Re: Widget Security - dslreports.com

Author	All Replies
rjackson Premium,Mod join:2002-04-02 Ringgold, GA clubs: Host: SMC Networks Automotive VOIP Tech Chat ViaTalk Teleblend	reply to bobrk Re: Widget Security said by bobrk : So it's sort of up to the Dashboard to do security duties? No, It's Up To You™. Some people might think it's unfair but you shouldn't trust a widget you downloaded any more than you would trust a shell script, Automator workflow, or AppleScript. The good news is it's fairly easy to audit a widget simply because they're scripts, rather than a binary that isn't very human-readable.
	to forum · permalink · · 2005-05-06 17:30:46 ·
jDyno Premium join:2001-02-20 Washington, DC clubs:	said by rjackson : said by bobrk : So it's sort of up to the Dashboard to do security duties? No, It's Up To You™. Some people might think it's unfair but you shouldn't trust a widget you downloaded any more than you would trust a shell script, Automator workflow, or AppleScript. The good news is it's fairly easy to audit a widget simply because they're scripts, rather than a binary that isn't very human-readable. Tell that to my 60-year old mother, for whom I'll be updating her new iBook to Tiger in the coming weeks. Hell, tell that to my 36-year old sister, who is a very computer-savvy graphic designer, but wouldn't know what the code meant if you forced her to read it like a EULA every time the widget launched! It's just not practical, rjackson. Even for me, and I write webdev code for a living. It would be really easy to hide some nefarious stuff in benign-looking code. And tell me, have you opened every single Widget you downloaded before loading it and thoroughly examined every single line to make sure it doesn't do anything you don't expect? C'mon. And at this point, I'm not even asking for anything too advanced from Dashboard or Automator. I just want even the barest programmatic protections against nefarious stuff, like explicitly telling me that an app requires System or Net access (the current warning is too vague and I even missed that it was asking for access to the SYSTEM, rather than just telling me I'm running something for the first time) and ALSO telling me in idiot terms, why I should care about this. This isn't about protecting those that know better or can do things to protect themselves. Apple is getting more and more into an uneducated consumer space, and that's a good thing, so they need to do more to protect those that can't protect themselves. -- Smart Marketing
jDyno Premium join:2001-02-20 Washington, DC clubs:	to forum · permalink · · 2005-05-06 17:55:19 ·
sporkme drop the crantini and move it, sister Premium,MVM join:2000-07-01 Morristown, NJ ·Optimum Online	reply to rjackson said by rjackson : said by bobrk : So it's sort of up to the Dashboard to do security duties? No, It's Up To You™. Some people might think it's unfair but you shouldn't trust a widget you downloaded any more than you would trust a shell script, Automator workflow, or AppleScript. The good news is it's fairly easy to audit a widget simply because they're scripts, rather than a binary that isn't very human-readable. Eek! That sounds like something you'd overhear in the Windows Help forum. -- Bush/Cheney '04! - Scared Straight "Patriotism is supporting your country all the time and your government when it deserves it."
	to forum · permalink · · 2005-05-06 18:03:13 ·


Tuesday, 24-Nov 07:05:20	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF