Skip navigation

Cat and mouse with Trojan begins

5232 Views 38 Replies Latest reply: Jun 3, 2011 7:58 PM by R C-R RSS
  • Terence Devlin Level 10 Level 10 (121,640 points)
    Currently Being Moderated
    Jun 3, 2011 2:43 AM (in response to etresoft)
    Force all but power users into the Mac App Store. Anyone who opts out does so at their own risk. It works great for iOS, it will work great on the Mac too.

     

    All we need now is a quick definition of "power users" and we're off. Should be an easy sell too. "See, on the Mac we have two kinds of User. Those who pass etresoft's test and can be allowed install whatever they like on their computer and the rest (who, incidentally, don't get to use apps made by Adobe and Microsoft)"

     

    Yes, as a Marketing Campaign that really sells itself.

     

    As a suggestion it's up there with Bill Gate's solution for Spam a few years back: Charge for every email you send.

     

    Regards

     

     

    TD

  • Terence Devlin Level 10 Level 10 (121,640 points)
    Currently Being Moderated
    Jun 3, 2011 2:48 AM (in response to noondaywitch)

    noondaywitch wrote:

     

    I don't own an iPhone and never will as long as it's locked in to the iOS App Store.

     

     

    Which is fair enough, I guess.  But I don't understand this:

     

    I don't have the App store on my Mac, nor will I ever have.

     

    Why not? It's just a store. It's not a closed loop. Developers aren't required to use the App Store. Those who do are not required to use it exclusively. You can purchase from the App Store or anywhere else the products sells as you choose. What's the problem?

     

    Regards

     

     

    TD

  • noondaywitch Level 6 Level 6 (8,130 points)
    Currently Being Moderated
    Jun 3, 2011 3:23 AM (in response to Terence Devlin)

    Unlike the iTunes store, the App store can't be disabled, except by removing it completely. As far as I'm concerned it amounts to spyware embedded in the OS.

     

    And we are way off the original topic

  • etresoft Level 7 Level 7 (23,880 points)
    Currently Being Moderated
    Jun 3, 2011 5:43 AM (in response to R C-R)

    You are forgetting your target audience here. Let me put on my "switcher" hat and step into my virtual Best Buy...

     

    Best Buy: Are you sure I can't interest you in a new HP, cheap netbook, Galaxy tab, or even Playbook-Blackberry combo?

    Me: No, sorry. I much prefer the style and ease of use of the Mac. I am worried about viruses though. I understand Macs have really been hit hard by viruses lately.

    Best Buy: That is certainly true. You've really done your homework here.

    Me: I've heard great things about Sophos anti-virus for Mac. I would like to buy that.

    Best Buy: We don't carry that product. We do have a sale going on. Get $10 off of Norton Anti-Virus with the purchase of a new Mac. Norton is the leader in Mac anti-virus.

    Me: Great! Let's do it.

     

    That's the way it really goes down

  • etresoft Level 7 Level 7 (23,880 points)
    Currently Being Moderated
    Jun 3, 2011 5:53 AM (in response to Terence Devlin)

    Terence Devlin wrote:

     

    All we need now is a quick definition of "power users" and we're off.

     

    Power users would be self-identified. If you want admin privileges, you have to tick off the box when installing. Even power users don't need admin privileges very often. The less you use them, the more stable your system will be. I get along just fine as a standard user on my work machine. It is fairly unanimous that not using an admin account all the time is a good idea. Just make that the default behaviour.

     

    Should be an easy sell too. "See, on the Mac we have two kinds of User. Those who pass etresoft's test and can be allowed install whatever they like on their computer and the rest (who, incidentally, don't get to use apps made by Adobe and Microsoft)"

     

    Of course, you are right. If an idea can't be implemented with current habits and expectations, it is impossible for the future. How silly of me to even suggest such a thing.

  • R C-R Level 6 Level 6 (13,780 points)
    Currently Being Moderated
    Jun 3, 2011 6:00 AM (in response to etresoft)

    The audience I target is folks that come here looking for accurate info, not nonsense.

  • etresoft Level 7 Level 7 (23,880 points)
    Currently Being Moderated
    Jun 3, 2011 6:06 AM (in response to noondaywitch)

    The only people who would be concerned with the potential spyware aspect are those who have installed bootleg software. By no coincidence, those are the people who should be most worried about malware.

     

    I think the Mac App Store is best anti-piracy idea in a long time. The two factors that encourage piracy are high software prices and inquisition-style license locks. The Mac App Store addresses both with lower prices, free upgrades, easy installs, and no more license keys. The only downside I see to the Mac App Store is the lack of a trial mode and the vast amount of junk on it.

     

    Even with iOS, there is no true "dictatorship". All of these "restrictions" are just default settings that can be changed if you are determined enough. Those more restrictive settings seem to work just fine for most people. I say apply that to MacOSX but allow people to create admin accounts if they so desire - just not by default.

     

    Whether you think it would be a marketing disaster or not is a side issue. If the only install path were the Mac App Store and the default user was a standard user, Mac users would be immune to even these silly trojans too. Perhaps a few privacy advocates and Apple Support Communities old-timers will object - but they will get over it.

  • R C-R Level 6 Level 6 (13,780 points)
    Currently Being Moderated
    Jun 3, 2011 6:44 AM (in response to etresoft)

    etresoft wrote:

    If the only install path were the Mac App Store and the default user was a standard user, Mac users would be immune to even these silly trojans too.

    Think it through. Mac users would be "immune" to much more than malware if the default user account was a standard one!

  • etresoft Level 7 Level 7 (23,880 points)
    Currently Being Moderated
    Jun 3, 2011 7:28 AM (in response to R C-R)

    R C-R wrote:

     

    Think it through. Mac users would be "immune" to much more than malware if the default user account was a standard one!

    I know! They would also be immune from misconfiguration from typing sudo command lines they see on some blog. Sweet!

  • Bob Lang1 Level 5 Level 5 (4,080 points)
    Currently Being Moderated
    Jun 3, 2011 7:56 AM (in response to etresoft)

    Hi etresoft

     

    Apple needs to Thin Different. They need to abandon the default Admin user entirely.

    Agreed

     

    Force all but power users into the Mac App Store.

    As a small time developer i don't like that approach, because it gives too much power to Apple to veto an application I might have spent many month developing.

     

    However, I have been giving protection some thought recently and the problem is that once an app is installed it can do anything it wants to the computer, including trashing the filing system.  I wonder if a better approach is to put each app in its own tightly controlled sandbox so that any mess it makes is restricted to a small part of the system and is recoverable.

     

    Just a thought

     

    Bob

  • R C-R Level 6 Level 6 (13,780 points)
    Currently Being Moderated
    Jun 3, 2011 8:01 AM (in response to etresoft)

    Think it through a bit more. How would they install OS updates or do anything else that requires admin authorization? … including creating an admin account? They would not even be able to do a permissions repair or install anything in /Applications/.

     

    If Apple provided a way to bypass that requirement, the cure would be worse than the disease.

  • R C-R Level 6 Level 6 (13,780 points)
    Currently Being Moderated
    Jun 3, 2011 8:09 AM (in response to Bob Lang1)

    Bob Lang1 wrote:

    ... the problem is that once an app is installed it can do anything it wants to the computer, including trashing the filing system.

    Not exactly true. Even apps installed with admin authorization are limited in what they can do without going through root level processes that have their own restrictions on what the OS will allow the calling process to do.

  • etresoft Level 7 Level 7 (23,880 points)
    Currently Being Moderated
    Jun 3, 2011 8:21 AM (in response to R C-R)

    There are ways around that. The Mac App Store can communicate with a root helper to do any application installs or system software updates.

  • etresoft Level 7 Level 7 (23,880 points)
    Currently Being Moderated
    Jun 3, 2011 8:34 AM (in response to Bob Lang1)

    Bob Lang1 wrote:

     

    As a small time developer i don't like that approach, because it gives too much power to Apple to veto an application I might have spent many month developing.

    As a small time developer myself, I'm frustrated that I don't have enough time to finish any applications to get them into the Mac App Store to sell. I recently shut down my old credit card merchant account. I am glad to be rid of that. Having done it myself for many years, 30% seems like a bargain for handling all of those details.

     

    I think the veto risk is way overblown. Most developers have nothing whatsoever to worry about.

     

    However, I have been giving protection some thought recently and the problem is that once an app is installed it can do anything it wants to the computer, including trashing the filing system.  I wonder if a better approach is to put each app in its own tightly controlled sandbox so that any mess it makes is restricted to a small part of the system and is recoverable.

     

    That isn't true for apps in the Mac App Store. They aren't allowed to have or ask for admin privileges. It is certainly true of anything you install with an admin password from a source outside of the Mac App Store. When you hand over your admin password, you hand over just about everything. If you are using a default admin account, then you really do hand over everything, including the contents of your keychain (if the software is clever enough).

     

    I would like to see Apple allow some products (like Parallels and Little Snitch) the ability to install kernel modules. Maybe charge more money or require more review or something.

  • R C-R Level 6 Level 6 (13,780 points)
    Currently Being Moderated
    Jun 3, 2011 10:05 AM (in response to etresoft)

    etresoft wrote:

    The Mac App Store can communicate with a root helper to do any application installs or system software updates.

    Only after it is installed, which requires … guess what?

     

    What you are proposing is basically a closed system with no administrator. It isn't a practical solution for upgradable systems, particularly where security is concerned. That's why the idea was abandoned long ago.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.