One thing about OS X application are bundle architecture maintains application as self contained bundles thus you can move application around where in windows or Linux you cannot . But I feel OS X way of doing this may be easer for user but this makes holes in security.
Also other weak spot of Mac OS X is it will not ask for authentication in user level only in system level and the way programs run and are installed makes alot of weak security in OS X. It may makes this very user friendly but not good for security .
Doing it this way eliminates way more security issues than it creates.
All the reliable vectors for malware to be profitable are protected by DAC in OS X. The app bundle architecture keeps third party executables separate from these reliable vectors.
Windows installs software at the same level as the reliable vectors in Windows. So, if an app is malicious, it has more access to security sensitive areas in Windows than compared to apps in OS X.
It should be that all programs never download ,install ,remove or change in user level at all.No program should run or install in user level.Every thing should be in system level.
This is not possible. If permissions are set to require authentication at the user level, then users would have to authenticate every action on the system, including opening files and folders.
The thing is some times Apple makes their OS so user friendly thay strip some of the security.
The total opposite is actually the truth. The increased user friendliness reduces the likelihood of the user making mistakes in relation to security.
Windows and Linux should be installing programs in user level people tell me.Just like OS X.What do you think? What is better? Should program run and install in system level?
OSs should follow the principle of least privilege. Windows does not follow this principle as well as other OSs.
munkery we can keep the talk on malware to this thread than the other thread that is about programming and the OS X layers.This was in that other thread but got no reply.
Sure, if you stop making threads about topics that I have discussed with you several times in the past.
I don't want to discuss topics with you if you are going to try to spin that information into misinformation.
Why not the OS and AV like Norton or Kaspersky block it ??? It cannot block it !!! if it block flash ,Java,Java-script,Active-X or scripts on the page than most web sites would not work !!
But the OS you got user level and system level. The malware I got was in user level.
What specific malware? What OS are you using?
Active-X suggests that you are using Windows. Only Windows uses Active-X.
What is the difference of OS X user level and system level vs windows user level and system level .
The difference is that DAC is easily bypassed in Windows and that the registry is not well enough protected by DAC in Windows even if DAC is not bypassed.
These issues do not exist in OS X.
Why have user level and system level at all.
Do you want to authenticate every time you open any file or folder?
If no, then OS has to be separated into different levels of permissions.
Do you want malware to have system level access from only a single exploit?
If no, then OS has to be separated into different levels of permissions.
Why not the browser sandbox or OS sandbox block it ? It cannot if it block it than most web sites would not work.
What browser are you using? What OS are you using?
The effectiveness of the sandbox in Windows is not as good as the sandbox implementations used in OS X and Linux.
Depending on the browser, the rendering and scripting engines as well as any plugins run in either a separate process and/or a sandbox.
I do not think the sandbox was bypassed unless you are using Windows and IE.
So the point of a being very secure goes out the window here.It would not better if I was using windows,Linux,Unix or OS X or any other OS as no OS can block it.
This is absolutely untrue.
