You’re reading all articles tagged 'security'
An end to Browser pimping?
Thanks go to Doug March, who pointed me to an article on Ars Technica on Leopard (Mac OS X 10.5). In particular, it was this paragraph that Doug wanted to draw my attention to:
One more tip we got regarding Leopard, is that InputManager plugins are no longer allowed. That’s right… no more little hacks from anybody besides Apple. No more Apple menu hacks. No more Safari plugins.
Oh shit! No more InputManagers = no more useful plugins like Saft or Inquisitor. OK, the use of the word ‘plugin’ is up for debate (Haxie is maybe a more appropriate term), but these are little caffeine boosts to apps with no plugin API, and I for one love them.”
The article continues:
Apple isn’t really broken up about it since InputManagers were often used for nefarious purposes anyway,” our sources said, but the loss of InputManager control will break a lot of shareware and commercial software that currently makes use of that control.
It was news to me, but apparently InputManagers are a security risk. I was well aware of the chance of crashing and sluggish performance, but not malware using it to do BadStuff™ to your Mac.
What isn’t clear at this stage, is whether this applies to SIMBL, a method of applying hacks to a specific app. InputManagers load for every application, whether it’s intended for it or not, although not necessarily being active in those apps. SIMBL got around that and could be more targeted. I’ve asked Mike Solomon if he knows, but I guess until he gets his hands on Leopard, there’s no way to be sure.
It does mention that “InputManager is not exactly the same as APE, by the way”, so perhaps Unsanity’s APE (Application Enhancer) system could be used? I must say though, I’ve not had the greatest experience with their APE modules.
There is another way of course. Apple could develop a proper plugin API for their apps (Safari in particular), but something tells me that ‘giving up control’ is not something they’d want to do, and for good reason. As the Camino developers experienced recently, 3rd party plugins/hacks can really screw with day to day bug tracking and resolution.
Somehow, I can’t help feeling optimistic that someone somewhere will find a way, and a good way at that…