions, drag&drop on Automator to edit.
Shouldn't be too hard to do with the metadata engine running underneath. Make authentication to attach the same code to the script that iTMS songs use to authenticate your mac. Every script needs to be authenticated on each and every mac, user becomes responsible for running destructive scripts.
tómppu