The community Taskforce initiative has now come to a close.
Thanks to everyone who made thoughtful and genuine contributions to the website.
All submissions will be kept publically available for the forseeable future for reference purposes.

This website is part of the community Taskforce initiative

« Back to all users

Comments by user "dehetepappie"

Registered since: August 17, 2008

Don't have Safari open dmg's automatically

Wrote on November 18, 2009, 8:18pm

You're missing the point. Of course this is all 'by design', and of course an experienced user should not fill in his password. It's just that 'the design' is stupid - no other mainstream OS allows that disk images can be silently downloaded, opened, a script run, and the user prompted for his admin password. To blame the hapless user for filling it in is irresponsible I think. With this deliberate design choice, Apple puts huge faith in the savviness and alertness of its users *and* in the flawlessness of its image mounting and scripting host code. Why?

Comment edited on November 18, 2009, 9:25pm

Don't have Safari open dmg's automatically

Wrote on November 12, 2009, 9:36pm

As long as these kind of exploits are possible on OS X: http://tools.cisco.com/security/center/viewAlert.x?alertId=12440
I don't believe that blindly auto-mounting all background-downloaded DMG is a good idea.

If the install script cannot customize the password window, it is also trivial to put a little explanation window before the password dialog saying "this is a vital Apple update, you will be prompted for a password...", etc.

This trick was already used by a number of successful trojans, like this one http://www.f-secure.com/v-descs/trojan-downloader_osx_jahlev_a.shtml . I have found a number of these dmg trojans in my Downloads folder (I have of course turned off the "open safe files" function in Safari, but that doesn't prevent the download-on-page-load code to download the trojan).

Don't have Safari open dmg's automatically

Wrote on November 1, 2009, 9:13pm

Jasper, what you say is incorrect. Safari does not ask the user anything before it downloads a dmg, it also automatically mounts the dmg behind your back AND will also start any mpkg install script that is in there. It will then prompt for the user password for the final install. It is trivial for a trojan to make that window say: "this is an Apple system update, please type your user password here".

Formally this is not a bug or exploit (it's a feature!), this behaviour just makes it extremely easy for malware to pose as a legit update. OS X should have a much sterner warning saying something like "this is a disk image downloaded from the internet and does not originate from Apple" even BEFORE it mounts a dmg.

Don't have Safari open dmg's automatically

Wrote on October 29, 2009, 1:13am

Changed solution description.

Don't have Safari open dmg's automatically

Wrote on October 29, 2009, 1:12am

Changed problem description.

Don't have Safari open dmg's automatically

Wrote on October 29, 2009, 1:12am

Changed problem description.

Don't have Safari open dmg's automatically

Wrote on October 29, 2009, 1:11am

Changed problem description.

QuickTime X is missing some features

Wrote on October 29, 2009, 12:50am

Quicktime X is like Cheetah: "We got it to compile, we ship it. We'll turn it into something useful later."

Internal DVD drive required to play any VIDEO_TS folder

Wrote on October 29, 2009, 12:35am

Changed solution description.

Internal DVD drive required to play any VIDEO_TS folder

Wrote on October 29, 2009, 12:33am

Changed solution description.

Weeknumbers in iCal

Wrote on January 3, 2009, 2:12pm

It's not exclusively locale based actually, different definitions are valid in the same area.

 + Option + E to force Eject Device

Wrote on January 3, 2009, 2:10pm

Force open would DEFINITELY be a plus - I currently have a (damaged) DVD that I cannot eject by any other way than rebooting my Mac. It's obviously a read-only disc so no application could ever be blocking it. In the absence of a 'hard' eject button, the OS should provide it.

Shouldn't have to EJECT a thumb drive

Wrote on January 3, 2009, 1:55pm

On Windows, USB drives are automatically mounted as "quick remove" devices, and no deferred writes/caching takes place. This means you can indeed yank out USB sticks with no consequences, although with USB-attached hard drives who do their own on-board caching this might not be 100% reliable.

Double-click in Safari's download list

Wrote on January 2, 2009, 5:57pm

While this would definitely make Safari more practical, but also make .dmg trojans or metadata exploits (pdf, jpg, etc) just that bit easier to install by accident. Going into Downloads and manually selecting the file might just add that little bit of extra effort that makes some people think twice about loading it. With millions of Macs out there even a percentually small increase in trojan infections would be quite damaging.

Finder: Queued file copy/move operations

Wrote on January 2, 2009, 5:49pm

YES YES YES!!!! We so need this feature. A little added intelligence would also be a bonus (so that , say, a HD1-to-network and a DVD-to-HD2 copy will run concurrently).

Page: 1 2 » Next (15 of 19 results)