What's the problem? Realplayer is included with a lot of distros. Are you one of those GNU/RMS followers? Do you have a problem with all proprietary software? Do you make a living writing proprietary software? If the last statement is true, you would be a hypocrite for advocating against use of any proporietary software.
I realize that but Launch services is not the issue but rather how those other file location urls are handled. Providing a user validation dialogue will prevent a meta refresh exploit.
Destroying the registration feature is not the answer.
This is not a launch services exploit. Get your facts straight. It is an exploit that uses the disk protocol in conjunction with the Launch services "Registering Applications" feature. Application registration is a feature that I do not want to see disappear.
I would like to Apple to add a mandatory confirmation dialogue with warnings about possible security risks from mounting images from untrusted sources on any attempt to mount a disk image from the internet.
This would give the user ample warning and a chance to prevent the exploit.
Another alternative would be to do the above and include the option in the security prefs pane to enable/disable mounting of internet disk images.
I would rather put up up with the chance of having an exploit use this rather than putting up with complicated install routines and a central registry.
There is no way to exploit this if you disable auto-mounting of disk images on download and the disk:/disks: protocols by with the default apps prefs pane.
If Apple does release a patch to deal with this, I hope it only performs a check to see if the disk/disks protocols are called from the internet and provides a warning/confirmation dialog as the user if he/she wishes to mount the dmg.
Safari should also have open downloaded files on download switch off by default.
Umm... are you sure that all it needs is to exist on a mounted volume? Don't you have to execute the app in order to register the URL type with Launch Services?
Is having the URL type in an info.plist enough?
You can disable the disk: and disks: url handlers with the Default Apps prefs pane. I don't want to post a link to slashdot though. Use Google.
I don't want Apple to disable the ability for apps to create their own protocols just because some malware some stupid user downloads might make use of it.
There will always be some way for malware to get on a stupid user's machine.
Umm. No, I believe you and the parent are both wrong. Defrag on the fly occurs when files are written to the disk, not during write operations.
Fragmentation would slow down both read and write operations.
I could be wrong though concerning my first point.:)
People buy laptops from name brand companies because they want extended warranties and service in case they break and they don't want them to break down on the road.
If you are a business man on the road, you want a laptop that you can count on and will easily work with any LCD projector. Time is money in the business world.
Sorry but no, there is no such mechanism in windows that would prevent this type of trojan. This signature mechanism will only protect you from someone altering the executable and trying to spoof with a valid MS signature. Nothing prevents windows from running unsigned executables.
I'm a developer on Win32 btw and use Visual Studio tools. All that signing does is prevent someone from altering an executable that has been signed.
I know this is meant to be a joke but this would happen on any platform with a stupid user at the helm. This is nothing like the proof of concept Trojan. It is a classic trojan (malware program claiming to be some useful program).
Fortunately, the OSX security model prevented the damage from spreading outside of the home folder. An admin account (default on Home and Pro XP) would have the ability to totally destroy a system whereas Admin accounts on OS X are not root accounts.
If this continues, the Record labels may end up demanding even greater restrictions on Fairplay.
Don't like the current terms? Don't buy off the iTMS. Nobody is holding a gun to your head.
I hear some people say they want to play iTMS songs on their linux box. There is a simple way to do with, burn them onto a CD with your mac or windows box.
The guys writing Playfair are obviously amoralists. Please go away and get some help with your sociopathic issues.
Fairplay does not deny your right to fair use. You are free to burn a copy to disk just as you are free to photocopy portions of a book under fair use or tape record from the radio.
Fair use does not gurantee you to the right to a perfect copy.
I don't think you know what security through obscurity means.
In this case, they are notified of the issue and quickly issue a patch. They only delay disclosure until a fix is found and release.
Real security through obscurity would be relying on obscurity to shield against vulnerabilities without making an attempt to find and release a patch for it in a timely manner.
1. Paranoia is not healthy.
2. We are talking about home user's here, not./ readers.
3. Exposing vulnerabilities only helps out the script kiddies and virus/trojan writers. They can write and release an exploit long before a patch comes out.
What is the hold up with iTMS? Is the industry in Canada deliberately favoring WMA based services and locking out iTMS? It would seem so.
Destroying the registration feature is not the answer.
I would like to Apple to add a mandatory confirmation dialogue with warnings about possible security risks from mounting images from untrusted sources on any attempt to mount a disk image from the internet.
This would give the user ample warning and a chance to prevent the exploit.
Another alternative would be to do the above and include the option in the security prefs pane to enable/disable mounting of internet disk images.
There is no way to exploit this if you disable auto-mounting of disk images on download and the disk:/disks: protocols by with the default apps prefs pane.
If Apple does release a patch to deal with this, I hope it only performs a check to see if the disk/disks protocols are called from the internet and provides a warning/confirmation dialog as the user if he/she wishes to mount the dmg.
Safari should also have open downloaded files on download switch off by default.
Is having the URL type in an info.plist enough?
You can disable the disk: and disks: url handlers with the Default Apps prefs pane. I don't want to post a link to slashdot though. Use Google.
I don't want Apple to disable the ability for apps to create their own protocols just because some malware some stupid user downloads might make use of it.
There will always be some way for malware to get on a stupid user's machine.
Have you heard of kernel extensions aka kernel modules? Drivers on OSX end with a .kext which denotes a kernel extension.
Umm. No, I believe you and the parent are both wrong. Defrag on the fly occurs when files are written to the disk, not during write operations. Fragmentation would slow down both read and write operations. I could be wrong though concerning my first point. :)
Laptops are for students and business travellers to do work on.
Fried laptop anyone?
People buy laptops from name brand companies because they want extended warranties and service in case they break and they don't want them to break down on the road.
If you are a business man on the road, you want a laptop that you can count on and will easily work with any LCD projector. Time is money in the business world.
Ok, who bought NeXT again? It was Apple. Afterstep is based on what GUI? NeXTStep perhaps? Come on /. reader where is your long term memory?
They bought NeXT?
-Translucent windows
-The Dock
and a compositing engine based on postscript.
NeXT was that company.
The default windows install does not prevent running of unsigned executables. It is highly unlikely that a trojan would be signed. :)
I'm a developer on Win32 btw and use Visual Studio tools. All that signing does is prevent someone from altering an executable that has been signed.
You must be confused between apps and signed "drivers".
I know this is meant to be a joke but this would happen on any platform with a stupid user at the helm. This is nothing like the proof of concept Trojan. It is a classic trojan (malware program claiming to be some useful program). Fortunately, the OSX security model prevented the damage from spreading outside of the home folder. An admin account (default on Home and Pro XP) would have the ability to totally destroy a system whereas Admin accounts on OS X are not root accounts.
You must be thinking of MS which did not pay Xerox anything and ripped off Apple.
Don't like the current terms? Don't buy off the iTMS. Nobody is holding a gun to your head.
I hear some people say they want to play iTMS songs on their linux box. There is a simple way to do with, burn them onto a CD with your mac or windows box.
The guys writing Playfair are obviously amoralists. Please go away and get some help with your sociopathic issues.
Fair use does not gurantee you to the right to a perfect copy.
3. Flying cars already exist http://www.moller.com/ Haven't you ordered yours yet? :-)
Plugins sound like a hack to me. I don't want Excel to try to do everything.
In this case, they are notified of the issue and quickly issue a patch. They only delay disclosure until a fix is found and release.
Real security through obscurity would be relying on obscurity to shield against vulnerabilities without making an attempt to find and release a patch for it in a timely manner.
1. Paranoia is not healthy. 2. We are talking about home user's here, not ./ readers.
3. Exposing vulnerabilities only helps out the script kiddies and virus/trojan writers. They can write and release an exploit long before a patch comes out.