←back to thread

How the Zoom macOS installer does its job without you clicking ‘install’

(twitter.com)
796 points _Microft | 2 comments | 31 Mar 20 11:41 UTC | HN request time: 0.423s | source
Show context
lultimouomo ◴[31 Mar 20 12:08 UTC] No.22736730[source]
I think this also shows how macOS has been training users to enter their password in random dialogs that have absolutely nothing that identifies them as being legit OS dialogs. The dialog that Zoom uses could very well be sending the credentials to a remote server, and the user would be none the wiser.
replies(2): >>22736941 #>>22742904 #
Aachen ◴[31 Mar 20 21:38 UTC] No.22742904[source]
One could say the same for gksudo, UAC prompts, or the equivalent dialog on your favorite operating system, no? Or is there something on other OSes that identifies it?
replies(2): >>22743357 #>>22746458 #
1. lultimouomo ◴[01 Apr 20 07:15 UTC] No.22746458[source]
I don't think UAC is spoofable - if I remember well it minimizes all the other windows and hides the taskbar, which you shouldn't be able to do with a regular dialog.

gksudo is definitely spoofable, except I almost never get a gksudo dialog. I am not trained to expect every other app to periodically ask me for my password.

replies(1): >>22753963 #
2. Aachen ◴[01 Apr 20 22:00 UTC] No.22753963[source]
Any application can draw over the task bar as far as I know? Seems weird if games needed root permissions just to be full screen.