Last paragraph:

------------ Such security issues are, of course, not exclusive to the Mac. If a user can be tricked into downloading and opening a file, that user's system can be compromised. "This is true regardless of the operating system being used. It is a universal vulnerability," Long said. ------------

Uhh, yeah, so . . . well, I guess thank you ZDNet and MacNN for this . . . ah, non-news (yet again).

Yes, you can disguise files in Mac OS. This is not a major problem... you can't completely disguise files in Windows and people are still social-engineered into running viruses. You can't stop social-engineering, except by teaching people that downloaded files are *never* safe.

So quit calling the option "open safe files after downloading". Change it to "display downloaded file in secure application" and stop using standard LaunchServices to launch the application. Provide a "WebServices" API, or an "untrusted" flag, and limit THAT list to applications that are designed to open "untrusted" files.

AND... to stop this attack... if there's any handler for DMG files, ZIP files, and other "wrapper" files in this "WebServices" database... it must NOT maintain metadata.

....since when are they responsible for other software company products that may not warn you like they should?

They lead by example and they have stepped up and done it with MacOSX and Safari.

Its the users responsibility to make sure they don't open files they don't know are safe.

Take some ownership and responsiblity for your machine folks, sheesh.

you don't get it. people are never to blame, some CEO is. This is America, I'm ALWAYS right and they're always wrong!

Sounds like the 3rd party developers have a flaw not Apple.

Has any Mac been infected by a virus or trojan or worm while running OS X? I keep seeing these stories but none of them ever mention an actual infection of any machines. I think all Mac virus stories will continue to be non-stories until a Mac is actually infected.

In order to maintain the image of invicibility, it's extremely easy to shrug off the fact that one's own Mac has been infected.

Besides, any Mac user who is stupid enough to get their Mac infected probably wouldn't let others know. That's what I call, "a user who is experiencing FUD from the Mac community itself for his/her own stupidity."

So, no, you won't hear anyone you know admit that their Mac has been truly infected with malware. And, even if they do make the admission, it's shrugged off as no big deal. Of course, all malware for the MacOS can be considered quite minor. However, the fact remains that the machine itself was infected.

....since when are they responsible for other software company products that may not warn you like they should?

They lead by example and they have stepped up and done it with MacOSX and Safari.

Its the users responsibility to make sure they don't open files they don't know are safe.

Take some ownership and responsiblity for your machine folks, sheesh.

posted by HowardG

You're right, Howard. Users need to be more responsible for the performance of their machines. To do so otherwise can be quite costly on many levels.

On the other hand, Apple has a vested interest in the overal performance of their products. They choose carefully which manufacturers have the privilege of having their parts inside a Mac, iPod, or any other Apple product. The same goes for any software that has been made compatible for the MacOS platform. There are legal implications when a 3rd-party vendor puts the Macintosh name on their own products, indicating that it is Mac-compatible. After all, the better the two products work together, the more Apple can say that their machines outperform PCs using certain software which is proven especially in multimedia apps.

I'd say that in the bigger scheme of things, BOTH Apple and the end-user are responsible for the overall performance of the Mac.

That weird ego trip thing might be what's up w/ the linux world or something, but I wholeheartedly disagree with you.

Unless you are completely isolated, you will find people who know more or less than you do about computers. Those who use a mac and know less than you will whine about every little thing and tell you right away (actually 'something') deleted my applications folder.

Sometimes people may not even know they've been compromised by anything in particular and just say 'something is broken'.

Duh..'it won't happen to me if I don't think about it or tell anyone' Sorry, heard too many complaints to buy into that.

Why LaunchServices is becoming the proverbial 'registry' on Apple's back is beyond me. In a few months you won't be able to talk about locking an application down without some ignorant fool saying 'oh, but all someone has to do is change an entry in LaunchServices to get past that'. It's about time Apple admits they need to stop bs'ing people.

If I drag an executable onto an application I can read it instead of executing it. With the exception of opening from within the Application file menu, there is no safer way. If you want to implement safety then change the method by which files are opened without user intervention. Not very difficult...unless you're saving security for 10.5

81i | 81i1 | 81i2 | 81i3 | 81i4 | 81i5 | 81i6 | 81i7 | 81i8 | 81i9 | 81i10 | 81i11 | 81i12 | 81i13 | 81i14 | 81i15 | 81i16 | 81i17 | 81i18 | 81i19 | 81i20 | 81i21 | 81i22 | 81i23 | 81i24 | 81i25 | 81i26 | 81i27 | 81i28 | 81i29 | 81i30 | 81i31 | 81i32 | 81i33 | 81i3