Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Addresses URI Handler Issues

Posted by pudge on from the hooray dept.

das writes "Apple released Security Update 2004-06-07 via Software Update. From the brief description: 'Security Update 2004-06-07 delivers a number of security enhancements and is recommended for all Macintosh users. [...] Mac OS X will now present an approval alert when an application is to be run for the first time either by opening a document or clicking on a URL related to the application.'" This also fixes some related security problems with Terminal.app, Safari, and DiskImageMounter. No word in given regarding how the average user should know whether or not to approve the request.

7 of 106 comments (clear)

  1. Re:No word? by yotaku · · Score: 5, Insightful

    "On the other hand, if a user is innocently visiting a web site and a dialog box all of a sudden appears prompting the user to accept that *an application* be run, I think it's pretty clear that this handles the issue."

    Yes just like a windows user knows to say no to those ActiveX dialogs. I'm sorry but this does NOT solve the problem. Research shows that when a user is exposed to such a dialog they get confused and pick a random option.

    This is a fix for semi-intelligent computer users. It does not help the average user. If this really worked then no-one would still be installing Gator.

  2. Re:No word? by baur · · Score: 5, Insightful

    You think much more highly of the average user than I do.

    If you have that low an opinion of people, then you should realize that there is almost nothing that can be done to protect them. At some point, a user has to be allowed to run programes - and new ones at that. If not, then the computer is nearly useless.

    Social engineering is always possible. Heck, there are windows viruses that spread using a password protected zip file. That means that the user has to be convinced to download the file, open it, put in a password and then run the trojan. Sure, some people are dumb enough to go through all of that (the fact that its spreading at all is proof of that) - but how many hoops are reasonable to jump though to protect the user? At some point, the OS has to step back and let the user do what they want, or else they'll go use something that gives them more control.

  3. Change in text maybe? by wedding · · Score: 5, Insightful

    I like the idea, but couldn't the wording of the alert be simpler?

    Why not ask "The document you're opening is trying to open and run _____. If you don't want to do this, click CANCEL."

    The message makes sense to a geek, but I'm with an earlier poster, many users will just click OK out of confusion.

    1. Re:Change in text maybe? by justMichael · · Score: 5, Insightful
      The message makes sense to a geek, but I'm with an earlier poster, many users will just click OK out of confusion.
      While this is true in Windows, the dialogs are worded very poorly and usually only have OK CANCEL. The dialogs in OS X are usually worded in such a way as to make sense and the buttons usually have words on them directly related to what they do.

      Even in this example, Cancel Open, so you know even without reading the dialog that one button is going to open something and the other is going to cancel.

      Where as OK CANCEL is completely reliant on someone reading the dialog (not normally going to happen) or click OK and see what happens.

      The action you are trying to perform will destroy data and we have stopped it, do you wish to allow it to continue? OK CANCEL

      The action you are trying to perform will destroy data, do you want us to stop this from happening? OK CANCEL
  4. Dumb People... by wwvuillemot · · Score: 5, Interesting
    No word in given regarding how the average user should know whether or not to approve the request.

    What I do not understand is how you can completely eliminate danger from ill-formed people. The fact of the matter is that people are responsible for using computers. We can either have completely dumbed-down OS's (namely, companies such as Apple and M$ take complete responsibility for every sort of sescutiry isssue and to do so ensure they strict limit our use of their products to help mitigate their risk to such a godly -- and equally inane -- level of responsibility) or we accept the fact that the end-users have some responsibility, too. So how should the user know whether to accept or deny...read a book, google it up, or any other of a thousand ways people have spent millenia educating themselves...

    Granted, the dialog that Apple has implemented could include some more information, but it is certainly in the right direction. As I am away from a Mac for a week, I am not positive how the new system works. I am not sure if you can say "Always permit this URI..." or if permission is on a per session basis. If the latter that might become annoying...and it might be nice to say "Forever Accept/Deny" in those cases where I feel confident that I can/should do that. Having said that, the one thing that I'd like to see is a list of those apps/URIs I have granted/stripped permission to/from so I have better management over the system....esp. after I FUBAR and grant permission to EvilWare!

  5. Re:No word? by shendart · · Score: 5, Funny

    You forget that we're not talking about the average user, but rather the average APPLE user.

    Everyone knows that we're taller, more attractive, more aromatically enticing, (prone to verbose grammer), and more intelligent than the average computer user.

  6. Re:No word? by Lars+T. · · Score: 5, Insightful

    What happened to the Apple HIG mantra "Press Enter and the safe option will be activated"?

    --

    Lars T.

    To the guy who modded me down from perfect to terrible Karma - Apple haters still suck