I’d have to second that request for a cite. In my experience, Apple has tended to address their security holes pretty quickly. They may not go out of their way to be as noisy as possible in announcing the existence of the holes (although word gets around) but they don’t just whistle and look the other way. Your OS, and the folks who write and maintain it, may or may not vary.
::goes back to blithely using and enjoying his virus-free operating system with its new protection against evil URL-based exploits::
May I ask what was a lie there? Almost every Windows(in a home, at least) computer I have seen was running in Adminstrator mode. Every Linux distro that I know of (except Lindows) strongly discourages you from running in root. For example, Mandrake gives you a warning message if you go into the GUI while root, and makes the background an ominous red color. And a virus can do much more damage if you are running in Adminstrator mode, compared to a limited account.
As Phil Hartman would have said, “I’m just a caveman. I don’t understand your strange ways.” But, like the OP, I have a hard time wrapping my brain around why it would be so difficult to design I.E. with the option of blocking unwanted file downloads. When I look at the options for security settings, I only see the binary choice of “enable” or “disable”. Is that really as sophisticated as they can make the choices? Attackers routinely make changes to the computer’s registry, and install executable code on the hard drive, without any kind of warning to the user. But if you set security to “high”, then only about half the websites I use function properly. (No, they’re not ALL porn sites.)
Why is it not possible to prompt the user with something like: “Do you want to allow changes to the registry?”, or “Do you want to install executable code?” or something like that. It seems like the only 2 choices are “Let anything be written on your hard drive”, or “You can’t dowload anything, ever.”
And then the prompts I do get are often nonsensical, like warnings about invalid site certificates for places that I know are legit.
And this is a sidetrack, but why does Windows allow programs to run without showing up on any kind of task manager? Why is it that if I run Ad Aware, it will say something like “26 processes running”, but Windows only shows about half that many programs running. It’s obviously possible to identify these covert programs, so why can’t Windows do it?
It wouldn’t be that hard to make I.E. a secure browser - small companies like Opera or Open Source groups like Mozilla can do it, so certainly a large corporation like Microsoft is technically capable of making IE much more secure. Its just that they don’t want to/are sluggish to upgrade/ask them for there reasons.
Now for my tin-foil theory of why Microsoft products are so insecure is that MS wants to make sure there are security holes for them spy on you with. Now, if they just made one hole, and spyed on you with that, if that hole was discovered, MS would look really bad if they didn’t fix it. But by having a bunch of holes, they can fix a couple now and then(to make people think they are doing something), and with everyone messing around with MS security problems, Microsoft can eavesdrop on its custormers without anyone noticing it.
Now the double-layered tin foil theory is that Microft is doing this spying on behalf/in collusion with of the Government/N.W.O./U.N./Illumnati/Freemasons/Greys/Reptaloids/Sanrio/Satan/ and/or any other shady group.
blowero, unfortunately, you’ve fallen prey to the same beast as the OP: you’ve missed what causes the problems, and not knowing that, you’ve missed what the solutions are, and not knowing that, you’ve missed what the effort is that’s required to fix things.
The problem is this: If you build a machine with billions of moving parts, it’s practically impossible that it will be perfect. And some of the flaws can be used to take control of the machine by bad guys.
Now, you can take care when you’re building this machine to reduce these flaws, and some OS’s have done better than others. But the bottom line is that all OS’s have flaws, lots of flaws. And for a bad guy to take control of your machine, he only needs to fine 1 of those flaws.
Fixing the problem is a matter of time and money. It’s solid effort to patch over as many flaws as possible. It’s extremely difficult.
Unfortunately, the suggestions you made (similarly to those made in the OP) do zero to solve the problem.
You haven’t answered my question. It’s not about “flaws”, it’s about why the only options are not to allow file downloads AT ALL, or allow ALL file downloads. I wanted to know why they couldn’t just have the option to prompt the user whenever a web source attempts to write an executable file to your computer, or tries to alter the registry. Why isn’t that possible? I readily admit that I don’t understand what’s involved in doing so, so telling me I don’t understand is the understatement of the century.
(By the way, just as an example of why putting the security settings on “high” is a poor solution - a task as simple as adding a smilie to the text doesn’t work. I had to type it in.)
I didn’t make any suggestions. I asked a question, i.e. why can’t they do those things? If I.E. could prompt me before installing files of the types I mentioned, it seems to me that it would solve the problem. I was asking why that’s the case. I’m not telling them to do it, I’m asking for someone to explain, in simple language, why that’s not possible. (Maybe it’s not possible to explain in simple language; I don’t know.)
See, I’m not understanding how this is a problem of security “holes”, or mistakes, or slip-ups. It seems to me, in my limited understanding, that computers are designed to allow web sources to control them and make changes, and that it’s a necessary thing for them to be able to do what you want them to do, and that it’s just a matter of a hacker’s imagination whether they can make it do something undesirable. Seems to me that the only foolproof solution would be to give the end-user the option to decide what changes are made. So why does I.E. have so many security options for everything else, but no option to prompt before all file downloads? If it can block them, why can’t it prompt for them? Or does it have that option, and I just don’t know how to set it that way?
Because this happens A LOT. You’d be clicking “OK” constantly. The vast majority of the time it’s perfectly fine, but there’s no way to distinguish between good code and evil code. You’d be clicking “OK” on bad stuff, and “Cancel” on good stuff, web browsing would be a PITA, and it wouldn’t be fun.
