Recently, while looping thru some thoughts around the perceived success of the Mac mini, I came across security concerns on mac os x: There is probably going to be more malware for the platform as the platform expands its market share. :/
Most of the malware that leaks private data to hosts thru the internet can be succesfully blocked from doing so by using a process/host/port based firewall (such as Little Snitch for example), but there is still one thing which is nearly always possible: to use the system "open url" API to open an URL with the default browser, GET-parameters inclusive! This can be easilly achieved either via command line, or applescript. I guess it is no problem to do so from within other frameworks.
Just _because_ it is so nice and easy, I use this "feature" with my own shortcuts for opening pre-built queries (e.g. an applescript that uses the text copied in the clipboard and puts together a google quer, then uses open url to execute it).
How about a mechanism similar to that used for cookies and popups, to block urls coming from "another app" which are not in my whitelist?
An option to "alert" only in case the url contains parameters could alleviate the "allow" / "deny" clicks a bit (clever malwarers could use dns wildcards, but then again, they would expose an identity thru the domain).
I wanted to hear if there's any feedback on this, how much sense it would
make to other users, before posting an RFE in Camino's bugzilla..
Regards,
Lorenzo
_______________________________________________ Camino mailing list [email protected] http://mozdev.org/mailman/listinfo/camino
