toggle

AAPL Stock: 111.78 ( -0.87 )

Printed from http://www.macnn.com

Macte! Safari Toolbar bypasses Apple limitations

updated 12:30 pm EDT, Fri May 22, 2009

Macte! Safari Toolbar

Macte! Labs has released a beta version of the Macte! Safari Toolbar, an extension for Apple's web browser. Although most toolbars for Safari are based on hacks, the Macte software is said to rely on officially-documented techniques. Integrated are several search options, including Google, Yahoo and Live. The extension also provides access to services such as e-mail, currency rates, stock prices and Google Translate.

The beta toolbar is a free download, and requires Max OS X 10.4 along with Safari 2, 3 or 4. Macte is further taking orders for custom-branded toolbars; those interested in building a custom option must contact the company directly.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. bobolicious

    Joined: Dec 1969

    0

    Is security...

    ...a risk with these add ons?

  1. testudo

    Joined: Dec 1969

    0

    Re: Is security

    Except for whether the add-on is a virus or trojan (and how do you know any software isn't a trojan?), it should be safer than haxies as they claim to use the built-in API.

  1. Fairly

    Joined: Dec 1969

    -4

    Yes there is

    This is so much disingenuous hype. You're bypassing Safari limitations? Yeah right. This is an input manager and no more. Daring F has written about (spoken out against) this. YES there is a risk. There are several. Perhaps the best of the risks is Apple may just decide to scrap the whole input manager thing for Snow Leopard. Then we'll all be a lot safer.

  1. testudo

    Joined: Dec 1969

    0

    risk

    What risk is there?

  1. fubar_this

    Joined: Dec 1969

    0

    Risks

    The input manager mechanism was a huge security risk in Tiger. Apple limited their risk in Leopard by requiring InputManager plugins in /Library to have certain permissions before they are loaded. InputManagers in ~/Library are not loaded anymore unless there is a preference set.

    However other code modules (like Contextual Menu Plugins) do not have similar restrictions because they are much more popular, and therefore cannot be deprecated. Because any malware could install itself to ~ WITHOUT administrator privs, and therefore be loaded into every process, expect those code modules to be deprecated in Snow Leopard (since Snow Leopard breaks most plugin modules with the 64-bit transition).

    The security risk is this: Once loaded into a process (via any means, legit or otherwise), a code module's ability to do whatever it wants is greatly increased. Once in a process a dynamic module can bypass most security restrictions, since Mac OS X's security restrictions like the Leopard firewall work at the process layer, not at the DLL/code module layer, so the exact code image making the syscall cannot be restricted. For example you can't say "Allow Safari to accept incoming connections, but not its plugins". The MAC framework cannot be used to make a restriction like "Allow Word to access this file, but not the contextual menu plugins it loads".

  1. testudo

    Joined: Dec 1969

    0

    OK

    So Apple let's all these security risks in their software, and have for version upon version. Then how does one argue Apple 'cares' about security?

    What you describe is exactly what MS did. They have technologies, they turn out to be problematic security-wise, but they won't fix them because it breaks 'backward compatibility'.

    BTW, you used the term deprecate, but I think you mean removal. Deprecate means "It's still there, but we plan on getting rid of it at some point and it won't be updated in the future in case it breaks." Removing them would just make the features not work. At best, you can say Apple deprecated input managers in Leopard. One hopes they go the next step.

  1. testudo

    Joined: Dec 1969

    0

    oh

    And just note that the reason all these input managers, haxies, etc, exist in the first place is because (a) Apple didn't put in proper APIs to perform these actions, and (b) people want these APIs. Not just the developers (who want everything, of course), but they wouldn't make the apps if people didn't want them/buy them.

    For example, Safari should have an API to allow other search engines in the search box, like every other browser allows, and allow sites to make their own. Not everyone always searches via google for everything.

    But why anyone would download a toolbar for their browser is beyond me. I just love seeing IE users with 5 different tool bars, all never used.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented

 
toggle

Popular News