This is a reason not to buy lightbulbs with Internet connections, but not a good reason to despair about the state of overall software and hardware security.
We're not talking about people getting struck by lightning here, we're talking about an intentionally built and voluntarily used computer system. If you don't understand the risk, don't invest.
I'm not saying it is acceptable or that it doesn't matter. Just that, when it comes to my own personal computer, it isn't worth worrying about.
I have a lot of friends who haven't figured out the whole security-as-a-spectrum thing, and they spend a lot of time giving themselves grey hairs over adversaries that 1) they can't beat, 2) aren't worth beating, and 3) don't care about them anyway.
This incident did not, as far as I can tell, harm anyone's security or privacy. This add-on doesn't appear to track you, send your information to anyone, or grant access to your system to anyone else. People are upset to find the add-on on their systems, but what it actually does is not incompatible with the above paragraph.
I'm surprised that a lot of users here are telling OP that he was wrong. OP was well within his rights to do this, as his intention was to stop when any impact is observed, not continue with it. It is within their rights to test the system they want to use to make sure their requirements are met.
To be honest, this is why companies also should not discourage this. Imagine if a malicious group did it with multiple users at the same time. At least now they will have pro active alarms for it.
"May damage your computer" is accurate, but alarmist and misleading. It will dissuade more good software installations than it prevents bad installations, and it will raise distrust of computers and lower computer aptitude and overall understanding.
Personally, I disagree with it because it continues Apple's strategy of intellectually hamstringing its users. This could instead be turned into a powerful educational tool: "We recommend that you find a computer user to explain this error to you" or "Follow this wikipedia link to the page about gatekeeper to learn more about this and to find links to explanatory material".
Not when it comes at the expense of security. Perhaps there are contexts where security is not important and this rule does not apply, but it clearly is a problem for CPUs.
No, this line of thinking is basic threat modelling and stops us wasting time and effort on navel gazing when it would be better spent on things we can control. An invasive, non-destructive physical attacker also has access to (likely unencrypted) drives, memory buses, HIDs, audiovisual inputs...
'Fixing' this doesn't make your machine any less pwned if you let them touch it.
If I was really concerned about targeted cyber attacks against me, I think that I would exclusively use computers that I would buy from random people on Craigslist, take the hard drives out and only boot with live CDs using ram disks, and only connect via random public Wi-Fi locations.
Excellent precautions if you live and work in average middle-class suburbia and never go anywhere or do anything dangerous, controversial, or politically unpopular.
Lockdown Mode is not for you. It's for other people with different lives.
Do you care about thieves checking your lights from anywhere on the city? And what about your lights launching attacks against your other computers?
reply