"No application that displays untrusted content should EVER have an option to open files automatically after downloading."
Referring to the Safari "Open Safe Files After Downloading" option and similar mechanism to open files outside the application's own sandbox in other programs.
You still need to navigate to this file with the finder (Safari provides a shortcut in the download manager) and then double click on the script.
Thank you for clearing that up.
In that case, this is a minor problem.
There have been "open safe files" exploits devised in the past, though, and there will unquestionably be some actually exploited in the future.
If you click a link to download something, then Safari warns you with a dialogue that it is an executable and asks if you still wish to download it. Then it asks you if you want it to be automatically installed in the proper location.
The first of those dialog boxes trains people to answer "yes" to these questions.
The second makes it possible to exploit that training.
Two "yes/no" dialog boxes is not significantly better than one "yes/no" dialog box.
It would be far better for Safari to simply download the file and leave it sitting in the download manager, with appropriate indication of its content, without confronting the user with a "yes/no - respond now" dialog.
Sure, but how is an OS supposed to stop you from doing that if you're an idiot?
It's not, but it's not supposed to encourage it either.
I feel much better letting friends check their e-mail and things on my computer knowing that I can just fast user switch them over to another account and they can't do any real damage.
They can unwittingly leave a background botnet relay running, turning your computer into a virus distribution center and DDoS slave every time they use it.
There are plenty of instances when it is expected and appropriate for a program to download and then automatically display/execute the content of that download.
The option I'm talking about, "Open safe files after downloading", does not apply to any of those cases. And you know that.
Then why did you explicitly mention Dashboard which already asks the user if they would like it to install the file for them?
If the user has explicitly requested that the file be run, locally... rather than having that execution happen automatically without anything but simple dialog boxes after the link is clicked... it doesn't matter whether it's an application, a Dashboard widget, a screen saver, the user has explicitly requested execution, rather than simply allowed it to happen.
Now, going back a few messages, you said Safari doesn't automatically run the file. Do you mean that Safari leaves the file in place and you have to explicitly navigate to and open it in Finder, or that Safari gives you a dialog box before calling Finder, which then gives you another dialog box?
You can't really blame the OS for the sins of third party apps though.
I'm not blaming the OS, I'm blaming the dialog boxes. Plus... does Safari/Finder actually force you to open the file manually, or does it just give you two dialog boxes instead of one?
if you run stupid software it prevents the damage from spreading beyond your account
Man, I've been a UNIX guy since I worked on 4.1C at Berkeley in the early '80s, and I wish Windows had better security around Administrator as well, but that's just silly. The only things on my computer I care about damaging are in my account, AND there's more than enough places for a virus to hide in ~/Library that, well, I guess it's a good thing that the author of this program wasn't more clear-headed.
Re:You own a Mac MINI ?!? I'm so confused...
on
OSx86 Cracked Again
·
· Score: 1
Yeh, I know it's a shared memory system, but it's got its own hypertransport link so it's more like another core than shared memory over AGP.
And the difference in GPU-addressible memory is MUCH more important than the difference in GPU clock. 32M of VRAM is just not enough these days.
Plus, of course, if that's just too nasty for you, I can get a real 9200 with 128M of RAM for under $40, and that really does make a difference.
The user first has to request that the file be downloaded, then Safari will ask if the user would like to open it, then the app is decompressed and launched, then the Finder alerts them that this is a new app being run and asks for verification to do so, then the app asks for the user's password, then the app is executed.
Aha, so the people saying it's not a dialog box are being misleading.
It's two dialog boxes.
It doesn't matter if it was three dialog boxes, it's the same reflex action. In fact in more recent versions of Internet Explorer you do get multiple dialog boxes that have to be OKed for some files, and people do repeatedly check yes. Because 99.9% of the time "yes" is the normal response, and an unexpected "yes" is no different.
How would it be better if Safari just dumped the downloaded file into the user's download directory so they had to go double-click it from there to start the same sequence of events?
Fewer would get caught once. Almost none would get caught twice. This is what I've observed with hundreds of users over the... 8 years now since Microsoft introduced this kind of misbehaviour with Active Desktop.
It doesn't matter how many levels of "OK" are involved. Clicking on a link is routine, clicking the "OK" that comes up after many links are clicked on is routine. Having any kind of break in the pattern between downloading and explicitly opening a jpg file instead of having it just show up in the browser? That's an exception.
If people can not open files when they want to, they will favor a system that does.
There's an awful lot of people using Firefox and other Mozilla-based browsers that have this option turned off by default, and provide a more convenient download manager to provide the capability.
Perhaps it should open in a sandbox
The files that can be opened in a sandbox are opened in a sandbox. The browser itself. "Open Safe Files" opens those files that require an external program, outside the sandbox.
Wow, that is going to make Web browsing really suck when I have to download the HTML file and all the images and then open them by hand.
Har bloody har.
At least by auto placing them (with an appropriate dialogue confirmation) the files go in the right place and users aren't accustomed to having to move some random file to some random location to get things to work, which is a lot more dangerous than moving executables to a properly insulated sandbox.
Where did I say that they would have to manually move a file to some random location? I said that they shouldn't do it automatically on download without an explicit request from the user. Navigating to the file in Finder or running it from a download manager counts as a request to run what's in that file.
in this particular case auto-running content is not exploited anyway
Not in Safari, anyway. It seems that AIM is less cautious.
Safari will warn you when you download it that it's an app, then you'll have to go and open it yourself, manually.
OK, that's one point in Safari's favor, and people who are infected by this through Safari won't make that mistake again. There have, however, been other attacks that did meerly present a dialog box, and there will be more in the future as more holes in applications that register with LaunchServices are found.
What about AIM? What interface does it present? A dialog box?
even after educating the users, significant portion still wanted it as a feature.
Did you give them the option of a proper download manager (either as part of the application, as in the Mozilla family browsers, or in another program like the BeOS Tracker) or did you give them the two extremes?
Did you pick users who had not previously used either interface, or did they just prefer what they were used to?
Unless the answers are "yes" and "yes", your survey is worthless.
Re:You own a Mac MINI ?!? I'm so confused...
on
OSx86 Cracked Again
·
· Score: 1
when someone says something is unexceptional and overpriced, I usually think it means they don't like it and that well, it's so overpriced you should buy something else.
Indeed. The hardware is unexceptional and overpriced. I don't like it, and I would rather buy something else and pay the "Mac Tax" directly on the OS... I realise the "Mac Tax" is the price I pay for the software, I just don't care for how it's collected.
You said you wanted Apple to sell differently-priced single and multiple CPU versions of OS X for Intel.
No, I said that's a way that Apple could use to collect the "Mac Tax". It's the one that would have the minimum impact on their current product lines. I don't really care how they do it, the whole point was to show how they could do it with minimum disruption. I have also suggested 2-core and 4-core as another workable split.
But, really, if you buy a single processor Mac (say an iMac G5) today, and want to upgrade to a multiprocessor Mac (say, an iMac Core Duo) tomorrow, even if you get a good price reselling your iMac you'll end up paying more "Mac Tax" than you would selling your single-CPU copy of Tiger and buying a dual-CPU copy instead.
And that's assuming the worst case, that the single-CPU version couldn't be used for an upgrade.
You clearly haven't experienced the joy that is one of those $300 PCs with on-board Intel shared-memory video
I don't have to. Unlike the Mac mini, those PCs can be upgraded.
And, yes, I really do mean $300. Less, now, probably... that $300 was what I came up with when I bought my mini a year ago.
OK, I just went to HP's website, and found one for $300 before rebate with a 1.8 GHz Sempron and a Radeon X300 chipset on the motherboard. Applying the mail-in rebate to a RAM upgrade brought it up to 512M, though when I bought my mini that was extra price. That's a better system than my Windows "game machine" (all it runs is games... I don't trust Windows with anything that matters), and THAT has significantly better performance across the board than my mini.
After all you've said and your attitude towards Apple hardware, you're the one of the two of us who owns a Mac mini.
As I said, I don't like the way Apple collects the "Mac Tax", but I don't have any alternative but to render unto Steve the things that are Steve's.
How is there added security by making the user do that additional work?
Nobody goes and finds a downloaded file and opens it by reflex. It's a deliberate and deferred action. Even from programs with a download manager, it's not something that easily triggers a reflex.
Like I said, I have never had one of my users come to me and say "I did it again, Peter, I've downloaded a file to my desktop and opened it and I've got a virus." I've had people do that once, but never twice. I've had users come to me multiple times saying they'd clicked on the "OK" button again, because they click on that button so many times that it's meaningless.
This is the real world, not some Microsoft sponsored study that presented a false choice between two extreme alternatives. There's lots of better ways to make the job easier on the user without encouraging dangerous habits.
Firefox and Camino give you a better alternative than either option, a download manager that works well, letting you see the files you've downloaded and from there show them in Finder or open them, without having to hunt through anything.
even then the Finder will alert you to a new executable being run and require your password to do so
Um, it will only do that if the guy who wrote the malware is naive. There are so many ways to hide stuff without having privileges that there's no point asking for them.
Do you work for Sophos or something?
Hardly. Sophos answer to the problem is "buy our expensive crap". My answer is "change your behaviour". Antivirus software is a protection racket. I don't use it and I haven't had a virus on any of my personal computers since 1988.
People don't want that, and they would rather take the risk...
You can't actually say that people want it. People are not presented with the choice. The browser shows up, and it works that way, and they get used to clicking OK because that's just the way it works. Even if there's an option to turn it off, it's on by default.
Most people don't even wonder if it might not actually be easier if they get downloads as packages in their mailbox instead of "OMG the computer's asking me a question gotta DO something", because they're too used to doing things the way the computer wants.
The current situation is like, oh, imagine if the postman showed up and refused to go away until you actually opened every envelope and inspected the contents, and took away the ones you didn't want to open. Do you really think people would prefer that to just picking up their mail and sorting through it at their convenience?
People have been trained to do things the way the programmer thought they should. That's the real failure.
"What really matters is the business value you provide and how much you can provide IT value to the organizations,"
So far, my experience with SAP is pretty unpleasant. Its only goal seems to be to force every end-user to spend as much time as possible negotiating its obscure interface through undocumented and inconsistent dialogs and menus, rather than doing actual productive work.
After using SAP for a year I would personally rather go back to doing my timecard, purchase orders, and expenses on the back of a shovel using charcoal and calling it in to a Tourette-afflicted trained chimp via a tin can telephone.
God Damn that's broken software. I'm having a hard time saying if it's actually worse than Lotus Notes, but if not they're tied for last place.
Malware doesn't need privileged access to find a hiding place.
When I was at Berkeley in 1978 people were already putting trap files in their home directories to catch people snooping around and do nasty stuff to the intruder's accounts, including hiding backdoors in their login scripts... and this was on Version 6 UNIX, a system so primitive the shell didn't even have native flow control built in.
Restricting the scope of malware by restricting user privileges is great, it gives you an easier recovery path, but it's not a panacea.
Re:Time to get into the habit of read-only filesys
on
First Mac OS X Virus?
·
· Score: 1
I wonder if it would make sense for MacOSX (And user-oriented Linux distributions?) to keep all binaries and libraries etc. (i.e. not/home) normally read-only (unless you are in the middle of uninstalling/upgrading of course).
They do. Normal users have no write access to system directories, the installation process runs as a privileged user that has write access. The thing is, you don't need write access to system directories to launch malware, or have it auto-executed when you log in... there's plenty of places for it to hide in your home directory in any system...
No application that displays untrusted content should EVER have an option to open files automatically after downloading. No matter whether it thinks they're safe or not. No matter whether you pop up an "I'M ABOUT TO DO A STUPID THING, IS THIS OK?" dialog first. Don't do the stupid thing.
Downloaded files should be dropped in the user's download folder, and left there for the user to take care of or not at their leisure.
CDROMs and USB keys and other external storage should be mounted, and made available to the user, but NEVER EVER auto-run.
Files outside specific "application" or "plugin" locations should never be considered as potential handlers for content, and there must be no mechanism to move files to these locations without an EXPLICIT request by the user.
(yes, that means no auto-installing Dashboard plugins or Firefox extensions... and of course ActiveX is beyond the pale)
I've been trying to make this point to developers and software publishers for at least seven years now, but they're all following Microsoft like lemmings. I've sent in bug reports, suggestions, and made personal requests to people at Apple asking them to back away from the edge before they go over. But... no...
Apple: I TOLD YOU SO.
Everyone else: TURN OFF OPEN SAFE FILES AFTER DOWNLOADING. DON'T USE APPLICATIONS THAT DON'T LET YOU DISABLE AUTO EXECUTE. That means Internet Explorer, Outlook, AIM, anything else that will run untrusted content without you explicitly pointing at a file and saying "OK, I've downloaded this, run it".
This is not a security hole in the OS, this is a social engineering attack, just like every previous "first OS X virus" has been.
Social engineering works, BUT for most people it doesn't work very often. Once is usually enough... UNLESS the system trains them to click "OK" when presented with a security dialog. If you can keep it from working a second time, you'll kill this kind of attack dead.
I've had the same people come to me many times and say "Peter, I think I have a virus, I clicked 'OK' again". I've never had someone come to me and say "Peter, I saved a file and opened it and I think I have a virus" more than once. Because when you download a file, there's no urgency, you don't have to decide RIGHT THEN whether to go on with it. You can stop and wait, and no reflex loop develops. And that pause, even if it's brief, is more than enough for most people to get out of the "open everything anyway" habit.
In Safari, TURN OFF "OPEN SAFE FILES AFTER DOWNLOAD". There are NO "safe" files that are guaranteed to be safe.
In instant messaging, don't use an application that doesn't give you the ability to completely disable automatic execution (with or without a dialog) of downloaded files.
Back when social engineering was the virus vector, and you had to actually save a file to disk and open it as a separate action, viruses spread slowly. When Microsoft integrated IE and the desktop and allowed automatic execution of untrusted content, THAT is when they took off. And the biggest problem with Microsoft setting such a low bar is that people accept a slightly higher bar (a dialog box) as OK, EVEN WHEN THAT IS PROVEN INADEQUATE.
Users: Don't automatically open files.
ALWAYS save them to disk, and run them by hand, later.
Developers: Don't give users an option to bypass this step.
Re:Don't be so dismissive of generic hardware.
on
OSx86 Cracked Again
·
· Score: 1
the Gateway [...] when outfitted with a similar set of features ( and a web cam ) and software
That's using "category 1" logic: upgrade the PC to match the feature set of the Mac. I'm surprised you didn't manage to make the Gateway cost even more than the Mac that way.
your attitude towards the software costs is key here
Um, you haven't read for comprehension. I said that the software is what makes the more expensive hardware worth it to me.
what's the price of a full Visual Studio suite?
See, this is the thing: you have to count the hardware and software separately because while the difference in people's hardware needs is significant, it's utterly dwarfed by the difference in their software needs. For example, to me the value of a Visual Studio suite is approximately zero, since I can compile all the "Windows" software I want for free using the GCC bundled with Interix... on the other hand, OS X is easily worth the $300 I suggested. To someone else, the ability to run Windows game software dwarfs all the advantages of OS X so you have to add the cost of SoftWindows (once it's available and solid) to the Mac.
When I say the Mac hardware is unexceptional and overpriced, that doesn't mean I think the whole system is overpriced, nor that I'm dismissing the value of the software. It merely means that this price difference is a measure of what Apple will be able to charge for a generic OS X... because that's what they're charging for it right now.
when I upgrade my motherboard, I'd like to not have to buy a new version of the OS, thanks
Where have I suggested that you should be forced to do that?
The upgrade version of the OS would work on a genuine Mac, or on a generic PC if you have a full version of the software it can check against. There's no reason to invoke something that's, well, even nastier than Microsoft's latest measures... let alone their practices for most of their product life.
You *like* the beige PowerMac G3 cases? And dislike the G5 PowerMac case ? Either you're thinking of different machines than the ones I've worked on
Or you're thinking of the early minitowers.
The Beige G3 has a similar design to the B&W G3, except that the drive cage rather than the motherboard pivots. You remove two clips, and the whole drive cage pivots up and gives you full access to the motherboard and RAM. The PCI slots and drive bays can be reached just by removing the cover, and despite being smaller than the Powermac G5 it has more drive bays and more PCI slots.
I haven't worked on the G3 minitower, just the early pre-G3 minitowers. THOSE are awful.
The NeXT Slab I was comparing with the Mac mini. Surely you wouldn't call the slab less expandable than that?
here I thought I was clearly asking you about Intel PC hardware.
Sorry, I misunderstood. I haven't bought any really nice generic PC cases, but (as I already mentioned in a previous message) a lot of the later Compaq Deskpros were very nice. They have one that's about the size of two small Dominos Pizza boxes stacked on top of each other that has as many PCI slots and drive bays as the Powermac G5, and after removing the cover (by flipping two heavy-duty clips and sliding it forward) everything inside just pivots outwards. You have to unclip two cables before flipping up the drive cage, but one the other hand the whole PCI daughterboard comes cleanly out allowing you easy access to the cards without reaching in anywhere.
I'd love a desktop Mac with the same design.
either you buy the claim that the superior video, form factor, and software of the Mac mini are worth the price
Superior video?
A Radeon 9200?
A Radeon 9200 with only 32M in the PC world would be the absolute bottom of the line... I don't think you can even buy one that poorly equipped. You can get one with 128M for under $40, and I would love to have that in my Mac mini.
The form factor is nice, but I'd rather have a 3.5" drive bay.
The software, as I said, is what makes the unexciting hardware worth it.
It's obviously a y2k problem, Slashdot got reset to 1906 at the beginning of the year and it's taking them a while to catch up.
Maybe when they get to 1982 they can slip Jobs a word about giving the Lisa a miss?
PS: that's "Bolshevik".
Re:Don't be so dismissive of generic hardware.
on
OSx86 Cracked Again
·
· Score: 1
I'm going to have to remember which verision of the OS I bought and be sure not to cripple a new machine with the wrong version?
If you bought a Macintosh, no.
If you bought a generic Intel PC, yes, but you already said you don't want to do that. So why would you care, it wouldn't effect you.
care to show a carefully matched example of a cheaper, equal, competing system from Dell ?
Nope. I've done those comparisons in the past, and they always come down to the Mac guy saying 'the mac's got a brighter screen/firewire/... so you didn't do an equal comparison'. There's basically four ways this can go:
1. We take EXACTLY the specs of the Mac, put together a non-Mac that includes EXACTLY the same features, and ignore the value of the feature that the non-Mac has but the Mac doesn't (like a larger screen). That gives you a comparable price, but more features on the non-Mac side. This is the Apple fan's approach.
2. We take EXACTLY the specs of some non-Mac, put together a Mac that includes all those features, and ignore the value of the features the Mac has that the PC doesn't (like, say, Firewire). That gives you a vastly inflated Mac that's far more feature-laden than the PC. This is the Apple hater's approach.
3. We make up a set of specs and come up with a Mac and a PC that fit those specs, and ignore the features not in the specs. The PC is always cheaper, but less so than in #2. This is the approach that best fits the "cost to the typical consumer", because they rarely have a need for EXACTLY the features on any given box.
4. We pick the machines and then add or subtract virtual dollors for the value of the rough edges to get a "comparable price" machine. Again, the PC is always cheaper. This one is the best approach to figuring Apple's likely profit margins.
I can do #3 or #4, but I'm not going to, because it just leads to an endless flame war.
The bottom line is, I can get a Windows-based laptop that _apart from the fact that it's running Windows_ meets my needs for less than I can get a Mac laptop that suits my needs. That's the only definition of cost that makes sense for me, and for me (and for most people) that makes the Windows-based solution cheaper.
Maybe a couple hundred bucks more, if you don't need any software.
Glad you agree after all. That's why I proposed making the generic version of OS X a few hundred dollars more.
Not to mention that "a few hundred dollars" doesn't seem much on a $2000 laptop, but it's a really big deal when it's the difference between a $700 laptop and a $1000 iBook, or between a $300 PC and a $500 Mac mini.
want to point us to a link of a case design you *do* like?
I've already mentioned some, you want me to recap?
The Powermac G3 (both the beige and the blue-and-white) and G4 cases were pretty good, smaller and more versatile than the G5. There's a bunch of good PC cases built along similar lines. The Sparcstation and NeXT slabs and the Performa 475 would make good desktop G5 designs.
don't buy an Apple if you don't like their hardware designs
I'd love to, but the only way to buy the software I want is to put up with the style-over-substance hardware bundled with it.
So - is there anyone who is for OS X on generic PC hardware *and* for the GPL?
I'm for OS X on generic PC hardware, but I want it from Apple. I don't care if it costs more than Windows XP Pro (and it would have to for Apple to retain their profit levels).
I'm against the GPL, and release my own software under the BSDL because I want the people who use my software to have the maximum flexibility. I'm glad I'm not the only one who thinks this way, because otherwise OS X wouldn't exist.
So, I guess I qualify as "yes and no" on your poll, but not the way you meant it.:)
"No application that displays untrusted content should EVER have an option to open files automatically after downloading."
Referring to the Safari "Open Safe Files After Downloading" option and similar mechanism to open files outside the application's own sandbox in other programs.
You still need to navigate to this file with the finder (Safari provides a shortcut in the download manager) and then double click on the script.
Thank you for clearing that up.
In that case, this is a minor problem.
There have been "open safe files" exploits devised in the past, though, and there will unquestionably be some actually exploited in the future.
If you click a link to download something, then Safari warns you with a dialogue that it is an executable and asks if you still wish to download it. Then it asks you if you want it to be automatically installed in the proper location.
The first of those dialog boxes trains people to answer "yes" to these questions.
The second makes it possible to exploit that training.
Two "yes/no" dialog boxes is not significantly better than one "yes/no" dialog box.
It would be far better for Safari to simply download the file and leave it sitting in the download manager, with appropriate indication of its content, without confronting the user with a "yes/no - respond now" dialog.
Sure, but how is an OS supposed to stop you from doing that if you're an idiot?
It's not, but it's not supposed to encourage it either.
I feel much better letting friends check their e-mail and things on my computer knowing that I can just fast user switch them over to another account and they can't do any real damage.
They can unwittingly leave a background botnet relay running, turning your computer into a virus distribution center and DDoS slave every time they use it.
There are plenty of instances when it is expected and appropriate for a program to download and then automatically display/execute the content of that download.
The option I'm talking about, "Open safe files after downloading", does not apply to any of those cases. And you know that.
Then why did you explicitly mention Dashboard which already asks the user if they would like it to install the file for them?
If the user has explicitly requested that the file be run, locally... rather than having that execution happen automatically without anything but simple dialog boxes after the link is clicked... it doesn't matter whether it's an application, a Dashboard widget, a screen saver, the user has explicitly requested execution, rather than simply allowed it to happen.
Now, going back a few messages, you said Safari doesn't automatically run the file. Do you mean that Safari leaves the file in place and you have to explicitly navigate to and open it in Finder, or that Safari gives you a dialog box before calling Finder, which then gives you another dialog box?
You can't really blame the OS for the sins of third party apps though.
I'm not blaming the OS, I'm blaming the dialog boxes. Plus... does Safari/Finder actually force you to open the file manually, or does it just give you two dialog boxes instead of one?
if you run stupid software it prevents the damage from spreading beyond your account
Man, I've been a UNIX guy since I worked on 4.1C at Berkeley in the early '80s, and I wish Windows had better security around Administrator as well, but that's just silly. The only things on my computer I care about damaging are in my account, AND there's more than enough places for a virus to hide in ~/Library that, well, I guess it's a good thing that the author of this program wasn't more clear-headed.
Yeh, I know it's a shared memory system, but it's got its own hypertransport link so it's more like another core than shared memory over AGP.
And the difference in GPU-addressible memory is MUCH more important than the difference in GPU clock. 32M of VRAM is just not enough these days.
Plus, of course, if that's just too nasty for you, I can get a real 9200 with 128M of RAM for under $40, and that really does make a difference.
The user first has to request that the file be downloaded, then Safari will ask if the user would like to open it, then the app is decompressed and launched, then the Finder alerts them that this is a new app being run and asks for verification to do so, then the app asks for the user's password, then the app is executed.
... 8 years now since Microsoft introduced this kind of misbehaviour with Active Desktop.
Aha, so the people saying it's not a dialog box are being misleading.
It's two dialog boxes.
It doesn't matter if it was three dialog boxes, it's the same reflex action. In fact in more recent versions of Internet Explorer you do get multiple dialog boxes that have to be OKed for some files, and people do repeatedly check yes. Because 99.9% of the time "yes" is the normal response, and an unexpected "yes" is no different.
How would it be better if Safari just dumped the downloaded file into the user's download directory so they had to go double-click it from there to start the same sequence of events?
Fewer would get caught once. Almost none would get caught twice. This is what I've observed with hundreds of users over the
It doesn't matter how many levels of "OK" are involved. Clicking on a link is routine, clicking the "OK" that comes up after many links are clicked on is routine. Having any kind of break in the pattern between downloading and explicitly opening a jpg file instead of having it just show up in the browser? That's an exception.
It makes a real difference
If people can not open files when they want to, they will favor a system that does.
There's an awful lot of people using Firefox and other Mozilla-based browsers that have this option turned off by default, and provide a more convenient download manager to provide the capability.
Perhaps it should open in a sandbox
The files that can be opened in a sandbox are opened in a sandbox. The browser itself. "Open Safe Files" opens those files that require an external program, outside the sandbox.
Wow, that is going to make Web browsing really suck when I have to download the HTML file and all the images and then open them by hand.
Har bloody har.
At least by auto placing them (with an appropriate dialogue confirmation) the files go in the right place and users aren't accustomed to having to move some random file to some random location to get things to work, which is a lot more dangerous than moving executables to a properly insulated sandbox.
Where did I say that they would have to manually move a file to some random location? I said that they shouldn't do it automatically on download without an explicit request from the user. Navigating to the file in Finder or running it from a download manager counts as a request to run what's in that file.
in this particular case auto-running content is not exploited anyway
Not in Safari, anyway. It seems that AIM is less cautious.
Safari will warn you when you download it that it's an app, then you'll have to go and open it yourself, manually.
OK, that's one point in Safari's favor, and people who are infected by this through Safari won't make that mistake again. There have, however, been other attacks that did meerly present a dialog box, and there will be more in the future as more holes in applications that register with LaunchServices are found.
What about AIM? What interface does it present? A dialog box?
even after educating the users, significant portion still wanted it as a feature.
Did you give them the option of a proper download manager (either as part of the application, as in the Mozilla family browsers, or in another program like the BeOS Tracker) or did you give them the two extremes?
Did you pick users who had not previously used either interface, or did they just prefer what they were used to?
Unless the answers are "yes" and "yes", your survey is worthless.
when someone says something is unexceptional and overpriced, I usually think it means they don't like it and that well, it's so overpriced you should buy something else.
Indeed. The hardware is unexceptional and overpriced. I don't like it, and I would rather buy something else and pay the "Mac Tax" directly on the OS... I realise the "Mac Tax" is the price I pay for the software, I just don't care for how it's collected.
You said you wanted Apple to sell differently-priced single and multiple CPU versions of OS X for Intel.
No, I said that's a way that Apple could use to collect the "Mac Tax". It's the one that would have the minimum impact on their current product lines. I don't really care how they do it, the whole point was to show how they could do it with minimum disruption. I have also suggested 2-core and 4-core as another workable split.
But, really, if you buy a single processor Mac (say an iMac G5) today, and want to upgrade to a multiprocessor Mac (say, an iMac Core Duo) tomorrow, even if you get a good price reselling your iMac you'll end up paying more "Mac Tax" than you would selling your single-CPU copy of Tiger and buying a dual-CPU copy instead.
And that's assuming the worst case, that the single-CPU version couldn't be used for an upgrade.
You clearly haven't experienced the joy that is one of those $300 PCs with on-board Intel shared-memory video
I don't have to. Unlike the Mac mini, those PCs can be upgraded.
And, yes, I really do mean $300. Less, now, probably... that $300 was what I came up with when I bought my mini a year ago.
OK, I just went to HP's website, and found one for $300 before rebate with a 1.8 GHz Sempron and a Radeon X300 chipset on the motherboard. Applying the mail-in rebate to a RAM upgrade brought it up to 512M, though when I bought my mini that was extra price. That's a better system than my Windows "game machine" (all it runs is games... I don't trust Windows with anything that matters), and THAT has significantly better performance across the board than my mini.
After all you've said and your attitude towards Apple hardware, you're the one of the two of us who owns a Mac mini.
As I said, I don't like the way Apple collects the "Mac Tax", but I don't have any alternative but to render unto Steve the things that are Steve's.
How is there added security by making the user do that additional work?
Nobody goes and finds a downloaded file and opens it by reflex. It's a deliberate and deferred action. Even from programs with a download manager, it's not something that easily triggers a reflex.
Like I said, I have never had one of my users come to me and say "I did it again, Peter, I've downloaded a file to my desktop and opened it and I've got a virus." I've had people do that once, but never twice. I've had users come to me multiple times saying they'd clicked on the "OK" button again, because they click on that button so many times that it's meaningless.
This is the real world, not some Microsoft sponsored study that presented a false choice between two extreme alternatives. There's lots of better ways to make the job easier on the user without encouraging dangerous habits.
Firefox and Camino give you a better alternative than either option, a download manager that works well, letting you see the files you've downloaded and from there show them in Finder or open them, without having to hunt through anything.
even then the Finder will alert you to a new executable being run and require your password to do so
Um, it will only do that if the guy who wrote the malware is naive. There are so many ways to hide stuff without having privileges that there's no point asking for them.
Do you work for Sophos or something?
Hardly. Sophos answer to the problem is "buy our expensive crap". My answer is "change your behaviour". Antivirus software is a protection racket. I don't use it and I haven't had a virus on any of my personal computers since 1988.
People don't want that, and they would rather take the risk...
You can't actually say that people want it. People are not presented with the choice. The browser shows up, and it works that way, and they get used to clicking OK because that's just the way it works. Even if there's an option to turn it off, it's on by default.
Most people don't even wonder if it might not actually be easier if they get downloads as packages in their mailbox instead of "OMG the computer's asking me a question gotta DO something", because they're too used to doing things the way the computer wants.
The current situation is like, oh, imagine if the postman showed up and refused to go away until you actually opened every envelope and inspected the contents, and took away the ones you didn't want to open. Do you really think people would prefer that to just picking up their mail and sorting through it at their convenience?
People have been trained to do things the way the programmer thought they should. That's the real failure.
"What really matters is the business value you provide and how much you can provide IT value to the organizations,"
So far, my experience with SAP is pretty unpleasant. Its only goal seems to be to force every end-user to spend as much time as possible negotiating its obscure interface through undocumented and inconsistent dialogs and menus, rather than doing actual productive work.
After using SAP for a year I would personally rather go back to doing my timecard, purchase orders, and expenses on the back of a shovel using charcoal and calling it in to a Tourette-afflicted trained chimp via a tin can telephone.
God Damn that's broken software. I'm having a hard time saying if it's actually worse than Lotus Notes, but if not they're tied for last place.
Malware doesn't need privileged access to find a hiding place.
When I was at Berkeley in 1978 people were already putting trap files in their home directories to catch people snooping around and do nasty stuff to the intruder's accounts, including hiding backdoors in their login scripts... and this was on Version 6 UNIX, a system so primitive the shell didn't even have native flow control built in.
Restricting the scope of malware by restricting user privileges is great, it gives you an easier recovery path, but it's not a panacea.
I wonder if it would make sense for MacOSX (And user-oriented Linux distributions?) to keep all binaries and libraries etc. (i.e. not /home) normally read-only (unless you are in the middle of uninstalling/upgrading of course).
They do. Normal users have no write access to system directories, the installation process runs as a privileged user that has write access. The thing is, you don't need write access to system directories to launch malware, or have it auto-executed when you log in... there's plenty of places for it to hide in your home directory in any system...
No application that displays untrusted content should EVER have an option to open files automatically after downloading. No matter whether it thinks they're safe or not. No matter whether you pop up an "I'M ABOUT TO DO A STUPID THING, IS THIS OK?" dialog first. Don't do the stupid thing.
Downloaded files should be dropped in the user's download folder, and left there for the user to take care of or not at their leisure.
CDROMs and USB keys and other external storage should be mounted, and made available to the user, but NEVER EVER auto-run.
Files outside specific "application" or "plugin" locations should never be considered as potential handlers for content, and there must be no mechanism to move files to these locations without an EXPLICIT request by the user.
(yes, that means no auto-installing Dashboard plugins or Firefox extensions... and of course ActiveX is beyond the pale)
I've been trying to make this point to developers and software publishers for at least seven years now, but they're all following Microsoft like lemmings. I've sent in bug reports, suggestions, and made personal requests to people at Apple asking them to back away from the edge before they go over. But... no...
Apple: I TOLD YOU SO.
Everyone else: TURN OFF OPEN SAFE FILES AFTER DOWNLOADING. DON'T USE APPLICATIONS THAT DON'T LET YOU DISABLE AUTO EXECUTE. That means Internet Explorer, Outlook, AIM, anything else that will run untrusted content without you explicitly pointing at a file and saying "OK, I've downloaded this, run it".
I've been saying that dialog boxes asking "DO YOU WANT TO DO THIS STUPID THING" were a stupid idea since before Safari was created.
And I've been saying this was a problem in Safari since it's existed.
Users: TURN OFF "OPEN SAFE FILES AFTER DOWNLOADING"
Apple: TAKE THAT OPTION OUT OF SAFARI.
Social Engineering Always Works.
This is not a security hole in the OS, this is a social engineering attack, just like every previous "first OS X virus" has been.
Social engineering works, BUT for most people it doesn't work very often. Once is usually enough... UNLESS the system trains them to click "OK" when presented with a security dialog. If you can keep it from working a second time, you'll kill this kind of attack dead.
I've had the same people come to me many times and say "Peter, I think I have a virus, I clicked 'OK' again". I've never had someone come to me and say "Peter, I saved a file and opened it and I think I have a virus" more than once. Because when you download a file, there's no urgency, you don't have to decide RIGHT THEN whether to go on with it. You can stop and wait, and no reflex loop develops. And that pause, even if it's brief, is more than enough for most people to get out of the "open everything anyway" habit.
In Safari, TURN OFF "OPEN SAFE FILES AFTER DOWNLOAD". There are NO "safe" files that are guaranteed to be safe.
In instant messaging, don't use an application that doesn't give you the ability to completely disable automatic execution (with or without a dialog) of downloaded files.
Back when social engineering was the virus vector, and you had to actually save a file to disk and open it as a separate action, viruses spread slowly. When Microsoft integrated IE and the desktop and allowed automatic execution of untrusted content, THAT is when they took off. And the biggest problem with Microsoft setting such a low bar is that people accept a slightly higher bar (a dialog box) as OK, EVEN WHEN THAT IS PROVEN INADEQUATE.
Users: Don't automatically open files.
ALWAYS save them to disk, and run them by hand, later.
Developers: Don't give users an option to bypass this step.
That'd make this the first "Retrosexual Virus".
the Gateway [...] when outfitted with a similar set of features ( and a web cam ) and software
That's using "category 1" logic: upgrade the PC to match the feature set of the Mac. I'm surprised you didn't manage to make the Gateway cost even more than the Mac that way.
your attitude towards the software costs is key here
Um, you haven't read for comprehension. I said that the software is what makes the more expensive hardware worth it to me.
what's the price of a full Visual Studio suite?
See, this is the thing: you have to count the hardware and software separately because while the difference in people's hardware needs is significant, it's utterly dwarfed by the difference in their software needs. For example, to me the value of a Visual Studio suite is approximately zero, since I can compile all the "Windows" software I want for free using the GCC bundled with Interix... on the other hand, OS X is easily worth the $300 I suggested. To someone else, the ability to run Windows game software dwarfs all the advantages of OS X so you have to add the cost of SoftWindows (once it's available and solid) to the Mac.
When I say the Mac hardware is unexceptional and overpriced, that doesn't mean I think the whole system is overpriced, nor that I'm dismissing the value of the software. It merely means that this price difference is a measure of what Apple will be able to charge for a generic OS X... because that's what they're charging for it right now.
when I upgrade my motherboard, I'd like to not have to buy a new version of the OS, thanks
Where have I suggested that you should be forced to do that?
The upgrade version of the OS would work on a genuine Mac, or on a generic PC if you have a full version of the software it can check against. There's no reason to invoke something that's, well, even nastier than Microsoft's latest measures... let alone their practices for most of their product life.
You *like* the beige PowerMac G3 cases? And dislike the G5 PowerMac case ? Either you're thinking of different machines than the ones I've worked on
Or you're thinking of the early minitowers.
The Beige G3 has a similar design to the B&W G3, except that the drive cage rather than the motherboard pivots. You remove two clips, and the whole drive cage pivots up and gives you full access to the motherboard and RAM. The PCI slots and drive bays can be reached just by removing the cover, and despite being smaller than the Powermac G5 it has more drive bays and more PCI slots.
I haven't worked on the G3 minitower, just the early pre-G3 minitowers. THOSE are awful.
The NeXT Slab I was comparing with the Mac mini. Surely you wouldn't call the slab less expandable than that?
here I thought I was clearly asking you about Intel PC hardware.
Sorry, I misunderstood. I haven't bought any really nice generic PC cases, but (as I already mentioned in a previous message) a lot of the later Compaq Deskpros were very nice. They have one that's about the size of two small Dominos Pizza boxes stacked on top of each other that has as many PCI slots and drive bays as the Powermac G5, and after removing the cover (by flipping two heavy-duty clips and sliding it forward) everything inside just pivots outwards. You have to unclip two cables before flipping up the drive cage, but one the other hand the whole PCI daughterboard comes cleanly out allowing you easy access to the cards without reaching in anywhere.
I'd love a desktop Mac with the same design.
either you buy the claim that the superior video, form factor, and software of the Mac mini are worth the price
Superior video?
A Radeon 9200?
A Radeon 9200 with only 32M in the PC world would be the absolute bottom of the line... I don't think you can even buy one that poorly equipped. You can get one with 128M for under $40, and I would love to have that in my Mac mini.
The form factor is nice, but I'd rather have a 3.5" drive bay.
The software, as I said, is what makes the unexciting hardware worth it.
It's obviously a y2k problem, Slashdot got reset to 1906 at the beginning of the year and it's taking them a while to catch up.
Maybe when they get to 1982 they can slip Jobs a word about giving the Lisa a miss?
PS: that's "Bolshevik".
I'm going to have to remember which verision of the OS I bought and be sure not to cripple a new machine with the wrong version?
If you bought a Macintosh, no.
If you bought a generic Intel PC, yes, but you already said you don't want to do that. So why would you care, it wouldn't effect you.
care to show a carefully matched example of a cheaper, equal, competing system from Dell ?
Nope. I've done those comparisons in the past, and they always come down to the Mac guy saying 'the mac's got a brighter screen/firewire/... so you didn't do an equal comparison'. There's basically four ways this can go:
1. We take EXACTLY the specs of the Mac, put together a non-Mac that includes EXACTLY the same features, and ignore the value of the feature that the non-Mac has but the Mac doesn't (like a larger screen). That gives you a comparable price, but more features on the non-Mac side. This is the Apple fan's approach.
2. We take EXACTLY the specs of some non-Mac, put together a Mac that includes all those features, and ignore the value of the features the Mac has that the PC doesn't (like, say, Firewire). That gives you a vastly inflated Mac that's far more feature-laden than the PC. This is the Apple hater's approach.
3. We make up a set of specs and come up with a Mac and a PC that fit those specs, and ignore the features not in the specs. The PC is always cheaper, but less so than in #2. This is the approach that best fits the "cost to the typical consumer", because they rarely have a need for EXACTLY the features on any given box.
4. We pick the machines and then add or subtract virtual dollors for the value of the rough edges to get a "comparable price" machine. Again, the PC is always cheaper. This one is the best approach to figuring Apple's likely profit margins.
I can do #3 or #4, but I'm not going to, because it just leads to an endless flame war.
The bottom line is, I can get a Windows-based laptop that _apart from the fact that it's running Windows_ meets my needs for less than I can get a Mac laptop that suits my needs. That's the only definition of cost that makes sense for me, and for me (and for most people) that makes the Windows-based solution cheaper.
Maybe a couple hundred bucks more, if you don't need any software.
Glad you agree after all. That's why I proposed making the generic version of OS X a few hundred dollars more.
Not to mention that "a few hundred dollars" doesn't seem much on a $2000 laptop, but it's a really big deal when it's the difference between a $700 laptop and a $1000 iBook, or between a $300 PC and a $500 Mac mini.
want to point us to a link of a case design you *do* like?
I've already mentioned some, you want me to recap?
The Powermac G3 (both the beige and the blue-and-white) and G4 cases were pretty good, smaller and more versatile than the G5. There's a bunch of good PC cases built along similar lines. The Sparcstation and NeXT slabs and the Performa 475 would make good desktop G5 designs.
don't buy an Apple if you don't like their hardware designs
I'd love to, but the only way to buy the software I want is to put up with the style-over-substance hardware bundled with it.
So - is there anyone who is for OS X on generic PC hardware *and* for the GPL?
:)
I'm for OS X on generic PC hardware, but I want it from Apple. I don't care if it costs more than Windows XP Pro (and it would have to for Apple to retain their profit levels).
I'm against the GPL, and release my own software under the BSDL because I want the people who use my software to have the maximum flexibility. I'm glad I'm not the only one who thinks this way, because otherwise OS X wouldn't exist.
So, I guess I qualify as "yes and no" on your poll, but not the way you meant it.