On Nov 22, 2006, at 7:25 AM, mfossi (at) securityfocus (dot) com [email concealed] wrote:
> In that sort of case a novice user might be less likely to realize
> that something bad just happened and chalk the reboot up to a
> random occurence.
Right, I understand what you mean - I just disagree.
;>
I believe that emphasis on the Safari automount has clouded the
public discussion of this problem so far. I believe that the Safari
automount issue is completely beside the point and that conflating it
with this .dmg problem isn't helpful in terms of discussing the real
problem nor communicating the real problem to end-users. All the
press I've seen about this leaps on the Safari browser issue, and
gives the mistaken impression that if one disables the Safari 'mount
safe images' feature, everything's dandy, when we all know it isn't.
Disabling Safari's automount feature does not even marginally improve
the security of any Mac user. Instead, doing what one can to verify
the provenance and evaluating the risks associated with mounting any
given .dmg (admittedly, there's little that folks can do in this
regard, but it actually has more real security value than disabling
Safari automount) are the best defenses we have until Apple can fix
this problem.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins (at) cisco (dot) com [email concealed]> // 408.527.6376 voice
On Nov 22, 2006, at 7:25 AM, mfossi (at) securityfocus (dot) com [email concealed] wrote:
> In that sort of case a novice user might be less likely to realize
> that something bad just happened and chalk the reboot up to a
> random occurence.
Right, I understand what you mean - I just disagree.
;>
I believe that emphasis on the Safari automount has clouded the
public discussion of this problem so far. I believe that the Safari
automount issue is completely beside the point and that conflating it
with this .dmg problem isn't helpful in terms of discussing the real
problem nor communicating the real problem to end-users. All the
press I've seen about this leaps on the Safari browser issue, and
gives the mistaken impression that if one disables the Safari 'mount
safe images' feature, everything's dandy, when we all know it isn't.
Disabling Safari's automount feature does not even marginally improve
the security of any Mac user. Instead, doing what one can to verify
the provenance and evaluating the risks associated with mounting any
given .dmg (admittedly, there's little that folks can do in this
regard, but it actually has more real security value than disabling
Safari automount) are the best defenses we have until Apple can fix
this problem.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins (at) cisco (dot) com [email concealed]> // 408.527.6376 voice
All battles are perpetual.
-- Milton Friedman
[ reply ]