On Nov 21, 2006, at 1:08 PM, mfossi (at) securityfocus (dot) com [email concealed] wrote:
> Yes, it's just that if 'Open "safe" files after downloading' is
> ebabled it would be slightly more automatic. While not likely to
> make a difference to advanced users, it would probably make it
> easier for novice users to be exploited.
I understand what you're saying, but I don't think it makes a
difference. Ordinary users often download .dmg files to their
desktops and then just click on them.
The real fix is to alter the way OSX handles the mounting of .dmg
filesystems (I wonder if this same class of issues exists in OSX when
mounting other types of filesystems?). The Safari thing is a band-
aid/distraction which actually promotes a false sense of security, IMHO.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins (at) cisco (dot) com [email concealed]> // 408.527.6376 voice
On Nov 21, 2006, at 1:08 PM, mfossi (at) securityfocus (dot) com [email concealed] wrote:
> Yes, it's just that if 'Open "safe" files after downloading' is
> ebabled it would be slightly more automatic. While not likely to
> make a difference to advanced users, it would probably make it
> easier for novice users to be exploited.
I understand what you're saying, but I don't think it makes a
difference. Ordinary users often download .dmg files to their
desktops and then just click on them.
The real fix is to alter the way OSX handles the mounting of .dmg
filesystems (I wonder if this same class of issues exists in OSX when
mounting other types of filesystems?). The Safari thing is a band-
aid/distraction which actually promotes a false sense of security, IMHO.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins (at) cisco (dot) com [email concealed]> // 408.527.6376 voice
All battles are perpetual.
-- Milton Friedman
[ reply ]