Actually the XCode 1.5 header issue has only come up once on the CoreAudio list. Kinda sucks for the original poster, but everyone else learned to do a custom install and uncheck the install headers option.
Does it suck? Yes. Is it some grevious error? No.
I'm looking forward to the new imaging APIs in Tiger. I also hope they add some sample code to help shorten the learning curve.
Because an evil package author could easily put malicious code in that checking program.
...If it just ran the checker, that would be an exceedingly easy way for a web page to run rm -rf ~ or install a virus/trojan or do anything they wanted,...
Well, I'm very glad and very scared that there are people who think like you out there.
That sounds like a long shot scenario to justify an extra step (and level of complexity) to the standard installation process where simplicity is a key factor. Every installer I've ever seen makes you choose a disk to install the app on. This is a chance to stop a rogue program from installing itself.
I think Apple could make an installer that is both secure and requires minimal user interaction.
The script runs as the very first stage - by the time you get to 'choose a disk', it's way too late for malicious scripts to be stopped.
You get security, or user interaction. Pick one. I'll take the latter, thanks, I *like* knowing when an installer package is going to run a script. Lets me back out, and manually look at the script if I want to before moving forward. Essentially, it's saying "This package has a script. I have no idea what's in it, and you're going to have to tell me it's okay before I run it, since it could do anything it wants. If you trust the source, click OK. If not, don't."
Well, I'm very glad and very scared that there are people who think like you out there.
That sounds like a long shot scenario to justify an extra step (and level of complexity) to the standard installation process where simplicity is a key factor. Every installer I've ever seen makes you choose a disk to install the app on. This is a chance to stop a rogue program from installing itself.
I think Apple could make an installer that is both secure and requires minimal user interaction.
Were you around for the major security hole a few months ago? The one that allowed any web page to arbitrarily launch code on your machine through either the Help Viewer or a fantasy protocol attack? The one that was a very big deal and caused panic all over the Mac world until it was fixed?
The situation with installer scripts would be worse. The reason is that they would be much easier for evil people to implement. The fantasy protocol exploit and others required the user to click on (or get redirected to) two links, with a delay in between. Exploiting the installer would only require one link. Plus, the danger from install scripts was known long before the other exploits. If Apple were to remove that dialog, I would frankly not be surprised at all if a trojan showed up very quickly utilizing it. It would be dead simple to create.
All right, all right, you've convinced me: there needs to be user response at that first stage of an installation.
However, I feel that the wording of the dialog should be improved. The current message is relatively innocuous and it is possible that an inexperienced user who isn't paying attention to accept it without thinking about it (even if it comes from an unknown source). Remember, the clever hackers are constantly finding ways to trick people to accepting their malware.
Perhaps it should read something like this, "You are about to install/upgrade <name of app>. If this is what you want, click on 'Continue'. If this is not what you want or the name of the application is not what you expect, click 'Quit'" and the default button ought to be "Quit." The safest action should always be the default, right? So instead of sounding like a bureaucratic hassle, the note would be a security reminder.
I'd make it more explicit, because the user is going to go "Well DUH I want to install something you moron, I just opened it didn't I?" and just get used to clicking through it.
"The installer package "Insert Package Info Here" wishes to run a script before the installation proceeds. This script will be allowed to do anything it wishes, by default. If you trust the source of this installer, click Continue. If you do not, or have questions, please click Stop and contact the developer."
A 'More Info' button could display the script for those who are savvy to read it and determine for themselves if the script is safe.
Perhaps it should read something like this, "You are about to install/upgrade <name of app>. If this is what you want, click on 'Continue'. If this is not what you want or the name of the application is not what you expect, click 'Quit'" and the default button ought to be "Quit."
What if the name of the application is what they expect? What's to stop a malware writer from calling his installer package "Safari.pkg"?
Myself, I wish that internet-enabled .dmg files wouldn't automatically launch installers at all. I mean, come on, how hard is it for me to just go double-click the thing myself? Not very hard, and it makes it a lot harder to compromise users' machines. But at least having some warning is better than none at all...
What if the name of the application is what they expect? What's to stop a malware writer from calling his installer package "Safari.pkg"?
Myself, I wish that internet-enabled .dmg files wouldn't automatically launch installers at all. I mean, come on, how hard is it for me to just go double-click the thing myself? Not very hard, and it makes it a lot harder to compromise users' machines. But at least having some warning is better than none at all...
Yeah, but if you download a file named "Safari.pkg" off of LimeWire, you can't expect anything less IMHO..
I personally hate all the dialog boxes and security warnings. Look at how bad it is in (the not so secure) Windows..
Yeah, but if you download a file named "Safari.pkg" off of LimeWire, you can't expect anything less IMHO..
What if you're just browsing some random web site, and the site includes a JavaScript redirect that downloads the .dmg file in the background without your noticing? And then, the .dmg automatically opens the pkg installer? With no warning, you are screwed no matter what. With the warning, those who know what they're doing will know that they didn't download this package intentionally and will not allow it to run, but newbies might see a package named "Safari.pkg", think "Oh, that's Safari, I was using it. This must be an auto-update" and allow it to run. All in all a non-ideal situation. But at least it's better than having the script run without even asking...
Has there been pressure from devs to Apple to backport the updated Tiger Packagemaker to Jaguar? That would be useful, but perhaps not a marketing hype move like iChat AV's earlyier preview.
Tiger is still a long ways away, and I've heard some devs are going to Loki in the meantime for their installer...
Comments
Does it suck? Yes. Is it some grevious error? No.
I'm looking forward to the new imaging APIs in Tiger. I also hope they add some sample code to help shorten the learning curve.
Originally posted by CharlesS
Because an evil package author could easily put malicious code in that checking program.
...If it just ran the checker, that would be an exceedingly easy way for a web page to run rm -rf ~ or install a virus/trojan or do anything they wanted,...
Well, I'm very glad and very scared that there are people who think like you out there.
That sounds like a long shot scenario to justify an extra step (and level of complexity) to the standard installation process where simplicity is a key factor. Every installer I've ever seen makes you choose a disk to install the app on. This is a chance to stop a rogue program from installing itself.
I think Apple could make an installer that is both secure and requires minimal user interaction.
The script runs as the very first stage - by the time you get to 'choose a disk', it's way too late for malicious scripts to be stopped.
You get security, or user interaction. Pick one. I'll take the latter, thanks, I *like* knowing when an installer package is going to run a script. Lets me back out, and manually look at the script if I want to before moving forward. Essentially, it's saying "This package has a script. I have no idea what's in it, and you're going to have to tell me it's okay before I run it, since it could do anything it wants. If you trust the source, click OK. If not, don't."
Originally posted by macFanDave
Well, I'm very glad and very scared that there are people who think like you out there.
That sounds like a long shot scenario to justify an extra step (and level of complexity) to the standard installation process where simplicity is a key factor. Every installer I've ever seen makes you choose a disk to install the app on. This is a chance to stop a rogue program from installing itself.
I think Apple could make an installer that is both secure and requires minimal user interaction.
Were you around for the major security hole a few months ago? The one that allowed any web page to arbitrarily launch code on your machine through either the Help Viewer or a fantasy protocol attack? The one that was a very big deal and caused panic all over the Mac world until it was fixed?
The situation with installer scripts would be worse. The reason is that they would be much easier for evil people to implement. The fantasy protocol exploit and others required the user to click on (or get redirected to) two links, with a delay in between. Exploiting the installer would only require one link. Plus, the danger from install scripts was known long before the other exploits. If Apple were to remove that dialog, I would frankly not be surprised at all if a trojan showed up very quickly utilizing it. It would be dead simple to create.
All right, all right, you've convinced me: there needs to be user response at that first stage of an installation.
However, I feel that the wording of the dialog should be improved. The current message is relatively innocuous and it is possible that an inexperienced user who isn't paying attention to accept it without thinking about it (even if it comes from an unknown source). Remember, the clever hackers are constantly finding ways to trick people to accepting their malware.
Perhaps it should read something like this, "You are about to install/upgrade <name of app>. If this is what you want, click on 'Continue'. If this is not what you want or the name of the application is not what you expect, click 'Quit'" and the default button ought to be "Quit." The safest action should always be the default, right? So instead of sounding like a bureaucratic hassle, the note would be a security reminder.
"The installer package "Insert Package Info Here" wishes to run a script before the installation proceeds. This script will be allowed to do anything it wishes, by default. If you trust the source of this installer, click Continue. If you do not, or have questions, please click Stop and contact the developer."
A 'More Info' button could display the script for those who are savvy to read it and determine for themselves if the script is safe.
Originally posted by macFanDave
Perhaps it should read something like this, "You are about to install/upgrade <name of app>. If this is what you want, click on 'Continue'. If this is not what you want or the name of the application is not what you expect, click 'Quit'" and the default button ought to be "Quit."
What if the name of the application is what they expect? What's to stop a malware writer from calling his installer package "Safari.pkg"?
Myself, I wish that internet-enabled .dmg files wouldn't automatically launch installers at all. I mean, come on, how hard is it for me to just go double-click the thing myself? Not very hard, and it makes it a lot harder to compromise users' machines. But at least having some warning is better than none at all...
Originally posted by CharlesS
What if the name of the application is what they expect? What's to stop a malware writer from calling his installer package "Safari.pkg"?
Myself, I wish that internet-enabled .dmg files wouldn't automatically launch installers at all. I mean, come on, how hard is it for me to just go double-click the thing myself? Not very hard, and it makes it a lot harder to compromise users' machines. But at least having some warning is better than none at all...
Yeah, but if you download a file named "Safari.pkg" off of LimeWire, you can't expect anything less IMHO..
I personally hate all the dialog boxes and security warnings. Look at how bad it is in (the not so secure) Windows..
Originally posted by Sopphode
Yeah, but if you download a file named "Safari.pkg" off of LimeWire, you can't expect anything less IMHO..
What if you're just browsing some random web site, and the site includes a JavaScript redirect that downloads the .dmg file in the background without your noticing? And then, the .dmg automatically opens the pkg installer? With no warning, you are screwed no matter what. With the warning, those who know what they're doing will know that they didn't download this package intentionally and will not allow it to run, but newbies might see a package named "Safari.pkg", think "Oh, that's Safari, I was using it. This must be an auto-update" and allow it to run. All in all a non-ideal situation. But at least it's better than having the script run without even asking...
Tiger is still a long ways away, and I've heard some devs are going to Loki in the meantime for their installer...