Using an Admin account on a day to day basis is what almost every Mac users does and it's not a problem. An app needs authentication to change things and therefore being in admin doesn't stop this needing to take place. Apple computers are designed for the computer illiterate as well remember - and they don't mention creating two accounts and being careful. The authorisation is the reason two accounts aren't needed.
It's done by the Finder, not the app, silly. It can only be bypassed if you open an app from the terminal, or somehow another app launches it.
You know, it's been awhile since i installed mac applications and someone mentioned that macupdate was the place to get software so i went there and installed iTele 0.6.1 and a funny thing happened. When it installed, i was able to run it without it bringing up a window with a OK button. It did not even ask me to agree to some license, it just ran. Hmm, stupid finder, it forgot to display the window with the OK button. Maybe we should all throw our computers in the ocean now.
Now, you know I had to prove you wrong. You know i just had to.
As to running as administrator, that is the default and why should users have to change?. That same advice about not running in admin can apply to windows. I know it may come as a shock to some mac users but windows XP allows you to create accounts with restrictive rights. If apple is supposed to be simple to use, then the default configuration should work. Any other observation is just an excuse, us giving mac OSX a pass where we wouldn't give windows XP.
You know, it's been awhile since i installed mac applications and someone mentioned that macupdate was the place to get software so i went there and installed iTele 0.6.1 and a funny thing happened. When it installed, i was able to run it without it bringing up a window with a OK button. It did not even ask me to agree to some license, it just ran. Hmm, stupid finder, it forgot to display the window with the OK button. Maybe we should all throw our computers in the ocean now.
Just tried this, and it didn't ask if I wanted to launch the application. I stick with my original statement, though. Having application developers conform to this behaviour is just silly. Experience should show that application developers wont adhere to security if they don't have to.
On the other hand, the Apple Human Interface Guidelines for Security applies for both Dashboard widgets and standard applications. If I read it correct, it works like this:
1. Your application needs to "declare its intentions", which means that the application needs to state which resources it wants access to. If no access is applied for here, the application is denied access.
The above link is for Dashboard, but I remember reading the same sort of information about standard applications as well. I couldn't find this information on apples developer site, but someone might be able to provide a more accurat link...
So maybe the reason why iTele does not need to be authenticated is because it doesn't request access to anything but its preference files and the contents of the iTele.app bundle. Which makes sense, because the app does not have the access to do anything dangerous on your machine. If this is the case, a virus would have very little growing room. Spyware and Malware would still be able to run this way, but it wouldn't be able to spread, and hence it could easily be killed by the user (by quitting the app).
I know that applications that did not have this behaviour before (i.e. MS Office) not does. Before 10.3.x (cant remember when it was introduced) any Office app would run for the first time without asking for permission. But after I upgraded OS X to the version with this "secure finder" it started asking if I wanted to run applications for the first time (Yes, the same MS Office version).
My point is that having application developers being able to skip this security measurement is just not logical. And I do not see Apple half-implementing this feature, especially when they didn't have to implemt in at all. I think this feature of the Finder was introduced after a concept virus was created.
On another note if this security is built into the Finder, some applications could possible work around this by lauching through other applications, although i'm not sure how feasible that is.
You know, it's been awhile since i installed mac applications and someone mentioned that macupdate was the place to get software so i went there and installed iTele 0.6.1 and a funny thing happened. When it installed, i was able to run it without it bringing up a window with a OK button. It did not even ask me to agree to some license, it just ran. Hmm, stupid finder, it forgot to display the window with the OK button. Maybe we should all throw our computers in the ocean now.
Now, you know I had to prove you wrong. You know i just had to.
Does iTele manipulate anything on the hard disk other than its preferences?
I'm not sure exactly what triggers the new application warning, but it's not something silly like you mentioned where programmers have to specifically invoke it. It happens automatically in any of my applications and in applications made long before that ever was a feature.
It was added to prevent a mixup of Unix and Mac OS Classic metadata in which an application could disguise itself as a file, say an MP3, if enclosed in a .sit or a .dmg. Since it's designed to prevent trojans, and not just tell you you're opening up an application like iTele which doesn't have a Save feature, Finder chose to skip past it.
It certainly isn't the case that iTele snuck passed it or intentionally disabled the feature. Developers have no control over that.
Quote:
As to running as administrator, that is the default and why should users have to change?. That same advice about not running in admin can apply to windows. I know it may come as a shock to some mac users but windows XP allows you to create accounts with restrictive rights. If apple is supposed to be simple to use, then the default configuration should work. Any other observation is just an excuse, us giving mac OSX a pass where we wouldn't give windows XP.
Users don't have to change. It's a 'best practice.' Sorta like you said, I'm pretty sure it's a holdover to Windows (where once a user is authenticated, any application they run is automatically given all their privileges. If they're an admin, that's equivalent to root on Unix.)
Besides, of course an admin is the default, otherwise you wouldn't be able to use your computer
And yeah, Windows let's you create user accounts with limitations just like Mac OS X. Just because it's not as secure an OS doesn't mean it doesn't have as many features.
Does iTele manipulate anything on the hard disk other than its preferences?
I'm not sure exactly what triggers the new application warning, but it's not something silly like you mentioned where programmers have to specifically invoke it. It happens automatically in any of my applications and in applications made long before that ever was a feature.
Just becuase it happened automatically for you does not make it a feature of the finder. Did it ever occur to you that while it is a finder feature, the app has to activate it? (can be something simple as an app telling Mac OS X it is a new app). I am not familiar with how it is done and i don't have to be. It can be bypassed. I have yet to come across a feature of any operating system that could not be bypassed. The only reason i showed this was because it was possible. The person i was originally replying to seemed to think that all apps behaved nicely, so he would never get caught by a virus, as if virus writers played by some rule book.
Quote:
It was added to prevent a mixup of Unix and Mac OS Classic metadata in which an application could disguise itself as a file, say an MP3, if enclosed in a .sit or a .dmg. Since it's designed to prevent trojans, and not just tell you you're opening up an application like iTele which doesn't have a Save feature, Finder chose to skip past it.
How would the finder know if an app have save feature?. This is binary code. Are you telling me that the finder was able to analyze the binary code in less than a second (the app opened instantaneously) and knew the app did not have a save feature?. I recognize that this is a guess on your part but you just make my point. If the finder is depending on the app to tell it something, why would a virus app tell the truth?...
Quote:
It certainly isn't the case that iTele snuck passed it or intentionally disabled the feature. Developers have no control over that.
Now, you are guessing. You don't know what iTele did. You are not even sure the finder always displays a confirmation window. All you know is what you observed for all the apps installed on your machine, that is all you can say. Of course, if you are a mac developer and are privey to exactly what happens, please enlighten us.
Did it ever occur to you that while it is a finder feature, the app has to activate it? (can be something simple as an app telling Mac OS X it is a new app).
Yes, it occurred to me when you said it before. Twice. And it occurred to me again when I explicitly smacked it down. Twice. It's not done in the application. It's done by the Finder.
Quote:
How would the finder know if an app have save feature?. This is binary code. Are you telling me that the finder was able to analyze the binary code in less than a second (the app opened instantaneously) and knew the app did not have a save feature?.
No, but it can check lib dependencies during prebinding. It doesn't do that of course, I was just emphasizing iTele's harmlessness.
Anyway, I looked it up. The warning doesn't come when you open an app manually (double clicking on it), but rather if the app is opened automatically (ie, from opening a file that is owned by the app).
Point is, either way, at some point you as the user must make deliberate choices to run code on OS X. I made two with iTele... I OK'ed Safari to download it, and I double clicked on it to launch it. If you could get your virus to launch itself, great, you've proven a security hole. Being able to open an app, which you've proven your ability to with iTele, is not such a hole.
Yes, it occurred to me when you said it before. Twice. And it occurred to me again when I explicitly smacked it down. Twice. It's not done in the application. It's done by the Finder.
No, but it can check lib dependencies during prebinding. It doesn't do that of course, I was just emphasizing iTele's harmlessness.
Anyway, I looked it up. The warning doesn't come when you open an app manually (double clicking on it), but rather if the app is opened automatically (ie, from opening a file that is owned by the app).
Point is, either way, at some point you as the user must make deliberate choices to run code on OS X. I made two with iTele... I OK'ed Safari to download it, and I double clicked on it to launch it. If you could get your virus to launch itself, great, you've proven a security hole. Being able to open an app, which you've proven your ability to with iTele, is not such a hole.
Actually, the confirmation window can come up when opening an app manually. Go to macupdate, i am sure you can find tons of app that would display the confirmation window when opened manually. You keep stating something as if you know it as fact. I'm curious, what makes you so certain of this feature. You keep making incorrect statements to support this one thing you believe, i have to believe you saw this documentation somewhere on apple website or some approved learning resource.. please don't quote what other people are saying on forums, etc. I'm an open minded person. I've shown that the confirmation window is not always displayed, you keep changing the circumstances to fit your conceptions of what is happening.. initially, it was the finder displays a confirmation window when a app is run for the first time, now it is if the app is started by another app. Why don't you find out exactly what happens and get back to us. Stop guessing.
Actually, the confirmation window can come up when opening an app manually. Go to macupdate, i am sure you can find tons of app that would display the confirmation window when opened manually. You keep stating something as if you know it as fact. I'm curious, what makes you so certain of this feature. You keep making incorrect statements to support this one thing you believe, i have to believe you saw this documentation somewhere on apple website or some approved learning resource.. please don't quote what other people are saying on forums, etc. I'm an open minded person. I've shown that the confirmation window is not always displayed, you keep changing the circumstances to fit your conceptions of what is happening.. initially, it was the finder displays a confirmation window when a app is run for the first time, now it is if the app is started by another app. Why don't you find out exactly what happens and get back to us. Stop guessing.
When you open an application manually, you are making an explicit choice to do so. But when you open a document, it may not be clear which application will be used. If you click an untrustworthy link, it may try to automatically open a downloaded application designed to cause harm to the system. The feature provided by Security Update 2004-06-07 alerts you if an application that is automatically opening hasn't already been opened, either manually or by consent to this warning dialog
Quote:
Applications included with your computer are considered "trusted" and will not trigger the warning panel.
This, combined with the way that applications on the Mac must "Declare its intentions" is what triggers this window. So:
1. If the application is opened for the first time indirectly, the warning shows up
2. If the application declares its intentions to alter files on the haddrive, the warning shows up, regardless of how it is opened (directly or indirectly)
And I know you can say "well, I can make an app that doesn't declare its intentions", but the problem is that if you dont the Mac OS X wont give the application access.
Actually, the confirmation window can come up when opening an app manually. Go to macupdate, i am sure you can find tons of app that would display the confirmation window when opened manually. You keep stating something as if you know it as fact. I'm curious, what makes you so certain of this feature. You keep making incorrect statements to support this one thing you believe, i have to believe you saw this documentation somewhere on apple website or some approved learning resource.. please don't quote what other people are saying on forums, etc. I'm an open minded person. I've shown that the confirmation window is not always displayed, you keep changing the circumstances to fit your conceptions of what is happening.. initially, it was the finder displays a confirmation window when a app is run for the first time, now it is if the app is started by another app. Why don't you find out exactly what happens and get back to us. Stop guessing.
Alright, now you're just plain trolling. I wasn't sure why your app didn't ask for a confirmation, so I looked it up and gave you the link explaining why. What more would you like?
Alright, now you're just plain trolling. I wasn't sure why your app didn't ask for a confirmation, so I looked it up and gave you the link explaining why. What more would you like?
I replied too quickly but you did provide a link. Obviously, there is a disconnect somewhere
Comments
Originally posted by gregmightdothat
You are wrong on almost all points.
It's done by the Finder, not the app, silly. It can only be bypassed if you open an app from the terminal, or somehow another app launches it.
You know, it's been awhile since i installed mac applications and someone mentioned that macupdate was the place to get software so i went there and installed iTele 0.6.1 and a funny thing happened. When it installed, i was able to run it without it bringing up a window with a OK button. It did not even ask me to agree to some license, it just ran. Hmm, stupid finder, it forgot to display the window with the OK button. Maybe we should all throw our computers in the ocean now.
Now, you know I had to prove you wrong. You know i just had to.
As to running as administrator, that is the default and why should users have to change?. That same advice about not running in admin can apply to windows. I know it may come as a shock to some mac users but windows XP allows you to create accounts with restrictive rights. If apple is supposed to be simple to use, then the default configuration should work. Any other observation is just an excuse, us giving mac OSX a pass where we wouldn't give windows XP.
Originally posted by wnurse
You know, it's been awhile since i installed mac applications and someone mentioned that macupdate was the place to get software so i went there and installed iTele 0.6.1 and a funny thing happened. When it installed, i was able to run it without it bringing up a window with a OK button. It did not even ask me to agree to some license, it just ran. Hmm, stupid finder, it forgot to display the window with the OK button. Maybe we should all throw our computers in the ocean now.
Just tried this, and it didn't ask if I wanted to launch the application. I stick with my original statement, though. Having application developers conform to this behaviour is just silly. Experience should show that application developers wont adhere to security if they don't have to.
On the other hand, the Apple Human Interface Guidelines for Security applies for both Dashboard widgets and standard applications. If I read it correct, it works like this:
1. Your application needs to "declare its intentions", which means that the application needs to state which resources it wants access to. If no access is applied for here, the application is denied access.
http://developer.apple.com/documenta...ial/index.html
The above link is for Dashboard, but I remember reading the same sort of information about standard applications as well. I couldn't find this information on apples developer site, but someone might be able to provide a more accurat link...
So maybe the reason why iTele does not need to be authenticated is because it doesn't request access to anything but its preference files and the contents of the iTele.app bundle. Which makes sense, because the app does not have the access to do anything dangerous on your machine. If this is the case, a virus would have very little growing room. Spyware and Malware would still be able to run this way, but it wouldn't be able to spread, and hence it could easily be killed by the user (by quitting the app).
I know that applications that did not have this behaviour before (i.e. MS Office) not does. Before 10.3.x (cant remember when it was introduced) any Office app would run for the first time without asking for permission. But after I upgraded OS X to the version with this "secure finder" it started asking if I wanted to run applications for the first time (Yes, the same MS Office version).
My point is that having application developers being able to skip this security measurement is just not logical. And I do not see Apple half-implementing this feature, especially when they didn't have to implemt in at all. I think this feature of the Finder was introduced after a concept virus was created.
On another note if this security is built into the Finder, some applications could possible work around this by lauching through other applications, although i'm not sure how feasible that is.
Originally posted by wnurse
You know, it's been awhile since i installed mac applications and someone mentioned that macupdate was the place to get software so i went there and installed iTele 0.6.1 and a funny thing happened. When it installed, i was able to run it without it bringing up a window with a OK button. It did not even ask me to agree to some license, it just ran. Hmm, stupid finder, it forgot to display the window with the OK button. Maybe we should all throw our computers in the ocean now.
Now, you know I had to prove you wrong. You know i just had to.
Does iTele manipulate anything on the hard disk other than its preferences?
I'm not sure exactly what triggers the new application warning, but it's not something silly like you mentioned where programmers have to specifically invoke it. It happens automatically in any of my applications and in applications made long before that ever was a feature.
It was added to prevent a mixup of Unix and Mac OS Classic metadata in which an application could disguise itself as a file, say an MP3, if enclosed in a .sit or a .dmg. Since it's designed to prevent trojans, and not just tell you you're opening up an application like iTele which doesn't have a Save feature, Finder chose to skip past it.
It certainly isn't the case that iTele snuck passed it or intentionally disabled the feature. Developers have no control over that.
As to running as administrator, that is the default and why should users have to change?. That same advice about not running in admin can apply to windows. I know it may come as a shock to some mac users but windows XP allows you to create accounts with restrictive rights. If apple is supposed to be simple to use, then the default configuration should work. Any other observation is just an excuse, us giving mac OSX a pass where we wouldn't give windows XP.
Users don't have to change. It's a 'best practice.' Sorta like you said, I'm pretty sure it's a holdover to Windows (where once a user is authenticated, any application they run is automatically given all their privileges. If they're an admin, that's equivalent to root on Unix.)
Besides, of course an admin is the default, otherwise you wouldn't be able to use your computer
And yeah, Windows let's you create user accounts with limitations just like Mac OS X. Just because it's not as secure an OS doesn't mean it doesn't have as many features.
Originally posted by gregmightdothat
Does iTele manipulate anything on the hard disk other than its preferences?
I'm not sure exactly what triggers the new application warning, but it's not something silly like you mentioned where programmers have to specifically invoke it. It happens automatically in any of my applications and in applications made long before that ever was a feature.
Just becuase it happened automatically for you does not make it a feature of the finder. Did it ever occur to you that while it is a finder feature, the app has to activate it? (can be something simple as an app telling Mac OS X it is a new app). I am not familiar with how it is done and i don't have to be. It can be bypassed. I have yet to come across a feature of any operating system that could not be bypassed. The only reason i showed this was because it was possible. The person i was originally replying to seemed to think that all apps behaved nicely, so he would never get caught by a virus, as if virus writers played by some rule book.
It was added to prevent a mixup of Unix and Mac OS Classic metadata in which an application could disguise itself as a file, say an MP3, if enclosed in a .sit or a .dmg. Since it's designed to prevent trojans, and not just tell you you're opening up an application like iTele which doesn't have a Save feature, Finder chose to skip past it.
How would the finder know if an app have save feature?. This is binary code. Are you telling me that the finder was able to analyze the binary code in less than a second (the app opened instantaneously) and knew the app did not have a save feature?. I recognize that this is a guess on your part but you just make my point. If the finder is depending on the app to tell it something, why would a virus app tell the truth?...
It certainly isn't the case that iTele snuck passed it or intentionally disabled the feature. Developers have no control over that.
Now, you are guessing. You don't know what iTele did. You are not even sure the finder always displays a confirmation window. All you know is what you observed for all the apps installed on your machine, that is all you can say. Of course, if you are a mac developer and are privey to exactly what happens, please enlighten us.
Originally posted by wnurse
Did it ever occur to you that while it is a finder feature, the app has to activate it? (can be something simple as an app telling Mac OS X it is a new app).
Yes, it occurred to me when you said it before. Twice. And it occurred to me again when I explicitly smacked it down. Twice. It's not done in the application. It's done by the Finder.
Quote:
How would the finder know if an app have save feature?. This is binary code. Are you telling me that the finder was able to analyze the binary code in less than a second (the app opened instantaneously) and knew the app did not have a save feature?.
No, but it can check lib dependencies during prebinding. It doesn't do that of course, I was just emphasizing iTele's harmlessness.
Anyway, I looked it up. The warning doesn't come when you open an app manually (double clicking on it), but rather if the app is opened automatically (ie, from opening a file that is owned by the app).
Point is, either way, at some point you as the user must make deliberate choices to run code on OS X. I made two with iTele... I OK'ed Safari to download it, and I double clicked on it to launch it. If you could get your virus to launch itself, great, you've proven a security hole. Being able to open an app, which you've proven your ability to with iTele, is not such a hole.
Originally posted by gregmightdothat
Yes, it occurred to me when you said it before. Twice. And it occurred to me again when I explicitly smacked it down. Twice. It's not done in the application. It's done by the Finder.
No, but it can check lib dependencies during prebinding. It doesn't do that of course, I was just emphasizing iTele's harmlessness.
Anyway, I looked it up. The warning doesn't come when you open an app manually (double clicking on it), but rather if the app is opened automatically (ie, from opening a file that is owned by the app).
Point is, either way, at some point you as the user must make deliberate choices to run code on OS X. I made two with iTele... I OK'ed Safari to download it, and I double clicked on it to launch it. If you could get your virus to launch itself, great, you've proven a security hole. Being able to open an app, which you've proven your ability to with iTele, is not such a hole.
Actually, the confirmation window can come up when opening an app manually. Go to macupdate, i am sure you can find tons of app that would display the confirmation window when opened manually. You keep stating something as if you know it as fact. I'm curious, what makes you so certain of this feature. You keep making incorrect statements to support this one thing you believe, i have to believe you saw this documentation somewhere on apple website or some approved learning resource.. please don't quote what other people are saying on forums, etc. I'm an open minded person. I've shown that the confirmation window is not always displayed, you keep changing the circumstances to fit your conceptions of what is happening.. initially, it was the finder displays a confirmation window when a app is run for the first time, now it is if the app is started by another app. Why don't you find out exactly what happens and get back to us. Stop guessing.
Originally posted by wnurse
Actually, the confirmation window can come up when opening an app manually. Go to macupdate, i am sure you can find tons of app that would display the confirmation window when opened manually. You keep stating something as if you know it as fact. I'm curious, what makes you so certain of this feature. You keep making incorrect statements to support this one thing you believe, i have to believe you saw this documentation somewhere on apple website or some approved learning resource.. please don't quote what other people are saying on forums, etc. I'm an open minded person. I've shown that the confirmation window is not always displayed, you keep changing the circumstances to fit your conceptions of what is happening.. initially, it was the finder displays a confirmation window when a app is run for the first time, now it is if the app is started by another app. Why don't you find out exactly what happens and get back to us. Stop guessing.
According to:
http://docs.info.apple.com/article.html?artnum=25785
When you open an application manually, you are making an explicit choice to do so. But when you open a document, it may not be clear which application will be used. If you click an untrustworthy link, it may try to automatically open a downloaded application designed to cause harm to the system. The feature provided by Security Update 2004-06-07 alerts you if an application that is automatically opening hasn't already been opened, either manually or by consent to this warning dialog
Applications included with your computer are considered "trusted" and will not trigger the warning panel.
This, combined with the way that applications on the Mac must "Declare its intentions" is what triggers this window. So:
1. If the application is opened for the first time indirectly, the warning shows up
2. If the application declares its intentions to alter files on the haddrive, the warning shows up, regardless of how it is opened (directly or indirectly)
And I know you can say "well, I can make an app that doesn't declare its intentions", but the problem is that if you dont the Mac OS X wont give the application access.
http://developer.apple.com/documenta...40001340-CH210
Originally posted by wnurse
Actually, the confirmation window can come up when opening an app manually. Go to macupdate, i am sure you can find tons of app that would display the confirmation window when opened manually. You keep stating something as if you know it as fact. I'm curious, what makes you so certain of this feature. You keep making incorrect statements to support this one thing you believe, i have to believe you saw this documentation somewhere on apple website or some approved learning resource.. please don't quote what other people are saying on forums, etc. I'm an open minded person. I've shown that the confirmation window is not always displayed, you keep changing the circumstances to fit your conceptions of what is happening.. initially, it was the finder displays a confirmation window when a app is run for the first time, now it is if the app is started by another app. Why don't you find out exactly what happens and get back to us. Stop guessing.
Alright, now you're just plain trolling. I wasn't sure why your app didn't ask for a confirmation, so I looked it up and gave you the link explaining why. What more would you like?
Originally posted by gregmightdothat
Alright, now you're just plain trolling. I wasn't sure why your app didn't ask for a confirmation, so I looked it up and gave you the link explaining why. What more would you like?
I replied too quickly but you did provide a link. Obviously, there is a disconnect somewhere