Re: Time Machine Troubles

In article <13jc8203ot47m74@xxxxxxxxxxxxxxxxxx>,
"Daniel Johnson" <danieljohnson@xxxxxxxxxxxx> wrote:

"ZnU" <znu@xxxxxxxxxxxx> wrote in message
news:znu-5D8364.14485810112007@xxxxxxxxxxxxxxxxxxxxxx

[snip]

Those features exist on the vast majority of volumes on which users
store Mac applications.

Yeah, but sadly not on the universal file format every computer understands:
VFAT32. If you want to use a volume from both Windows and OS X, you need to
use that.

Which means you don't get a big pile of features that both NTFS and HFS+
have.

Sure. And quite a few people use such volumes to store data. Not many,
in my experience, use them to store OS X applications.

6) The user accidentally launches a copy of the app that was in some
unexpected location.
7) The security hole in the app is exploited.

This part is what the exploit would do; it wouldn't be a matter of luck if
it got this far.

The only really plausible scenario for these two steps to be maliciously
triggered is if the user visits a web page which launches an app with a
security flaw as a URL helper, and then immediately tries to connect to
it after it's launched, or gets the app to connect to some compromised
resource.

This would require that:

1) The application actually registers as a URL helper.
2) The user actually visits a web page targeting that specific app.
3) If the malicious process has to connect to the app (rather than the
other way around), there can't be NAT or a firewall in the way.

This is all, again, fairly improbable.

[snip]

Who is going to bother even trying to exploit this?

The smart thing, honestly, if you are a black-hat, is to just ship a trojan
in an installer, and rely on many Mac users believe in the Mac's malware
immunity.

In my experience Mac users aren't actually much less paranoid than
Windows users. Though this is, admittedly, mostly because Windows users
aren't nearly paranoid enough.

But the point here is that coming up with an elaborate solution to this
specific issue is rather like inventing an extremely complex mechanism
to prevent intruders from coming in a 5th floor window, when odds are
the homeowner will be willing to let them in the door.

Indeed, nothing shows more convincingly how the Macs marketshare has grown
that this is now beginning to happen.

Meh. OS 9 got a bit of malware every few years. I wouldn't assume
there's going to be any sort of snowballing effect here.

[snip]

--
"More than two decades later, it is hard to imagine the Revolutionary War coming
out any other way."
--George W. Bush in Martinsburg, W. Va., July 4, 2007
.

Relevant Pages

  • Re: Mac OS auf PC - Was weiss man genau?
    ... unbedingt auf einem PC installieren wollen, wohl eher nicht im App ... Store bedienen. ... Mac App Store. ... EULA sind ja teilweise auch dann ungültig, wenn man sie vor dem Kauf ...
    (de.comp.sys.mac.misc)
  • Re: iPad anyone?
    ... of applications They do this by selling via the App ... it's quite possible to write an application for the Mac ... puts pressure on developers not to do that and to make the L&F ... You're confusing the App store with plain old websites viewed through ...
    (misc.transport.road)
  • user app data directory
    ... where is the recommended place for a mac application to store user- ... Which API do I use to determine the path from ... a c++ app? ...
    (comp.sys.mac.programmer.help)
  • Re: Cost of ownership: MV vs. SQL Server
    ... >>app server independent, etc, but you cannot be all of those at once. ... > mention that .NET seems to satisfy all of the business requirements ... (both Macs & Linux), so my criteria are different from yours. ... > and this market has never expressed a real need for Mac, ...
    (comp.databases.pick)
  • Re: Apple is deprecating Java
    ... With integration into Mac OS X.s- ... You can run plan 9 for all Apple cares. ... and most users will run the default OS install. ... I see currently no reason why a Lisp app can't be sold there. ...
    (comp.lang.lisp)