Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
This is why I stopped trusting Zoom after that whole server applet thing from early last year. Plus, with the added popularity during the pandemic, it would obviously be a larger target for attacks like this.

I always use GoToMeeting with my Clients and try to avoid Zoom at all costs. If I have to use Zoom, I temporarily give it the necessary permissions, then disable them immediately once the call is over.
 
A security hole in macOS (which only appeared in a version from last fall) is why you stopped trusting Zoom?
So the part of my quote you used is the part that has nothing to do with the current situation… I said I stopped trusting them because they had a sketchy server applet that THEY installed. They said it was for launching calls, but there was no need for it and it could have been exploited. They very quickly removed it once they were found out.

Edit: I should have said, “this is PART of the reason.” There are many other reasons why I hate Zoom.
 
So the part of my quote you used is the part that has nothing to do with the current situation…

Literally your first sentence in response to a story about an Apple security hole is “this is why I stopped trusting Zoom”.

I said I stopped trusting them because they had a sketchy server applet that THEY installed. They said it was for launching calls, but there was no need for it and it could have been exploited. They very quickly removed it once they were found out.

Be that as it may, it has nothing to do with this story.
 
I wonder if they fixed/improved the slowed-down Safari (specially the stuttering delayed launching of the Bookmarks Menu, among other things) from Big Sur 11.3.1
The History menu (especially its daily submenus) is still fairly slow to me as of Safari Technology Preview 14.2 / Release 124, in Big Sur 11.4. I think it gets blocked trying to fetch all those favicons.
 
  • Like
Reactions: Solomani
The History menu (especially its daily submenus) is still fairly slow to me as of Safari Technology Preview 14.2 / Release 124, in Big Sur 11.4. I think it gets blocked trying to fetch all those favicons.

Ugh. Thanks for the feedback. That type of stuttering slowdown is unacceptable in modern 21st century web browsing.

P.S. --- my Bookmarks (including sub-menus) only contain a few dozen favorites. It's not even in the hundreds, or thousands, like with some users. Once every few months, I cull my Bookmarks/Favorites menus. And I nuke erase my entire browser History once a week or so.
 
Hmm, I don't think that popup can appear at all without a code signature, so verifying the checksum isn't a concern. You can opt out of Gatekeeper's code signature check manually (using the contextual menu, etc.), but I believe if you do, TCC flat-out refuses to do grant anything.

The problem is that I don't know it requires a code signature and while I don't get to use OSX very often I would consider myself more technically knowledgeable than most users. If a regular user doesn't know then it doesn't help them. There is no reason the dialog couldn't say.

For many types of permissions, they do. But yes, this should be unified. It's also grating that, if they need multiple permissions, they need to show multiple dialogs.

In my limited experience nearly all don't. It may well depend on which apps you encounter of course.

You can check the list of binaries in Security.

Assuming you can get there with the dialog still on your screen.

And you expect users to read that? A lot of them click on "OK" or "Accept" before the pop-up animation finished.

My point is it should be _easy_ to be responsible. A lot of users won't be - that's not really my concern. I would like to be responsible and I find it a struggle. I am sick of things being harder than they should when dealing with other computer systems - I expect more of Apple. the whole idea that I might be working away, suddenly get a pop up from some unrelated process and have to spend 30 minutes reading forums to crowd source opinions on which button I should click is ridiculous.

If we do care about encouraging regular users to be careful we can't get away with presenting quentions they have aboslutely no way of being able to answer.
 
Wouldnt they just be able to lie?

That's a problem for most systems and it still doesn't have great solutions.

In the days of dumb terminals it was trivially easy. You wrote a program that looked like the login prompt for the machine. You left it running on a public terminal and walked away. Some victim types in their username and password, your program logs the details to a file, tells the victim their password was wrong and kills itself and ends your session. The real system then presents the real login screen, the users assumes they made a typo and tries again, presumably successfully. You slowly build up a list of people's passwords for later use.

It is why Windows systems (used to?) require you to press ctrl-alt-del before logging in - as that would kill off any fake password screens. I think even now its permission dialogue boxes hide everything else in a way that a regular app can't emulate. I'm not even a windows user, let alone expert, so I may be wrong on that, but I think that's the case.

There are a number of approaches that can be taken. The windows way of something only the OS can do (withstand ctrl-alt-del or some magic screen mode) is one. another would be to link to an https web page at apple.com that tells you that this app is X and was reviewed by Apple and the developer said Y. There would need to be a way of verifying the app and the page matched of course so a fake dialog couldn't redirect you to the page for a legitimate application - e.g. comparing hashes or something equally annoying. A better solution might be to have a second, always trusted app (i.e. provided by Apple with the OS). It becomes the thing that asks for permissions - i.e. it verifies the app hash and checks the Apple database of approved apps and the permissions they might ask. You know you can trust the Apple app because it is immutable via SIP or something. Then you just need to be sure its the real Apple permissions app you are looking at which is hard if you don't launch it yourself. If its auto launched (which is certainly convenient) the OS needs to help by doing something only it can do (something in the menu bar? A special Dock icon only it can use? A HAL style glowing light in every mac that only it can switch on? make every user learn to use ps?).

Every solution to this problem has its own problem alas.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.