Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unsanity Developer Comes to APE's Defense

Posted by pudge on from the kill-teletubby-smash dept.

beelsebob writes "Rosyna, the famously tellytubby-like Unsanity Developer has spoken out in the defense of their Application Enhancer (APE) framework. The framework has taken a beating since it came out, being accused of being spyware, or of crashing computers. In fact Unsanity have only received one bug report about APE itself, which was promptly fixed. The article is a very good defence of the product, and a very good read."

6 of 138 comments (clear)

  1. Re:Extensions for Mac OS X by MoneyT · · Score: 5, Funny

    I mean, really, anything that makes the computer, at any level, unstable is not worth using.

    So can I take this to mean the only thing you're running on your computer is a hand coded BIOS that you have personaly coded to ensure that there is no possible way it could cause a crash?

    --
    T Money
    World Domination with a plastic spoon since 1984
  2. Re:tel{e,ly}tubby-like whaaaa? by Meowing · · Score: 5, Informative

    I don't know what that's about, Rosyna looks pretty ordinary to me....

  3. Re:Extensions for Mac OS X by moof1138 · · Score: 5, Interesting

    Interesting that you bring up protected memory. In a way APE defeats the purpose of protected memory since it injects code into every running application. Here is the scary part about what that means - once someone has APE running all haxies can poke around anywhere they want in any running apps memory space, so they can know every application password used, they can read anything out of your keychain that an app is allowed to read prompting you on behalf of the app for the keychain password, and so on. APE is a serious security nightmare. I have no reason to think that this has been exploited as yet, but installing APE opens the door for the abuse, especially if you are running closed-source haxies.

    While there are no known cases of APE based spyware at this point, APE could potentially be exploited a very effective vector for spyware (and viruses).

    --

    Hyperbole is the worst thing ever.
  4. Flack about the URL handler exploits by SailfishMac · · Score: 5, Informative

    A lot of this came about because of the rash of URL handler exploits in Mac OS X recently.

    In the mad rush to secure Mac OS X, two groups emerged. The Paranoid Android (based upon APE) and the RCDefault/More Internet side.

    Unsanity (makers of PA) had a incomplete product at first that could not keep up with the rapid new discoveries. It was designed to check the URL handlers for you for suspicious behavior, problem was it didn't cover all the URL handlers.

    v 1.1 was no good and finally unsanity came out with v 1.2 which covered them better.

    Now on the other side of the camp is the RCDefaultApp and More internet crowd, which schooled people to turn off/reassign the URL handlers themselves with a very easy to use program.

    Their argument was that one didn't need to install a "haxie" (in their own words) "injects code in all your programs" &

    "they do their thing by violating the boundaries of protected memory."

    http://daringfireball.net/2004/05/help_viewer_secu rity_update

    Either way, I'm glad the Mac community turned out in force to solve these problems in a jiffy, Apple should be ashamed of themselves, being warned over 4 months ago about them.

    If using Paranoid Android was the only option to prevent these exploits, I'm sure everyone would be happy using it. But it seems to me just disabling the URL handlers manually until needed or reassigning would have been a better option.

    I'm glad we had a choice, so kudos to both and thanks.

  5. A lot of people are missing the point, here. by g_lightyear · · Score: 5, Insightful

    If you don't like it, don't use it. Plain and simple.

    Some of us, for example, route audio from different applications to different places; when I play music or games, it comes out through my audio system and the amplified speakers - when an e-mail dings at me, it comes out through an internal speaker.

    Haxies like Detour, which provide real, interesting function, which is useful for any pro-audio guy with a lot of very loud audio hardware that you don't want system beeps playing over, is fundamentally interesting - moreso if you've got more than one set of audio outputs.

    So, before people go off badmouthing how awful it is, they should think twice: that same code injection technology enables everything from Shapeshifter to reskin your UI to useful functions like being able to reroute your audio away or into your pro-audio equipment on an application-by-application basis.

    In other words: despite everyone's nasty opinions, it provides a useful service to those of us with unusual requirements of our systems.

    --
    -- A mind is a terrible thing.
  6. AbiWord, Firefox, TextSoap crash only with APE by ankhank · · Score: 5, Interesting

    I tried Paranoid Android 1.2; accumulated immediate crashes from AbiWord and TextSoap, when doing anything involving a large block of text between them, whether by drag'n'drop or copy/paste.

    Removed APE, rebooted, problem gone.

    Reported to developer.

    Last time I tried APE, a year ago, similar problems persisted til I removed it. Reported it then too.