Is there really a Mac security threat?
Some developers question the diversion of resources into a security measure on a platform that rarely sees any security threats. CEO of Boinx Software Oliver Breindenbach told us: “Historically, security threats on Macs have always been very low, so I am really not sure if this significant investment of money and resources by the third party developers will pay off.”
Breindenbach isn't the only developer who thinks that sandboxing addresses a problem that doesn’t really exist. Scrivener’s Blout told us: “I'm perhaps not as convinced as many people about the necessity for all of this extra security, at least not in the form of sandboxing. Or rather, extra security is often good, but there's always a trade-off, and I'm not a fan of the way sandboxing buries all the user files about ten layers deep in the user's hidden Library folder. One of the things I've always loved about Macs is how open they are, and how so many different applications can interact with one another, and I'm slightly concerned that sandboxing is beginning to encroach on that.”
Kosta Rozen from Apparent Software told us: “We think that Apple has taken this security issue too far. Rarely do we hear Mac users worrying about lack of security of Mac OS X. In any case, any system is just as secure as it weakest link: if a user has just one piece of software without sandboxing his system will still be vulnerable, and no amount of sandboxing of his other applications will help.”
Reiff noted: “Sandboxing is a necessary technology on a smart phone as carriers do not want to see their networks ‘abused’. Sandboxing is necessary in a browser-based environment as random code downloaded as part of a web page cannot be trusted to have full access to the file system or other system resources.”
However, Reiff added: “In a desktop (or laptop) environment sandboxing makes much less sense. Here the productivity benefits of working in a seamlessly integrated work environment clash directly with the sandbox emphasis on isolating programs. Achieving better integration requires the sandbox to be opened wider thus reducing its effectiveness, so there's a trade-off between user experience and security.”
BeLight Software’s Ray East told us: “Sandboxing requires a lot of work and the actual benefit is a bit unclear at the moment. For now it seems like the solution to a problem that doesn't really exist.”
“Then again, Apple has been successfully identifying consumer needs for many years now. Perhaps a couple of years from now it will all make sense and we'll be thanking Apple for the push towards sandboxing,” East added.
Another anonymous developer, noted that sandboxing won’t necessarily stop malicious apps getting through Apple’s review process: “It's quite easy to craft an app that adheres to sandbox guidelines and still does harm,” he said.
Page 1: Confusion and concerns And why isn’t Apple listening?
Page 2: What is sandboxing? And will it work?
Page 3: Is there really a Mac security threat? And will Sandboxing remove it?
Page 4: The case of the evolving sandbox guidelines And how Apple needs to get its act together