Full Disclosure mailing list archives
Re: Java 8u40 released: why?
From: Dave Warren <davew () hireahit com>
Date: Sat, 07 Mar 2015 17:02:39 -0800
On 2015-03-07 15:00, Nick FitzGerald wrote:
So you did not notice the explanation that this would happen, right there on the "continue the install" permission dialog? The one we can see a screenshot of at, say: https://grahamcluley.com/2015/03/oracle-java-mac/ Your description rather strongly implies that you have no choice in getting the Ask toolbar, which is untrue. I understand that Mac users will likely not be _accustomed_ to such permissions for _additional_ software, over and above the actual software that they thought they were installing, being requested, BUT unlike your description above and Ed Bott's at ZDNet (referenced in another post in this thread), the user is actually given the choice to not install the extra offer. Of course, questions as to the desirability of the option being pre-selected, and the possibly less than fully transparent directions about the necessity of the offer are much the same with the Mac version and the Windows version, whose permission dialog you can see here:
Unfortunately for Apple and for Mac users in general, Mac users are going to have to learn that the main security issue on Windows exists in OSX too: The user. The only real thing that has kept OSX safe from user-installed malware until now is the relative obscurity of OSX; as OSX gains enough market share to be worth malware author's time, we'll see more and more malware, ranging from bundleware that replaces user preference with a particular corporate interest, right up to full on trojans.
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: Java 8u40 released: why?, (continued)
- Re: Java 8u40 released: why? Gsunde Orangen (Mar 05)
- Re: Java 8u40 released: why? Guy Dawson (Mar 06)
- Re: Java 8u40 released: why? paul . szabo (Mar 06)
- Re: Java 8u40 released: why? Alan Coopersmith (Mar 07)
- Re: Java 8u40 released: why? paul . szabo (Mar 07)
- Re: Java 8u40 released: why? Alan Coopersmith (Mar 07)
- Re: Java 8u40 released: why? paul . szabo (Mar 06)
- Re: Java 8u40 released: why? Alexander Burke (Mar 07)
- Re: Java 8u40 released: why? James Hodgkinson (Mar 07)
- Re: Java 8u40 released: why? Nick FitzGerald (Mar 07)
- Re: Java 8u40 released: why? James Hodgkinson (Mar 09)
- Re: Java 8u40 released: why? Dave Warren (Mar 09)