Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > Fix This Problem Once And For All, Apple! Digital Signatures.

Fix This Problem Once And For All, Apple! Digital Signatures.
Thread Tools
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Feb 16, 2006, 08:10 PM
 
What the arbitrary internet protocol vulnerability already showed, and what the Leap/A-virus demonstrates, is that Apple needs to fix the trojan problem once and for all and finally introduce digitally singed executables. Program authors must sign their programs, they need to get the certificate from a trustworthy certification agency that validates who they are, and if that is not given, then the system must not run the program (or not at least without notifying the user that a not-trustworthy program is about to be run). The hacker-kid who wrote Leap/A most definitely would not have spent the dollars to get a certificate to sign his virus, and if he would have, he would already sit in jail.

Digitally signed executables are long overdue and would have completely averted this issue. It's about time, Apple! Fix this problem properly and once and for all. Don't come with with one more half-baked warning dialog again.
     
Registered User
Join Date: Oct 1999
Location: North Coast
Status: Offline
Reply With Quote
Feb 16, 2006, 08:45 PM
 
Originally Posted by TETENAL
What the arbitrary internet protocol vulnerability already showed, and what the Leap/A-virus demonstrates, is that Apple needs to fix the trojan problem once and for all and finally introduce digitally singed executables. Program authors must sign their programs, they need to get the certificate from a trustworthy certification agency that validates who they are, and if that is not given, then the system must not run the program (or not at least without notifying the user that a not-trustworthy program is about to be run). The hacker-kid who wrote Leap/A most definitely would not have spent the dollars to get a certificate to sign his virus, and if he would have, he would already sit in jail.

Digitally signed executables are long overdue and would have completely averted this issue. It's about time, Apple! Fix this problem properly and once and for all. Don't come with with one more half-baked warning dialog again.
I hadn't thought of this before. It seems to make sense in my mind in the way you described. What is the hold up on such a way of doing things? (Other than Apple itself, obviously there must be someone willing to play devils advocate on this one?) I'm just curious to hear the other side to see if I'm missing anything, because it seems like a pretty good concept to me at this point.
     
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
Feb 16, 2006, 09:09 PM
 
Originally Posted by DarwinX
I hadn't thought of this before. It seems to make sense in my mind in the way you described. What is the hold up on such a way of doing things? (Other than Apple itself, obviously there must be someone willing to play devils advocate on this one?) I'm just curious to hear the other side to see if I'm missing anything, because it seems like a pretty good concept to me at this point.
The problem with this is it squeezes shareware authors... buying a digital certificate is likely to be a fixed cost, which is something that big name developers can afford easily. They can say "But you're not required to buy a certificate." Well, yes, you have to, because otherwise you're a second class citizen, and that's just as bad as giving up a (rather large percentage) of your profits.
     
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Feb 16, 2006, 09:22 PM
 
Say goodbye to open-source, freeware and most shareware.

Yes, making it difficult to produce software would make it more difficult to produce malicious software, but I'm not sure what the platform needs is fewer developers.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Feb 16, 2006, 09:24 PM
 
Exactly. This would really suck for shareware developers, who usually don't make that much money off registrations anyway. Whom it would suck even more for would be freeware and open-source developers. You can bet that if a system like this were implemented, you'd see a lot less shareware, freeware, and open source software for OS X...

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status: Offline
Reply With Quote
Feb 16, 2006, 10:58 PM
 
You can't solve a social problem with a (half-baked) technical solution.

Just like the phishing sites now getting valid SSL certs, the malware authors will get valid certs to sign their apps.
     
Banned
Join Date: Jun 2003
Status: Offline
Reply With Quote
Feb 17, 2006, 09:16 AM
 
Like many have said, this solution wouldn't work.
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Feb 17, 2006, 11:25 AM
 
Originally Posted by CharlesS
Exactly. This would really suck for shareware developers, who usually don't make that much money off registrations anyway.
A code signing certificate costs $159 from Thawte. That is affordable for most Shareware developers. It is definitely affordable for Mozilla Foundation or Sun for their open-source projects. You are all also under the assumption that trustworthiness is not a feature. It is. When the user can determine the identity of the author in a reliable way and he can check the integrity of the program, the increased trust due to the signature can increase sales and make up for the additional costs of the certificate.
Originally Posted by CharlesS
You can bet that if a system like this were implemented, you'd see a lot less shareware, freeware, and open source software for OS X...
No, it will do nothing to the amount of shareware, freeware, and open source software. Freeware for which it is not worth for the author to get a certificate for will just continue to be distributed unsigned. Just as it is today. The user will get a notification about it and that's it.
But the system would have made sure that everybody who wanted to open the latest "JPEGs" would have noticed that it is in fact a trojan application. Leap/a would have been a total non-issue. And it would allow admins to completely disallow running untrusted applications (even tighten down to limit to certain vendors only) and therefore completely secure their systems. This would be a major advantage for OS X in the corporate world.
     
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Feb 17, 2006, 11:39 AM
 
Originally Posted by TETENAL
A code signing certificate costs $159 from Thawte.
Your shareware must sell better than a lot of people's if you think that's pocket change. I don't do shareware, but I think a recurring $160 fine on every software title would be an annoying cut of the profits for a lot of people.

Originally Posted by TETENAL
Freeware for which it is not worth for the author to get a certificate for will just continue to be distributed unsigned. Just as it is today. The user will get a notification about it and that's it.
And assuming this doesn't turn too many people off, the user will come to think of the "WARNING! WARNING!" dialog as yet another security annoyance that should be ignored since it's always flagging perfectly normal software. You'd just bring another type of social conditioning into the situation.

Originally Posted by TETENAL
You are all also under the assumption that trustworthiness is not a feature. It is. When the user can determine the identity of the author in a reliable way and he can check the integrity of the program, the increased trust due to the signature can increase sales and make up for the additional costs of the certificate.
It might increase sales, but I strongly doubt it would increase sales much beyond the point they are at now. What you're suggesting is basically a "protection" racket shakedown of shareware developers.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
Professional Poster
Join Date: Oct 2002
Location: Off the Tobakoff
Status: Offline
Reply With Quote
Feb 17, 2006, 11:49 AM
 
Originally Posted by Chuckit
Your shareware must sell better than a lot of people's if you think that's pocket change. I don't do shareware, but I think a recurring $160 fine on every software title would be an annoying cut of the profits for a lot of people.
Are you sure it's recurring? Seems like it would be a one-time deal.

And assuming this doesn't turn too many people off, the user will come to think of the "WARNING! WARNING!" dialog as yet another security annoyance that should be ignored since it's always flagging perfectly normal software. You'd just bring another type of social conditioning into the situation.
The average Mac user sticks with the basics and doesn't download that much shareware. Regardless, if this dialog appeared upon double-clicking what appeared to be a document, this should raise some alarms.
"You rise," he said, "like Aurora."
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Feb 17, 2006, 11:49 AM
 
Originally Posted by Chuckit
And assuming this doesn't turn too many people off, the user will come to think of the "WARNING! WARNING!" dialog as yet another security annoyance that should be ignored since it's always flagging perfectly normal software.
In the corporate world users are not supposed to run their own software. In the corporate world system admins could limit the runable software to that that is digitally signed, or to that that is signed by certain vendors only. No amount of social engineering can make the secretary run a trojan then. In the corporate world this system would work. And in the corporate world it is where virus attacks cost millions of dollars.

If you don't like this, then you can turn it off. But for those of us who want to properly secure their system, Apple needs to implement digitally signatures for executables.
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Feb 17, 2006, 11:55 AM
 
Originally Posted by Stradlater
Are you sure it's recurring? Seems like it would be a one-time deal.
Thawte's certificate costs $199 the first time and $159 yearly for a renewal. I mentioned this price to point out that the costs are not astronomical. Apple could bundle such a certificate to their ADC-membership or offer certificates at better prices than Thawte if they are concerned about share- and freeware (based on credit card identity for example). Even if a certificate had been acquired fraudulently, it could be revoked online (as Thawte's appear to be able to), so an attack could be stopped at least shortly after the initial outbreak.
     
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
Feb 17, 2006, 01:11 PM
 
Originally Posted by TETENAL
Thawte's certificate costs $199 the first time and $159 yearly for a renewal. I mentioned this price to point out that the costs are not astronomical. Apple could bundle such a certificate to their ADC-membership or offer certificates at better prices than Thawte if they are concerned about share- and freeware (based on credit card identity for example). Even if a certificate had been acquired fraudulently, it could be revoked online (as Thawte's appear to be able to), so an attack could be stopped at least shortly after the initial outbreak.
Let's say you sell a shareware product for $20, and you only sell 20 copies a year. That $400 you made was just reduced to $200 and then $240 after that.

50% of the money you made is gone, just like that.

Digital signatures are NOT the solution.

We need to EDUCATE people on these types of issues. These are social engineering problems, not technological ones.
     
Professional Poster
Join Date: Jan 2003
Location: Teaneck, NJ
Status: Offline
Reply With Quote
Feb 17, 2006, 01:36 PM
 
I don't see why they can't have a $10 option for freeware people just to get a real address from someone (no po box etc.). Just send the license/key/whatever to a real person or even registered mail ($10 should cover that) so you have a signature. Fake IDs would be an issue, but at least this is something.
AT&T iPhone 5S and 6; 13" MBP; MDD G4.
     
Dedicated MacNNer
Join Date: Dec 2001
Location: Bolton, UK
Status: Offline
Reply With Quote
Feb 17, 2006, 01:43 PM
 
If this warning message is supposed to appear every time an unsigned application is launched, it would effectively force every developer to buy a certificate, because users wouldn't stand for it.

On the other hand, if it's only supposed to appear the first time the application is launched, why bother with certificates at all? Better to show the message for everything. After all, you don't reinstall pro apps very often.

I would certainly not be able to justify the expense of $150/year for my shareware titles, and I think the majority of authors would say the same.

Barney.
     
Mac Elite
Join Date: Jul 2002
Status: Offline
Reply With Quote
Feb 17, 2006, 01:54 PM
 
No, digital signing is definitely a bad solution for this. What Apple needs to do is lock down the directories, like Input Managers, that can insert code into applications. Require a password to put files in them and an automatic notification of when things are put into the folder in the first place. As well, you should be able to run an app without having the contents of those folders inserted, and you should be able to inspect an app and see if it's been code injected. And that's just a start. Overall, a much better solution than digital signatures.
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Feb 17, 2006, 02:14 PM
 
Originally Posted by SSharon
I don't see why they can't have a $10 option for freeware people just to get a real address from someone.
As I said, Apple could offer this for cheaper than Thawte or bundle with the ADC membership if they are concerned about freeware and shareware developers.
Originally Posted by SSharon
Fake IDs would be an issue.
Then at least the certificate can be revoked after it becomes known that it has been abused.
Originally Posted by barney ntd
If this warning message is supposed to appear every time an unsigned application is launched, […] users wouldn't stand for it.
You would require allowance by the user only once of course.
Originally Posted by barney ntd
On the other hand, if it's only supposed to appear the first time the application is launched, why bother with certificates at all?
To allow system admins to lay down which programs can be run and which not for example.
Originally Posted by Thinine
No, digital signing is definitely a bad solution for this. What Apple needs to do is lock down the directories, like Input Managers, that can insert code into applications.
This does nothing to protect you against regular trojans like the "Office Installer"-trojan. And digitally signed executables don't require a password for everything (maybe most software-authors won't sign their apps, but the most used apps will be singed), so it's not annoying.
     
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Feb 17, 2006, 02:16 PM
 
Originally Posted by TETENAL
In the corporate world users are not supposed to run their own software. In the corporate world system admins could limit the runable software to that that is digitally signed, or to that that is signed by certain vendors only. No amount of social engineering can make the secretary run a trojan then. In the corporate world this system would work. And in the corporate world it is where virus attacks cost millions of dollars.
We can already control what programs users are able to run. And assuming your admins are legitimately buying the software rather than just grabbing it off Gnutella, there shouldn't be a question whether it's legit since you're getting it directly from the vendor.

I'm not saying there wouldn't be some minor benefits for security, but I'm saying that making it a core OS feature would not protect the average user and would probably be detrimental to the Mac software industry.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Feb 17, 2006, 02:28 PM
 
It's just not a viable solution, Tetenal. It may have worked when OS X was in its infancy, but even if a signing mandate were adhered to by most developers going forward, there are just far too many unsigned applications out there. It would make the warning that an unsigned app was launched absolutely meaningless. What I fault Apple for is allowing OS X to treat a file with an image extension (.jpg) as an executable.
( Last edited by Big Mac; Feb 17, 2006 at 02:35 PM. )

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
Mac Elite
Join Date: Jul 2002
Status: Offline
Reply With Quote
Feb 17, 2006, 02:29 PM
 
Originally Posted by TETENAL
This does nothing to protect you against regular trojans like the "Office Installer"-trojan. And digitally signed executables don't require a password for everything (maybe most software-authors won't sign their apps, but the most used apps will be singed), so it's not annoying.
Very little can protect against malware, even digital signing. But in the same thread as the automatic and permanent notification/authorization for certain folders, they could also mark certain directories that contain important data as requiring a password to delete, and would display what app wants to do it in the same dialog. But really, what we're trying to prevent here is the automatic execution of malicious code without user notification or authorization, which my solution would provide.
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Feb 17, 2006, 02:35 PM
 
Originally Posted by Big Mac
What I fault Apple for is allowing OS X to treat a file with an image extension (.jpg) as an executable.
The Leap/A virus doesn't have an extension.
     
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Feb 17, 2006, 02:37 PM
 
Originally Posted by TETENAL
The Leap/A virus doesn't have an extension.
Oh, I thought it did since the reports said it looked like a normal JPEG.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Feb 17, 2006, 02:38 PM
 
It has a JPEG icon pasted on.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Feb 17, 2006, 02:40 PM
 
Originally Posted by Big Mac
Oh, I thought it did since the reports said it looked like a normal JPEG.
It looked like a normal JPEG because it had a custom icon pasted on it which was that of a JPEG document. There is nothing that could prevent that unless you disallow custom icons for applications. That would make the Dock look rather dull.
     
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Feb 17, 2006, 02:57 PM
 
What I think Apple should probably do is drop the ability to launch applications that don't have an ".app" extension. After all, this ability has kind of gone down the drain anyway since the Script Editor's new ability to read files with '.1' for an extension has caused any Classic/CFM Carbon app that ended its filename with a version number that ended with .1 (1.0.1, for example) to try to open in Script Editor instead of launching properly, so it's already necessary to add .app extensions to old apps in order to run them.

What I would propose would be that when a file is double-clicked that has type code 'APPL' but no .app extension, you'd get a dialog box stating that the thing you double-clicked is an application, but it doesn't have the proper extension, and ask whether you'd like to automatically add the .app extension and launch it, or cancel. A legitimate app would thus be fixed, and afterward would continue to function as normal.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
JKT
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status: Offline
Reply With Quote
Feb 17, 2006, 03:59 PM
 
How about this? If the file is an application or executable, it is given a generic (edit: indicating that it is not yet run) Application icon until the user gives express permission for it to display its own custom icon (e.g. you would be prompted on first launch "You are launching this application for the first time, if you trust the source of the application, do you wish to allow it to display its own custom icon?" or something like that). Without that permission, the icon could not be changed. That would have prevented both the MS Office trojan and this trojan from working.
     
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Feb 17, 2006, 04:08 PM
 
Originally Posted by CharlesS
What I think Apple should probably do is drop the ability to launch applications that don't have an ".app" extension. After all, this ability has kind of gone down the drain anyway since the Script Editor's new ability to read files with '.1' for an extension has caused any Classic/CFM Carbon app that ended its filename with a version number that ended with .1 (1.0.1, for example) to try to open in Script Editor instead of launching properly, so it's already necessary to add .app extensions to old apps in order to run them.

What I would propose would be that when a file is double-clicked that has type code 'APPL' but no .app extension, you'd get a dialog box stating that the thing you double-clicked is an application, but it doesn't have the proper extension, and ask whether you'd like to automatically add the .app extension and launch it, or cancel. A legitimate app would thus be fixed, and afterward would continue to function as normal.
I thought about that, but would it have helped identify Leap-A any better if the author had just put the .app extension on it? The .app extension is hidden anyway, so would it make much of a difference? Would the "this application has been launched for the first time, do you want to continue?" dialog have been invoked if it had had .app on it?

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Feb 17, 2006, 07:43 PM
 
Originally Posted by CharlesS
What I think Apple should probably do is drop the ability to launch applications that don't have an ".app" extension.
That's impossible with the Unix-underpinnings of OS X. Leap/A is a command line program afaik.
Originally Posted by JKT
How about this? If the file is an application or executable, it is given a generic (edit: indicating that it is not yet run) Application icon until the user gives express permission for it to display its own custom icon (e.g. you would be prompted on first launch "You are launching this application for the first time, if you trust the source of the application, do you wish to allow it to display its own custom icon?" or something like that).
Then why have a generic icon at all? Just that prompt would suffice to notify the user he is launching a program. No need for ugly icons. Then simply drop that prompt if a program is digitally singed and we're back at my initial proposal.
     
Dedicated MacNNer
Join Date: Dec 2001
Location: Bolton, UK
Status: Offline
Reply With Quote
Feb 17, 2006, 08:10 PM
 
Originally Posted by TETENAL
Then simply drop that prompt if a program is digitally singed and we're back at my initial proposal.
I think this part is an unnecessary extra. A prompt for new application launches is probably a good idea.

[facetious comment] How do you digitally singe things? With a data blowtorch?

(signed) Barney.
     
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Feb 17, 2006, 08:18 PM
 
Originally Posted by TETENAL
That's impossible with the Unix-underpinnings of OS X. Leap/A is a command line program afaik.
Huh, you seem to be correct. My bad. I thought that this thing was a CFM Carbon 'APPL' type app.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
JKT
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status: Offline
Reply With Quote
Feb 17, 2006, 08:27 PM
 
Originally Posted by TETENAL
Then why have a generic icon at all? Just that prompt would suffice to notify the user he is launching a program. No need for ugly icons. Then simply drop that prompt if a program is digitally singed and we're back at my initial proposal.
Why have a generic icon, you ask? Firstly, so as to prevent a false and misleading icon being pasted on it to make it look like something it isn't (and who said it had to be ugly... generic != ugly)? Secondly, visual cues can be superior to textual ones and it would re-inforce the message that the prompt would display... be careful with this because we don't know what it is yet or who it came from until you tell us it is OK. Thirdly, it would also indicate to the user that they haven't yet run that piece of software and if they can't remember how it got there, then the alarm bells would start ringing. As others have pointed out, the digital signature method is not necessarily the best or only solution (although that isn't to say it doesn't have its merits) - I am merely proposing a simpler alternative (if it is feasible) that would not impact on the profitability or viability of free- and share- ware developers and would also have little impact on the ease of use of the system.
     
Banned
Join Date: Jun 2003
Status: Offline
Reply With Quote
Feb 18, 2006, 10:00 AM
 
1. Digital signatures would kill freeware developers.

2. One way to prevent people messing with the icon could be system-controlled icon badging mechanism. Apps are badged with a small 'application' icon scripts with a 'script' icon and documents with a 'document' icon.

If it's too intrusive to have your app icon covered by a smaller one, then Apple should make it fade in when the cursor is on top of the icon and fade out when it's off. You'll only see these badges if you cursor is on top of the icon.

Of course, this won't stop pure idiocy or ignorance from taking its course. There will undoubtedly be people that won't making anything of the small script icon that just faded on top of the generic JPEG icon and double-click it anyways.

Can't say they weren't warned though.
     
JKT
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status: Offline
Reply With Quote
Feb 18, 2006, 10:46 AM
 
Sorry, but that would be too easy to spoof - just have your malware with the misleading icon + badge pasted onto it.
     
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
Feb 18, 2006, 02:32 PM
 
Originally Posted by JKT
Sorry, but that would be too easy to spoof - just have your malware with the misleading icon + badge pasted onto it.
Not if the system itself puts the badge there. The fake badge would need to be in the same place to fool users, and the system badge would go right on top of it.
     
JKT
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status: Offline
Reply With Quote
Feb 18, 2006, 02:53 PM
 
'Tis true. I hadn't considered that. Potentially not such a bad idea after all
     
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Feb 18, 2006, 03:39 PM
 
Note that since the Oompa-Loompa trojan wasn't a Mac OS X application but rather a command line tool, it wouldn't have been badged by such a system anyway...

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
Banned
Join Date: Jun 2003
Status: Offline
Reply With Quote
Feb 18, 2006, 03:49 PM
 
Originally Posted by CharlesS
Note that since the Oompa-Loompa trojan wasn't a Mac OS X application but rather a command line tool, it wouldn't have been badged by such a system anyway...
Well...in the Finder Oompa-Loompa would have the JPEG icon...but when you'd put the cursor on top of it, a small or medium-sized command line app (UNIX executable) icon would fade in on top of the JPEG icon. If a user is properly warned that app badges or commande line app badges should never appear on top of a document icon, they would think twice before double-clicking it.

But now that I think about it, someone that has 'Show icon preview' checked should never be caught by that trick. Well, not someone that knows that he should never have generic picture icons on his desktop but rather thumbnails.
     
JKT
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status: Offline
Reply With Quote
Feb 18, 2006, 08:27 PM
 
Originally Posted by Horsepoo!!!
But now that I think about it, someone that has 'Show icon preview' checked should never be caught by that trick. Well, not someone that knows that he should never have generic picture icons on his desktop but rather thumbnails.
A malware writer could simply paste a proper preview on the icon or pretend it is a PSD document saved with a Preview to get around this.
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Feb 19, 2006, 12:21 AM
 
In OS 9 and earlier aliases had italic text. Programs could have italic text now. It works in all views and can not be spoofed somehow as far as I can tell.

Still, digitally singed executables would be the much simpler and better solution.
     
zro
Mac Elite
Join Date: Nov 2003
Location: The back of the room
Status: Offline
Reply With Quote
Feb 19, 2006, 01:29 AM
 
Why not a quarantine directory that downloads default to? Double clicking an item in it checks for the x bit and shows an info window that let's you know what exactly it is. Disable custom icons for items in the quarantine folder as well.


Hmm... wonder if a folder action could be used to look for the x bit on documents and strips custom icons from them. That wouldn't affect .app icons as they're read from an icon file inside the package itself, though.
     
Fresh-Faced Recruit
Join Date: Mar 2001
Location: Los Angeles, CA
Status: Offline
Reply With Quote
Mar 6, 2006, 09:22 PM
 
ADC memberships could include a trusted digital signature. Apple could create an API whereby code w/o a digital signature ran in a sandbox whereby damage could be limited and it would keep track of all the files an application installed and could thereby easily remove those files.

I think digital signatures will ultimately be required.

na
     
Banned
Join Date: Jun 2003
Status: Offline
Reply With Quote
Mar 6, 2006, 10:28 PM
 
Originally Posted by JKT
A malware writer could simply paste a proper preview on the icon or pretend it is a PSD document saved with a Preview to get around this.
True...but then people without pict previews would notice something wrong.

Anyways, digital signatures would kill the freeware market. Either slap a badge that fades in on cursor hover or make the app name bold as some people have said. That should be enough for a lot of people.

Of course...the other story I like to tell people is that the Finder just plain sucks and needs to die. No, not FTFF...it just needs to disappear off the face of the Earth and be replaced by per-app file browsing. That way, you're sure you'll only opening documents.

And here's another way of separating the apps from the docs so they're not in the same environment. Make a Finder that only sees docs. The doc environment should be fully Spotlight aware. That way, if the Finder could only show documents...any apps or executable script you download would never show up in the Finder.

The solution are almost endless...it's ridiculous that Apple is in love with the piece of **** Finder in OS X. A pox on the Finder team and Steve Jobs!
     
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Mar 7, 2006, 07:22 AM
 
Originally Posted by nagha
ADC memberships could include a trusted digital signature. Apple could create an API whereby code w/o a digital signature ran in a sandbox whereby damage could be limited and it would keep track of all the files an application installed and could thereby easily remove those files.
That certainly sounds like a viable solution when first read, nagha, but I have the same criticism of that scheme - all the applications currently available are unsigned, and treating them as second class citizens makes absolutely no sense. It could not possibly serve security interests if 95% of installed applications were flagged as potential security risks. If Apple even tried to implement your suggestion, there would also likely be lawsuits from a whole host of third party developers with existing applications now disadvantaged by being flagged as potential risks. The super-imposed badge system or info tooltip that I suggested seem to be the only viable routes to reduce the threat of malicious executables.

And Horsepoo!!, your "solution" to completely destory the Finder paradigm is a complete non-starter. It's even stupider and much more unlikely than Apple defecting to Intel.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 08:28 PM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2