New results - Major security problem

Archived. Please post suggestions to our new community page!
Locked
m_reich
Posts: 3
Joined: Fri Nov 06, 2009 9:42 am

New results - Major security problem

Post by m_reich » Fri Nov 06, 2009 9:57 am

Nathan,

I'm a bit of a developer, and I know how signed applets work. It's same as allowing someone to run admin code on your machine (e.g. scan local files for credit card #s install spyware, etc) without even letting users know.

I would imagine this new feature will freak out advanced users even newcomers (e.g. they'll get loads of warning messages on IE)

As for me, I was using searchtempest for the past 6 months but now I will probably have to switch to craiglook.com

It would be nice if there was at least an option to turn this applet off, as it still seems to load even if you choose old results format :-(

-------
Regards,
Mike Reich

User avatar
Tempest Nathan
Site Admin
Posts: 1371
Joined: Fri Apr 18, 2008 10:06 pm
Contact:

Re: New results - Major security problem

Post by Tempest Nathan » Fri Nov 06, 2009 3:39 pm

OK, firstly there IS an option to turn it off. In fact, the option is presented in many ways. First, you are prompted when you go to the results page whether you want to use the new applet-based mode or the classic mode. Even if you choose applet-based, you will get a notification to run the signed applet, which you can deny - in which case, you'll be returned to the classic mode. Even once you've accepted the applet, there's a link right at the top of the page to return to classic. OR you can change your results format in the options menu, as always.

If that's not working for you, perhaps you've run into some kind of bug. It'd need more information to figure out what exactly though. Can you tell me the exact steps you took? Presumably you chose the applet-based mode. Did you then click Cancel on the security notification? And that didn't redirect you automatically?

Secondly, a signed applet is essentially a program that runs inside your web browser. Like any program, yes, it could do malicious things. However, it would be pretty stupid of me to write a program to steal credit card numbers or some such thing, then go through the process of verified signing, which proves it's coming from my company! So while yes, any program - including this one - could contain malicious code, generally those coming from legitimate companies do not. And obviously I'll verify that the Searchtempest helper applet definitely does not!

As for the other stuff.. no, IE users don't get "loads of warning messages". I've tested the applet extensively in IE, Firefox, Chrome, Opera, and Safari, in Mac and Windows, and the process is really quite straightforward. If you'd rather use some other search site though, I'm not stopping you. ;)

Locked