Are You Sure You Want To Do That Which You Don't Understand?
Part of Apple's security paradigm is to ask the user before potentially dangerous actions are executed. This sounds nice, but it has a serious flaw: the users don't understand the questions or the proposed answers.
This cropped up recently when a user noted that Dashboard widgets can install and execute automatically from a web page. The question is asked: what about malicious widgets? Widgets can only execute certain actions -- like network access -- if they declare their intentions, and if they do, the user is asked something to the effect of, "Do you want to use this widget?" when it is run for the first time.
Me, if that window pops up when I haven't told the computer explicitly to install and run a widget, I'll say no. But most people won't. Most people don't understand what a widget is, why it might have been installed and run, and what might happen if they say yes, and what might happen if they say no.
Apple used the same "fix" for the running new applications for the first time when it is being run via a protocol handler or a file. "You've never run this application, are you sure you want to run it now?" Sure, why not?
The real fix there is to not ever launch an application for the first time -- ever -- unless explicitly run by a user action. That's not complicated. But Apple wants to be able to have applications, when they first appear on a new volume, registered with the system, register file and protocol handlers. But they shouldn't. That is the security problem itself.
Similarly, with Dashboard widgets, launching them in any way except through the Dashboard UI should simply be disallowed. You can install it by double-clicking, but not execute it. That would go a long way toward protecting ignorant users, which is most of them, probably including me and anyone else reading this, as there's a lot about these systems we don't know all that well.
This cropped up recently when a user noted that Dashboard widgets can install and execute automatically from a web page. The question is asked: what about malicious widgets? Widgets can only execute certain actions -- like network access -- if they declare their intentions, and if they do, the user is asked something to the effect of, "Do you want to use this widget?" when it is run for the first time.
Me, if that window pops up when I haven't told the computer explicitly to install and run a widget, I'll say no. But most people won't. Most people don't understand what a widget is, why it might have been installed and run, and what might happen if they say yes, and what might happen if they say no.
Apple used the same "fix" for the running new applications for the first time when it is being run via a protocol handler or a file. "You've never run this application, are you sure you want to run it now?" Sure, why not?
The real fix there is to not ever launch an application for the first time -- ever -- unless explicitly run by a user action. That's not complicated. But Apple wants to be able to have applications, when they first appear on a new volume, registered with the system, register file and protocol handlers. But they shouldn't. That is the security problem itself.
Similarly, with Dashboard widgets, launching them in any way except through the Dashboard UI should simply be disallowed. You can install it by double-clicking, but not execute it. That would go a long way toward protecting ignorant users, which is most of them, probably including me and anyone else reading this, as there's a lot about these systems we don't know all that well.
Leave a comment