 |
 |
Why Doesn't SU Update Keychain Too?
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
I'm wondering why, after OS updates and security updates are applied by Software Update, Keychain presents a dialog prompting the user to update it. I imagine this is disconcerting for the average user, in addition to those paranoid over security exploits. If the keychain has to be updated after an OS update, shouldn't Software Update do it automatically?
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: in front of the keyboard
Status:
Offline
|
|
Mine never does that.
Maybe you got hacked? 
|
|
signatures are a waste of bandwidth
especially ones with political tripe in them.
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: Tempe, AZ
Status:
Offline
|
|
I think it's a security feature. If the app requesting keychain access has changed since the last access, you're prompted. This prevents malware from spoofing as a trusted app.
That's what I've always assumed, anyway.
|
Geekspiff - generating spiffdiddlee software since before you began paying attention.
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Yokohama, Japan
Status:
Offline
|
|
Originally posted by smeger:
I think it's a security feature. If the app requesting keychain access has changed since the last access, you're prompted. This prevents malware from spoofing as a trusted app.
That's what I've always assumed, anyway.
That was my assumption, too.
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2001
Location: Victoria, Australia
Status:
Offline
|
|
It does concern many users. I develop a small application for connecting to an ISP here in Australia, and I often get people asking me why (after a SU) the computer is saying something about my application accessing keychain. They think something fishy is going on, when the reality is purely that my app uses keychain to store their password...
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status:
Offline
|
|
Originally posted by smeger:
I think it's a security feature. If the app requesting keychain access has changed since the last access, you're prompted. This prevents malware from spoofing as a trusted app.
That's what I've always assumed, anyway.
That's exactly it.
|
|
Vandelay Industries
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally posted by Kristoff:
Mine never does that.
Maybe you got hacked?
Now YOU should be worried.
Whatever happendend to your Mac...
-t
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: in front of the keyboard
Status:
Offline
|
|
??? My macs are all running just fine. Why do you ask?
|
|
signatures are a waste of bandwidth
especially ones with political tripe in them.
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Originally posted by curmi:
It does concern many users. I develop a small application for connecting to an ISP here in Australia, and I often get people asking me why (after a SU) the computer is saying something about my application accessing keychain. They think something fishy is going on, when the reality is purely that my app uses keychain to store their password...
Well, at least one person shares my concern. . . This really has nothing to do with spoofing trusted applications, because the thing the dialog says is "OS X has been updated. . ." If OS X needs to update the keychain after a software update, it should do it automatically rather than prompt the user.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
Originally posted by Big Mac:
Well, at least one person shares my concern. . . This really has nothing to do with spoofing trusted applications, because the thing the dialog says is "OS X has been updated. . ." If OS X needs to update the keychain after a software update, it should do it automatically rather than prompt the user.
But then some virus could modify Safari, and then the virus code could grab all your passwords from Safari's access to the Keychain, and you'd never know about it.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Originally posted by CharlesS:
But then some virus could modify Safari, and then the virus code could grab all your passwords from Safari's access to the Keychain, and you'd never know about it.
If you think this is the proper behavior then I'll agree with it, but I don't know if we're talking about the same thing. The dialog I'm talking about says that OS X has been updated, "would you like to update all keychains?" It really has nothing to do with Safari; it occurs after an update whenever any application tries to access the keychain. It is my claim that if Software Update updates OS X or one of its trusted applications, SU should update the keychain itself. In contrast, if something else has updated OS X or a trusted application, then the user should be prompted and warned that the OS or application has been updated in an unconventional and possibly unsanctioned manner.
The way it works currently the user is likely to simply dismiss the dialog, after seeing it so many times subsequent to using Software Update. The OS shouldn't be showing this prompt after a proper update, but rather only when the OS or a trusted app has been updated in an unconventional manner.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
