All the Perl that's Practical to Extract and Report
use Perl Log In
pudge (1)
(email not shown publicly)
http://pudge.net/
AOL IM: Crimethnk (Add Buddy, Send Message)
I run this joint, see?
Are You Sure You Want To Do That Which You Don't Understand?
Part of Apple's security paradigm is to ask the user before potentially dangerous actions are executed. This sounds nice, but it has a serious flaw: the users don't understand the questions or the proposed answers.
This cropped up recently when a user noted that Dashboard widgets can install and execute automatically from a web page. The question is asked: what about malicious widgets? Widgets can only execute certain actions -- like network access -- if they declare their intentions, and if they do, the user is asked something to the effect of, "Do you want to use this widget?" when it is run for the first time.
Me, if that window pops up when I haven't told the computer explicitly to install and run a widget, I'll say no. But most people won't. Most people don't understand what a widget is, why it might have been installed and run, and what might happen if they say yes, and what might happen if they say no.
Apple used the same "fix" for the running new applications for the first time when it is being run via a protocol handler or a file. "You've never run this application, are you sure you want to run it now?" Sure, why not?
The real fix there is to not ever launch an application for the first time -- ever -- unless explicitly run by a user action. That's not complicated. But Apple wants to be able to have applications, when they first appear on a new volume, registered with the system, register file and protocol handlers. But they shouldn't. That is the security problem itself.
Similarly, with Dashboard widgets, launching them in any way except through the Dashboard UI should simply be disallowed. You can install it by double-clicking, but not execute it. That would go a long way toward protecting ignorant users, which is most of them, probably including me and anyone else reading this, as there's a lot about these systems we don't know all that well.
--Larry Wall
Ignorant admins (Score:1)
My hero would be someone who comes up with a way to give people enough control to make them happy, while still making it hard for them to fall prey to malware. I don't think it's possible, though.
Re:Ignorant admins (Score:1)
Even though that might be the case sometimes, I'm pretty sure many users out there are interested, but just don't have what it takes, which includes resources (somebody teaching them, perhaps), sufficient knowledge to support what they're about to learn, etc.
Actually, I don't even think some of them would understand the concept of having "control over the machine"... many of them think they already have it :-
Design habit. (Score:1)
The discussion came out of the installer asking questions like "I've found a different version of FOO.DLL, would you like to replace it?". Grandma isn't going to understand that. Even someone with experience might not be sure how to answer that. (If
Training wheels don't help much (Score:1)
Just yesterday on my Mac, Norton AntiVirus said something meaningfull like "Virus updated fail