Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A warning on a new destructive 'press release'' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A warning on a new destructive 'press release'
Authored by: kirkmc on May 13, '04 05:41:49PM

Your point is well-taken. But what, exactly, is a trusted source? Apple? And the iTunes installer that erased hard dsks... Microsoft? Their software has been known to cause problems?

While I agree that stupidity and gullibility play a large role here, the fact still remains that the system allows what is a very drastic operation with no warning. Even when you empty the Trash (unless you have consciously changed the default prefs) you get a warning.

Sure, you can say that the guy who found this DLed it with the hopes of getting something for nothing, but it still doesn't address the fact that the OS allows a serious operation without a blink. Hey, if you want to delete a user account from the System Prefs, you get a warning...



[ Reply to This | # ]
A warning on a new destructive 'press release'
Authored by: Spades on May 13, '04 06:50:29PM

Figuring out what is a trusted source is, just as in real life, all about common sense. Is Apple a trusted source? Almost certainly. I'm not familiar with this installer that erased the hard drive, but it sounds more like a bug than a malicious attack. Is P2P a trusted source? Absolutely not. P2P is the equivalent of taking candy from strangers. You were taught to not take candy from strangers, right?

If you want explicit levels of trust, then there's nothing stopping you. What you're looking for are software that is cryptographically signed. Requiring that though is borderline paranoia, and you're not going to find much signed software. It is much less troublesome to apply what you've learned about trust in life to computers.



[ Reply to This | # ]
A warning on a new destructive 'press release'
Authored by: CarlosD on May 14, '04 03:17:51PM

Yes, Apple and Microsoft are what I would consider trusted sources. (Though people are very much questioning the latter. ;) )

This is not to say that they are perfect, but to clarify and define what is a "threat".

A security breach, as you point out, can eminate from trusted sources. That is precisely the point. **That's** when we should sound the threat alarm.

The candy from the stranger analogy is a good one. When buying food from an established grocery store, or other outlet (in the industrialized world, at least), you expect that you can trust the integrity of the food. If it is bad or poisoned, you hear the alarm on the evening news. Recent example: Did you hear about the frog in the salad of a major airline?

But if you got food -- hot dogs, let's say -- from someone on the street -- no cart, no license stickers, never seen before, etc. -- and you get sick, do you try and ban all hot dogs?

Warnings are fine, but at some point, there has to be a limit to what prompts a warning. Extreme example:

[Someone typed the letter 'A'. The state of memory will be changed by this insertion. Do you wish the letter 'A' to be inserted into this document?]

One suggestion is to have a cache of trusted certificates for signed executables. But I strongly feel this should not be a default way of operating. It will add more burden to getting things done and make development and regular installation under all the different supported sub-platforms (BSD, X11, Java, Cocoa, Carbon) more difficult. Also, Apple would almost be guaranteeing a future 'security crisis' if one of the certificates got out or got cracked.

No. A simpler way, is to tell users not to take candy, or hot dogs, from strangers.

---
Carlos D
===
my music
http://music.altamar.dynalias.org/



[ Reply to This | # ]