Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

JohnDohe

macrumors member
Original poster
@ BarracksSi

"Regarding how Safari can check for updates in the Extensions pane: It gives you at least some peace of mind that the extensions currently installed are also hosted by Apple in their Extensions Gallery (kind of like a min-app store for Safari extensions) and, in theory, tested and vetted to behave the way they're supposed to behave."
But ... this extension IS listed in the Extensions Gallery, yet, you're saying that this app -uniquely- compared to other apps/extensions also listed in the Extensions Gallery, is not safe and I can not have the "peace of mind" you mention. So I'm confused.
If an ext is listed in the Ext Gallery, its safe, or not?

"How would I know that Dictionary.com hasn't "gone rogue"? Well, maybe it can, but because any malware should be contained within browser and not opening another app on my computer, any damage would be minimal to nonexistent."
What bothers me is that Custom Search is merely asking to open an Apple app thats part of the native OS.
I simply don't see how that could be a risk so I don't get your kitchen analogy.
What are the odds that Apple's Dictionary has been co-opted by a rogue developer?

Thanks for the link to macsurfer.com. I will check it daily. But its a big site w/lots of info. Where do you look to get the kind of info you're referring to?
 

DeltaMac

macrumors G5
Jul 30, 2003
13,751
4,575
Delaware
I think the OP accepts using the extension in its present form, even though it no longer works in the simple manner as before Sierra, (and despite the fact that it might not be as secure as other solutions)
You may declare yourself out of this thread, if you so desire... :D

@JohnDohe :
The extension (not written by Apple,) is offering to do something that Apple no longer wants to easily allow from third party extensions (launching a native app, from a browser). Apparently, Apple is not allowing that to happen without permission from the user, and according to you, the developer doesn't appear interested in fixing that for you.
IMHO, that probably doesn't affect the security of that extension, by itself. Might be a good question to ask the developer, eh?
 

BarracksSi

Suspended
Jul 14, 2015
3,902
2,664
I needed a break. :D

This is like the guy who goes to the doctor and says, "It hurts when I bang my head against the wall."
Well, don't bang your head against the wall.
"But I want to keep doing it."
Okay, so put on a helmet.
"But helmets are uncomfortable."
Maybe put a cushion on the wall instead?
"But then it won't feel the same."

@ BarracksSi

"Regarding how Safari can check for updates in the Extensions pane: It gives you at least some peace of mind that the extensions currently installed are also hosted by Apple in their Extensions Gallery (kind of like a min-app store for Safari extensions) and, in theory, tested and vetted to behave the way they're supposed to behave."
But ... this extension IS listed in the Extensions Gallery, yet, you're saying that this app -uniquely- compared to other apps/extensions also listed in the Extensions Gallery, is not safe and I can not have the "peace of mind" you mention. So I'm confused.
If an ext is listed in the Ext Gallery, its safe, or not?
CustomSearch should be safe because it's in Apple's gallery, but I'm talking about the bigger picture. Remember when everyone got new software by downloading from sites like Sourceforge.net or just the developers' own sites? Apple's made it harder to run software that isn't in Apple's App Store (or, in this case, the Extensions Gallery).

Again, this is Apple locking down what can run on its OS. Having dabbled in freeware and shareware utilities in the past and watched them break my system, I seriously don't mind the more stringent security.

But again (and this is, what, the third or fourth time I've said it?), CustomSearch has languished through two major OS updates with no further development, and the developer himself has told YOU that he doesn't care. You can keep using it with the workarounds we've described, or you can stop. It's your choice. I just want you to understand why it's happening.

"How would I know that Dictionary.com hasn't "gone rogue"? Well, maybe it can, but because any malware should be contained within browser and not opening another app on my computer, any damage would be minimal to nonexistent."
What bothers me is that Custom Search is merely asking to open an Apple app thats part of the native OS.
I simply don't see how that could be a risk so I don't get your kitchen analogy.
What are the odds that Apple's Dictionary has been co-opted by a rogue developer?
That's exactly why it could present a security risk.

Let's say a Safari utility is allowed to open another app automatically. While we're dealing in hypotheticals, let's say the other app is Dictionary. The utility could conceivably run a script of its own to, say, select Print from Dictionary, then instead of printing to paper, it goes to the PDF option and selects "Mail PDF..." Then, your Mail app suddenly opens, and this utility then fabricates an email and sends it from your address to whatever address it wants. Maybe it exports your address book first and then sends the file as an attachment. Or maybe it searches your inbox for any emails from your bank and forwards them to a secret address.

This is like the stranger coming into your home with groceries but walking out with your bank statements and address book.

Apple (and, as far as I know, Windows) has a lot of safeguards in place to keep this from happening. In the old days, Windows was left vulnerable to email attachments that would contain "macros" -- custom-written scripts -- that, although the idea of macros was to execute useful tasks, could instead be written to do things with the computer to steal information or install malware.

Thanks for the link to macsurfer.com. I will check it daily. But its a big site w/lots of info. Where do you look to get the kind of info you're referring to?
I just skim the headlines and click on the ones that are interesting. I don't worry much about the "Finances" section towards the bottom, though.
 
  • Angry
Reactions: NetMage

Lazare

macrumors newbie
Oct 15, 2017
1
1
Hate to say but this "Do you want to allow this page to open xyzApp" has nothing to do with just the Dictionary app or ANY Safari extensions, but has to do with Safari being asked to open ANY application. Apparently it is a security function of Safari and I wish that there was a work-around to it.
Cheers
 
  • Like
Reactions: NetMage
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.