About Intego
Intego develops and sells desktop Internet security and privacy software for Macintosh.

Intego provides the widest range of software to protect users and their Macs from the dangers of the Internet. [...] As the dangers of the Internet grow, Intego is hard at work, developing new software to protect users and their Macs from the latest security and privacy threats. We protect your world.

An open letter to Intego

As I noted in An Open Letter to Symantec: Microsoft, which doesn't provide any reliable way for an application to tell whether it's operating on a trusted or untrusted object with or without any deliberate user action, gets a 'bye' from just about every publicly-facing security company over their inherently dangerous HTML architecture.

Despite there not being any potential exposure due to scripts embedded in HTML documents in their software... Apple, which doesn't provide any mechanism in their web-facing scripting language (Javascript in Safari) to do anything dangerous, gets bizarre comments like this in security alerts.

In http://www.intego.com/news/pr43.html Intego writes:

"This Trojan horse highlights a serious weakness with Mac OS X. Since it is built on a Unix foundation, it can run powerful commands very easily. These commands can delete or damage a user's files with no warning, and AppleScript offers no protection against malicious commands."

Come on, fellows, there's no operating system in the world below Orange Book class B2 that makes it the slightest bit difficult to "delete or damage a user's files with no warning" once a native script or executable is launched. And nobody sane would want to use a compartmentalised mode OS on a personal computer.

And why would you expect Applescript to offer "protection against malicious commands"? It's not a web scripting language like Javascript or Jscript, it's not intended nor used for an application where it might be running untrusted code.

I can not comprehend the confusion of the mind that would lead to such a comment.

 

While it's useful to be reminded now and then that once you launch an application on your own computer (even if it "looks safe") all bets are off...

No company would ever exaggerate a security threat to drum up more business, would they?

IO
Lynx-enhanced by <peter at taronga.com> (Peter da Silva)