Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'More Confirmation--Clarification' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
More Confirmation--Clarification
Authored by: ExecutiveEditor on May 12, '04 09:26:39PM

To clarify my last point, here are two remarks that Rob made:

However, think about this version: A useful AppleScript that does something cool (change type/creator codes, backs up your directory, etc.). However, buried in the code is a timer that counts the number of times you've used the program. On the 50th run, it deletes your entire user's folder. Or worse, it pops up a dialog that says "In order to backup the Foo_bar file, we need your admin password." It may then be possible (I'm not quite sure how) for the app to delete the entire hard drive, instead of just your user's folder. If the script were useful enough, it could be very widely distributed, and then go blam! at some non-specified time in the future.
I realize that more experienced Mac users may think they're immune to this, but a properly disguised and coded AppleScript, as discussed above, could potentially catch even the most cautious user off guard. Also consider something packed in a .PKG installer which uses the real Apple-approved means of asking for permission to use your Admin password -- I install such things at least once or twice a day. Buried inside any of them could be a very malicious script that I wouldn't see until it was too late.

I download A LOT of scripts and apps (probably as many or more than Rob). But I always know where I'm getting them from--which is very different from getting something from a P2P network. If one of these were to execute malicious code, I could and would go after the author--and, in most cases, he would probably be open to criminal prosecution.

All of that is really just a long way of saying that the average MacOSXHints reader, if he's keeping his nose clean and avoiding P2P, has a whole lot less to worry about than he did back in the days of System 7, System 8, and OS 9, when there were real viruses running around--and compared with a Windows user, he's more likely to get hit by lightning than to be bit by this kind of malicious code.



[ Reply to This | # ]