Kill 10.5’s “Are you sure you want to open it?” dead

Don't take this personally, but you're defeating one of (IMHO) best features in Leopard, Code signing, Sandboxes, and App security. I hope you don't run your webserver this way.. afterall the dialog box says baby-eating-trojan...

Let's defeat one of the better security implementations out there. You only ever have to click open once after you download an application.

Recently downloaded around a 100 .html files off my server for editing. Now each one of them pops up this warning when launched for the first time! So yeah this reeks of Vista like hinderance.

I don’t take it personally at all. :-) Any security measure with UI implications is going to be a tradeoff with convenience. For me, doing what I do, this particular tradeoff is a bad one.

I encounter this dialog 6-10 times a day, and I click Open each time. (That is, I actually take my left hand off the keyboard and click it; there’s no keyboard equivalent.) How many times have you ever chosen anything but Open? For me, the answer is zero, so this interrupting dialog has never given me any added security. It’s targeted at people who open random email attachments, and while I might leave it on for Mom and Pop, I’d rather not see it.

You bring up code signing, but this has nothing to do with that. Leopard’s code signing serves only to notice when an app changes and to verify the identity of its author. It has hardly any UI impact and is a good addition. A good intro is http://developer.apple.com/[…]/.

You also bring up sandboxing, but this also has nothing to do with that. A casual google reveals few details, but http://www.laconicsecurity.[…]-feature-just-for-play.html gives an overview. Again, no UI implications and a good feature.

As to whether I run my servers “this way”, I was going to knee-jerkedly reply “Of course not!”, but it’s actually an interesting question! I can’t help but notice there are none of these confirmations in OpenBSD, which is renowned for its security. None on Linux either. You do find them on Vista, which is continually ridiculed for overusing them to the point of desensitizing users. I personally doubt they do anybody any good past the first or second presentation, but I’ll suspend judgment till somebody runs controlled trials.

Thanks for taking the time to reply and making me read some interesting stuff!

Cheers,
Erik