RE: Sandboxing. WTF?
RE: Sandboxing. WTF?
- Subject: RE: Sandboxing. WTF?
- From: Shawn Bakhtiar <email@hidden>
- Date: Mon, 28 May 2012 17:30:22 -0400
- Importance: Normal
First off (as much as I agree with the sentiment) isn't WTF profanity?
Second, and more to the point of my sentiment, and I hope someone on the Apple development team is reading this, have you people gone absolutely mad!
This is MCP to the max!
Thankfully I write apps for custom in-house applications so no big deal to me, but even if I had too, why in God's name would I distro via the app store, when I can simply setup an old fashioned download on an e-commerce site for my app?!
Mark my words, to do this, will be the death of the App store. Users are fickle. make them irate and they WILL find a way around, and as several people have alluded to, user are notorious for clicking though (without reading or understanding) only to get what they want done. It's one thing to chroot an app on a server, where admins are the users, it's a WHOLE other idea to have no technical users dealing with app signing issues, et al...
Perhaps instead of creating M$ like controls that have you clicking senselessly and endlessly to get something done, Apple should take a lesson from history. in other words, how many Windows, Linux, etc, users actually get hacked via downloaded applications VS. going to some malicious website that uses OS/browser level vulnerabilities (how does sandboxing prevent, for example, flashback)? When 99% of all security breaches in companies are as a result of a disgruntled employee (from the inside), or sabotage (from the inside) what does sand-boxing REALLY prevent?
Nothing. It prevents nothing. It's nothing more then a warm fuzzy feeling, that actually makes things worse, because people start believing the hype, and relying on it as a method of security. So users become dumber, and take more risky action which then continues an ever tightening cycle (noose around the OS neck) of security, then one day, you go to log into your iMac and it asks for a blood sample.
Boycott the App store I say, until Apple comes to its senses.
> Subject: Re: Sandboxing. WTF?
> From: email@hidden
> Date: Mon, 28 May 2012 13:17:21 +0200
> To: email@hidden
> CC: email@hidden
>
>
> On 28 May 2012, at 07:58, Quincey Morris wrote:
>
> > On May 27, 2012, at 22:40 , Graham Cox wrote:
> >
> >> People will always click "Allow" if it gives them an easy life.
>
> > I don't know of any solution to that, though I guess asking is better than not being forced to ask. Perhaps the app store review process takes note (or will take note) of such dialogs with the user, and rejects apps that seem to be asking for something egregious?
> >
>
> The obvious solution to that problem, then, is to rebrand users as malware too, and restrict their access to the system accordingly. :)
>
> It is striking that the source for apps Apple has the most control over (the App Store), imposes the most fine-grained restrictions, whereas non-App Store apps is/will be, able to get away with mere code-signing.
> If sandboxing is meant to secure the user, as you suggest, by treating "garden variety" apps as malware, and relying on the user to grant privileges to user data, it seems counter-productive to rely on those restrictions for App Store-apps, which will be considered intrinsically trust-worthy by most users. As you point out, software can be malicious entirely within the remit of its intended functionality.
> Rather, I think, sandboxing exists to limit the impact of malicious code manipulating the ObjC-runtime environment, and to limit Apple's liability (legal and perceived) for attacks against apps it distributes.
>
> Mikkel
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden