On Oct 25, 2005, at 1:57 PM, Tony Boom wrote:
That's wrong. Malware may innoculate your system using an authorized application such as your browser (yes, Java applets may be harmful) and without requiring a password auth. or raising an eyebrow from LS. Once your system is innoculated, the harmful object may fiddle with the Login Items and AFAIK, deactivate LS without ringing a bell.Am I right in thinking for LS to be compromised I, as the soul user of this Mac, have to specifically give permission and run rogue software?
Now, one should consider the risks he most cares about and how to mitigate them. Moreover, I don't believe it is up to LS to provide protection against this. Apple should provide a mean (activated by default if possible) to require authentication if any change is to be done on the Login Items list.
-- Saad Kadhi - http://saadkadhi.blogspot.com/ "He who relieves the poor makes Ahura king"
PGP.sig
Description: This is a digitally signed message part
