[HN Gopher] Unveiling Mac Security: Comprehensive Exploration of...
___________________________________________________________________
Unveiling Mac Security: Comprehensive Exploration of Sandboxing and
AppData TCC
Author : akyuu
Score : 41 points
Date : 2024-09-03 18:24 UTC (4 hours ago)
(HTM) web link (imlzq.com)
(TXT) w3m dump (imlzq.com)
| oneplane wrote:
| This is a pretty significant note:
|
| > From a system design perspective, I believe User-Selected /
| User-Approved feature is one of the most powerful functions on
| Mac
|
| Most people using computers and phones do not want to deal with
| ACLs or permissions or anything like that, instead they either
| want it to magically work (which is a bad idea since there is no
| implementation of that idea that is also secure), or they accept
| a system that will ask them based on their intent.
|
| If we can figure out if something was intended (The 'User-
| Selected / User-Approved' part), we're going to have a much
| better time creating systems that make security acceptable and
| applicable for mass market users. It still won't be perfect, and
| you'll still have things like social engineering or simply
| ticking users into believing they want to do something, but at
| least the primary reasoning will exclude processes sneaking in
| all sorts of activity that is supposed to be based on what the
| user wants (mostly... different people want different things and
| you'll find incompatible needs on the outer edges of the
| spectrum).
|
| Asking someone 10 times to approve full disk access for some
| random binary name that doesn't ring a bell isn't useful (as it
| doesn't really resonate with a normal user's intent). But asking
| if "Chat App" should be allowed to "Manage your payment cards" is
| something people can get pretty decent opinion on.
___________________________________________________________________
(page generated 2024-09-03 23:00 UTC)