why would an installer need access to my computer?
why would an installer need access to my computer? Why is there an installer at all?
this is just baffling, after blocking wowmatrix curse gives me the very buggy mac curse client 3.0 and you guys want full access to my computer to install something as simple as an updater? thanks but no thanks |
Quote:
Quote:
Quote:
|
"unrestricted" is a very WRONG definition of what its actually requiring, it need full permissions because it has to read, write, copy and overwrite.
I religiously watch my system for changes, access, upstream infor and downstream so I know whats going on with my computer. AFAIAC the minion is safe for updating, the only worry i would have is with 3rd party additions to it. Worst comes to worst, backup your WTF and interface folders before updating and virus, spyware, malware check it each time. |
Quote:
the point is exactly that i don't expect nor want it to install anything where the system rightfully doesn't give it access in the first place it is a bad unnecessary choice, it make you look unprofessional or worse like you have some hidden wrong intentions (why else ask access to my system) there are no popular mac applications that work like this as most users will refuse to install them the warning is not a poor choice of words its exactly what it is, unrestrictive, i give permission to write/read anywhere in the system |
MMOUI Minion isn't a native cocoa based application (the one that you can just drag to your applications folder). It's something written in java and because of that it is asking you for permission.
|
Quote:
Also, I think you're being a bit (nah, overly) paranoid about the app. What is it going to do, delete every file and uninstall every other app? Highly unlikely. If it did do things to your computer that it shouldn't do, then other people would have already complained about it and Minion wouldn't be around anymore. |
a java application does not need permission of any kind to be copied on my hard drive
there are many far more complex multi platform java apps, that work (install wise) exactly like a cocoa app does i.e. an icon i copy to my preferred location (1 example would be jdownloader) there is no reason to ask permission, it only needs permission if it wants to do things it shouldn't like: 1. install new libraries (os x has all installed as is) 2. copy files to places where they don't belong 3. its malware and wants to destroy stuff whatever it wants to do its potentially system destroying i would suggest to stop responding if all you want to do is blindly defend a very poor design choice for no other reason than to not admit it is a poor choice |
Quote:
i am not complaining about poor choice of words, i am telling the choice of words is spot on, a previous poster found he had to correct apple and minimize the risk its not paranoia, its a valid concern for the safety of my OS and private data, if every little app behaved like this we would have 0 security left. |
Quote:
|
I'd say you are pretty safe, considering our fine website here. I can understand the concern when your OS tells you something wants an unfettered access to your computer (p.s. Mac should use that verbiage :P), but installing software onto your computer is your decision. Unless you've *never* used a Windows based environment or what-have-you, you can easily say, "Nah, I don't want to use this because it may harm me, even though it doesn't seem to have harmed anyone else, but I want to have the caution this little box brought upon me by choosing the blue pill or the red pill." Or some variation.
This isn't a snarky remark. Just an observation on what has transpired thus far. |
it has nothing to do with cross compatibility, jdownloader is cross compatible and yet installs correctly
many apps with an installer (a philosophy from windows and os 9, but possible on os x) do so without needing access, there is no reason why an app as trivial as an updater should ask for this |
Quote:
i am not sure if any of you are actually from wowi or just rabid fans posting to defend their favorite site? If any of you are from wowi i would take this problem serious instead of be apologetic for something that has no valid reason to be like this. |
Quote:
Maybe Shirik can give a better answer. |
I've been called a dog by some, but never rabid. I have never used the Mac OS extensively, and probably never will; also I never got around to downloading and using the updater, something about downloading directly every time without the convenience of having them all go at once just seems over kill for me. :banana:
|
Quote:
|
ITT Mac users
|
Quote:
If you don't trust my application, why would you use it, anyway? Do you really trust your OS so much that you are willing to be insecure and let it act as your bodyguard? P.S. If you really must know, a JWS application is not authorized to make files anywhere except in your temporary directory without requesting this permission set. Installers don't work too well that way. The application itself will not request this access. |
there seems to be a general attitude to just trust anything or you are paranoid
its puzzling to me why a programmer would resort to the if you don't like it don't use it mantra, nothing i said is unreasonable if you only care for windows don't release a mac version, other java apps seem to be perfectly fine installing whatever they need without needing unrestricted access the bodyguard comment is just stupid, you seem upset an os caught your app when it wants access to parts it doesn't need if this is how your app presents itself to the mac user it will not be widely used, but apparently you don't care so i guess everybody wins |
How many people have you seen saying" MMOUI just ate my HD"?
I get that same message from DOZENS of well known, highly trusted applications. Being security conscious is one thing. But lets put a little common sense in there too. |
again the trust everything or you are paranoid mantra
also i challenge you to even name 3 applications that pop up this warning this is a problem for both usability (it confuses the user and asks him to trust some random app over a security warning) and security (you actually advise this behavior making any security warning useless as you train users to just click allow) |
You obviously have an issue with this application and don't want to use it (or maybe you DO, but are too anal about every little red flag (true positive or false positive, whatever the case may be) that comes up). We get the point!
Do you have nothing better to do that whine and complain at each response that comes around on this thread, or do you not have enough drama in your life you feel the need to continue this mindless bickering? Just stop being such a paranoid little attention wh0z0re already and come to the realization that it is highly unlikely that WoWI would allow ANY kind of files bearing even REMOTELY malicious intent to be hosted at this site (let alone giving it as much support/backing as they have)!! |
you are just sad
i raise a valid usability and security concern, first couple of responses are don't be paranoid and how else can it be done, then the programmer tells me he can not be bothered with users or usability, then you come to insult me again the wise thing to do would be too look into how you can fix this instead of shooting the messenger, you come over like some cult that is replying to a non believer |
Quote:
That you worry is reasonable, of course, but like someone else already said, if the app was filled with virus or doing something shady to your computer, other users would have noticed. And about the "Use it or dont use it" mantra is true. People have tried to explain why it needs permission the best they know, but if you dont find those reasons good enough, then it is in the end up to you weither you want to use it or not. Most likely, they wont change the application just because you dont happen to like the installer, so in the end, nothing will change. Use it or dont, I doubt it's a life-changing decision to make. They can't correct something that isnt there. Yes, it asks for access, and people have already tried to tell you why, but it doesnt actually DO anything wrong. No one has noticed it doing ANYTHING it shouldn't do, thus there is nothing to correct. It's you vs. an entire community, and no one else seems bothered. |
you are right, a program that pops up a warning that it has an invalid certificate and wants unrestricted access is no problem at all
no other application does this, but for the complex and close to impossible task of checking a bunch of files for updates this just has to be done only paranoid haters would complain but don't worry my choice is made, it just amazes me that no-one even considers this a problem, i would think many programmers would reside here some that care about this kind of thing.... the only kind of posts i get is the inane justifications of people who don't even know what i mean and a programmer that does not care that his program presents itself as a harmful application nice thing you have going here :D |
And the way you word your original post leads one to believe YOU are the one with malicious intent concerning this issue. You seem to be pretty much spitting in the face(s) of the author(s) of this app with the whole "This is baffling, after blocking <BLAH BLAH BLAH BLAH BLAH> you guys want full access to my computer <YADDA YADDA YADDA>" routine, then you add an exclamation point to it all with the whole "thanks but no thanks" line.
If you think you know so much about it all, why don't you stop BELLYACHING about everything and offer to HELP?? |
Quote:
Quote:
|
.. I think we could all stand to tone down the rhetoric.
Full Disclosure: I am a Mac user, and a very happy Minion user. Quote:
But it is exactly that: a warning. It may as well say "Did you know you were installing Minion?" Since you did, in fact, know that, and mean to do that, you can say yes. If it said "Did you know you were installing RandomTrojan?" you could say no. If you say "no" to every warning that ever pops up, you could never do much of anything to your computer. I'm not a user of jupdater, but after looking at it bit I don't think it's a fair analogy. There are many java programs that you can just drop on the desktop/dock and run.. but Minion has a lot of system-specific configuration work to do. This is why it's not just a drag-n-drop. Shirik (who happens to be the primary author) has already explained that since this is a cross-platform installer, it has to request the minimum permissions for all its supported platforms. Since one of those platforms is Windows, and the required permissions for that platform is All, that's what is requested. On the invalid certificate issue.. there are TONS of reasons why a certificate could be invalid, up to and including greed on the part of the certificate issuer. I once had a 3-screen argument with Firefox because it didn't want me to use a certificate registered for www.<trusteddomain>.com being served by www2.<trusteddomain>.com. The best plan is just to look at the certificate and see if you can intuit that it means well. In this particular case, it may be related to the fact it is Beta software - for testing purposes by hardy users only - and therefore a signed certificate hasn't been purchased yet. If that makes you uncomfortable then - while I can assure you there is nothing wrong here - your best plan may to be to wait for the official release. Edit: the shortened form of "****ography" is filtered on this site. Who knew? |
He sounds like the kind of person to call his ISP and whine about the speed of his internet when he's using a wireless g router, in the basement, which is 3 floors under the router, on a slow computer, with 256K ram, running Mac OS 8.4. (or Windows 98).
:mad::p:mad:;) |
Shirik explained his reasons for why the app does what it does.
You either accept this and trust his reasons or you don't. Install it and move on or don't and move on. Either way, move on. |
Okay guys, tone it down. You know the rules. No flaming. No personal attacks. He has his concerns and it's his right to air them if he wishes. Shirik has responded, as the programmer of Minion and as a staff member of WoWI. If there is any more conversation to be had in this thread, it should be between them.
downset - I understand that you have concerns and you are certainly welcome to discuss them. However, you seem concerned that this is a third party application that we have adopted for our use. This isn't the case. It was written in-house by Shirik specifically for our sites. As well, please note that we've been running our network of sites for 7 years now and have only ever had a single instance where there were any malicious files on any of the sites (which was discovered and cleared up extremely quickly). Also note that every one of our sites are official members of the fansite programs for each of the applicable game companies. As well, we have a lot of people using Minion already. If there was any problem with our site(s) and/or Minion, those statements would no longer be true. If we weren't trustworthy, the game companies themselves would be kicking us out of their fansite programs. If there was a problem with Minion, users would have it uninstalled and it would be splashed all over the internet "do not to trust it, it is malicious". |
Quote:
Regarding permission sets, Java only offers two built-in: - Applet permissions (create temp files, no spawning of processes, no accessing URLs outside of where it originated from) - Full permissions (can do everything that a typical application can do) Note that "Full permissions" is NOT asking for root on your computer or anything of the sort. It is simply asking for Java's full permission set. It still runs in the context of the current user, and thus I can simply do everything a typical application can do. In fact, one might argue this makes Java more secure in this regard, because I am asking for confirmation before I get anywhere that any other application could have done normally. Minion actually installs its own intermediary permission set, known as the Minion Security Manager, which falls somewhere in between Applet permissions and Full permissions. This allows modules to run without being initially trusted, and users of Minion have already seen it in action. It offers more fine-grained security levels such as access to individual folders and servers. It is fully capable of blocking access to folders which you have not authorized (and some people have already had problems with Minion due to it being a bit paranoid, itself, and blocking modules when it should not have). |
Sorry Cairenn :(
*turns off muh lazer* |
Not to kick a dead horse here but I'm pretty sure that with OS X's protected memory scheme there's no way that a program can grab another program's security access.
So even in the likelyhood that Minion was getting access to system files , an illicit program would not be able to grab that access to write stuff anywhere. And yes I do read notes from Black Hat conferences where they speak of hacking OS X - there has been no news of programs being able to piggy back other programs that way. |
Quote:
|
too many replies are form people who only ever seen windows, os x has no UAC, warnings mean something and are very rare
i can name 2 very high profile and complex java apps: 1. jdownloader, installs by drag and drop and updates itself without any security warnings 2. vuze (used to be azereus): installs with an installer and updates itself without any security warnings both are multi platform, both are permission wise equal, they update automatically, and download files form the internet and put them in a folder |
Quote:
Quote:
|
Just a friendly reminder (again) :
Quote:
|
Quote:
Those you listed don't install directly from the web page like minion. Those you've listed you download a dmg image and either your browser auto opens it or you double click the dmg. Minion installs directly from the web page so you'll see different security warnings. Yes both programs you listed above are multi-platform but do NOT have multi-platform installers. Minion uses a multi-platform installer too. Now if we should ditch our current install process and go with an OS specific installer instead is something to debate. The last thing we want to do is scare people away from using minion and is why we are in beta so we can discuss these things. |
Quote:
It's times like this that I wonder why some kids like to make a big fuss about pc security issues, but will chow down immediately on a pizza delivered from god knows where. Think about it ;) |
Quote:
|
Quote:
Also... Quote:
|
Offtopic, but had to respond:
* 640K ought to be enough for anybody. o Often attributed to Gates in 1981. Gates considered the IBM PC's 640kB program memory a significant breakthrough over 8-bit systems that were typically limited to 64kB, but he has denied making this remark. "I've said some stupid things and some wrong things, but not that. No one involved in computers would ever say that a certain amount of memory is enough for all time … I keep bumping into that silly quotation attributed to me that says 640K of memory is enough. There's never a citation; the quotation just floats like a rumor, repeated again and again." Gates (19 January 1996), "Career Opportunities in Computing—and More". Bloomberg Business News "Do you realize the pain the industry went through while the IBM PC was limited to 640K? The machine was going to be 512K at one point, and we kept pushing it up. I never said that statement — I said the opposite of that." "Gates talks" (20 August 2001) U.S. News & World Report |
This thread is still going? I wanna post too! :banana:
|
Why use something to install it? What are we all Dumb that we can do it ourselfs? Just install it yourself. END of subject.
|
To the OP, just so you know, Mac OS X is not the only OS that will throw that message. Linux (Ubuntu 9.04) does as well. It's nothing to be afraid of. As others have stated, Minion is a bit different from other Java based applications as it uses a multi-platform Java Web Start installer (thus the .jnlp extension). Vuze and JDownloader both use Mac specific installers.
Java Web Start is a multi-platform installer for Java based applications that uses a very small file to download load the application's files. It's not that common at the moment, however I would not be surprised to see it used more in the future for Java based programs that install from the Internet. I have run across it twice so far, for Minion and for an older WoW UI updater called NetherPanel (now dead). NetherPanel was also multi-platform. A similar type of installer is Microsoft's ClickOnce installer for .NET based applications for Windows. I am very security minded myself when it comes to my PC, thus I am very careful to what I install (even on my current machine which is a Linux box). However Minion CAN BE trusted. |
to the OP
I think the app can be trusted. I, personally, don't like it for many of my own reasons. Others love it. That's great. So choose to use it or not. If this is a "request" then reword your original post as that instead of simply bashing it.
|
Quote:
|
I could totally tare into a lot of people and what they are saying here BUT i wont. I will simply say that the minion is perfectly safe, and to think that because a pop up warning for the installer poped up that its not, is ludicrous. Its as stupid as MS office install warning me on a Windows platform.
|
Quote:
Don't hold back.. tell us how you really feel! ;) /hugs |
*ahem*
Don't make me link to the Site rules.... |
Something just occurred to me while fixing dinner, one of my geek brain flashes:
If Minion was planning anything malicious on an OS X/Linux/other 'nix based system, it would pop up a sudo window (Mac's authentication pane is a version of the 'nix sudo command), asking for your user password allowing for superuser/root access. Without superuser/root access, malware cannot make any changes to a 'nix based system. That is one of the inherent strengths of a 'nix based system (such as OS X). |
Quote:
|
Quote:
|
Yup. That's why OS-X will sometimes ask you for admin access. Usually it's because it requires access to files that are considered "sensitive" by the OS. Note that any application install that asks for this, is essentially asking for more access than Minion is notifying you about at install. At least Minion warns you about it. :)
|
Quote:
That's called as part of the Security system built into OS X itself. I don't remember the name of the frame work but I think it's the Secure Services framework. IIRC You don't even need to invoke it in code. You just access an area your user doesn't have permission to enter and it comes up. |
Quote:
http://developers.slashdot.org/comme...57&cid=6734612 That authentication box comes up automatically when a user attempts to access ares on the HD they don't have permission to enter (eg when the owner & group for a folder is system:wheel) . It's run out of /System/Library/CoreServices I believe. |
Quote:
|
Quote:
|
All times are GMT -6. The time now is 07:32 AM. |
vBulletin © 2024, Jelsoft Enterprises Ltd
© 2004 - 2022 MMOUI