On the other hand, it used to be very common for malware on Windows to email itself to all your contacts using your real email client. It's probably reasonable for an OS to add a little friction to the process in the modern era, though it probably shouldn't lie and claim the binary is damaged when that's not the problem.
chmod to dequarantine doesn't sound like "a little friction" to me.
On your point about security, this kind of aggressivity from the platform owner tend to backfire.
The user was already convinced to open that mail, download that file, and try to run it. Pushing the process to the terminal just means your clueless users now run the provided incantations in the shell instead, and the attack vector now becomes huge (the initial program doesn't even need to be malware)
I agree having to go to the command line is too much friction. Just clicking `overdue-invoice.doc.pif` is too little. About right is somewhere between a prompt and setting the file executable in the GUI.
> it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store
That's close enough to how Android already works. Google wants to additionally prohibit installation of apps unless they're signed by a developer registered with (and presumably bannable by) Google.
It's also unreasonable to describe the actions of the goose in the game as "destroying lives". They range from friendly interactions to harmless pranks to very mild revenge on people who are mean to the player character.
Not really hard: nuclear power generation uses radiation and radioactive material, but tries very hard not to release it. Coal power generation burns a substance that contains a small amount of radioactive material, and makes no effort not to release radiation.
The rate of change in computer technology has been orders of magnitudes faster than most other technologies.
Consider transport. Millennia ago, before the domestication of the horse, the fastest a human could travel was by running. That's a peak of about 45 km/h, but around 20 km/h sustained over a long distance for the fastest modern humans; it was probably a bit less then. Now that's about 900 km/h for commercial airplanes (45x faster) or 3500 km/h for the fastest military aircraft ever put in service (178x faster). Space travel is faster still, but so rarely used for practical transport I think we can ignore it here.
My current laptop, made in 2022 is thousands of times faster than my first laptop, made in 1992. It has about 8000 times as much memory. Its network bandwidth is over 4000 times as much. There are few fields where the magnitude of human technology has shifted by such large amounts in any amount of time, much less a fraction of a human lifespan.
Nothing in this article indicates UGC is the problem. It's that Google thinks there's an "official" central immich and these instances are impersonating it.
What malicious UGC would you even deliver over this domain? An image with scam instructiins? CSAM isn't even in scope for Safe Browsing, just phishing and malware.
It's sovereignty that limits the UK courts from enforcing a fine against an organization without a physical, legal, or financial presence in the UK. They could ask US courts to enforce a UK judgment, but the First Amendment does bind US courts.
Language strongly influences how people perceive things. For example, people shown videos of a car crash estimated higher speeds and falsely remembered seeing broken glass if the crash was described as "smashed" or "collided" rather than "hit" or "contacted"[0].
"Direct installation" sounds neutral to me, but "sideloading" sounds advanced or maybe even sneaky.
This leads to a massive transfer of power from end users to corporations and governments. User-owned computers and the open web limit the ability of such institutions to place demands on users. Is that worth a slight reduction in the rate of bank fraud?
Most of the time, it's the bank that's on the hook for fraud, which is why they're motivated not to trust that the user's device is sufficiently secure.
There’s no world where the bank is on the hook for fraud while also not being allowed to prevent it.
Personally I’m ok with the bank being on the hook and their app checking there isn’t malware loaded on the OS. I have my raspberry pi and steam deck for full modding without intermingling it with extremely sensitive computing.
Is this not a solved problem? I used to have a TAN generator for my bank as a separate device I paid like 5 euros for. If you get provided an authenticator and get forced to use it for transfers essentially even if my device is compromised it doesn't matter unless their device also gets compromised. They are then free to lock it as much as they want.
If it’s just one of those 2FA code generators, that still won’t help if your phone has malware on it. The malware can just modify the transfer as you are making it and have typed in the code.
Users would also lose them far more than they lose their phones.
I have one of those 2FA code generators, and used to have a different one with a business account, too.
In both cases the authorisation challenge/response involves part of the destination account number, so if the details are tampered with by malware the code won't work.
There is such a world, and we live in it. Banks might reduce fraud by repeatedly performing credit checks on customers, for example, but that's usually illegal.
Remote attestation doesn't check that there isn't malware; it checks that the OS is approved by one of a short list of corporations. Passing that check is correlated with a reduced risk of certain types of malware being present, but is not quite the same as checking for malware.
reply