[stouset]

This is a totally unproductive (if all too common) attitude toward security. "If it doesn't solve every problem, it's useless."

This protects against a whole host of issues. It safeguards against garden-variety incompetence[1]. It provides some defense against the large number of badly-intentioned people who can write an Objective-C app, but don't have the expertise necessary to weaponize a typical root escalation exploit. It prevents apps from accessing your contacts, reading your emails, determining your location, and accessing the webcam and mic without your knowledge, amongst other things.

Does it protect against a motivated, highly technical attacker? No, not really. But that hardly makes it useless.

[1]: http://www.macobserver.com/news/98/december/981229/bungierec...

[s73v3r]

Not to mention that exploit will be fixed soon.

[feelix]

>It safeguards against garden-variety incompetence[1]. It provides some defense against the large number of badly-intentioned people who can write an Objective-C app

The exploits tend to be trivial, often trivial enough to fit into a single tweet. (https://twitter.com/i0n1c/status/623727538234368000) They require no competence to use.

As for protecting against incompetence and mistakes, that is far too an extreme of a measure solely to protect against that. Some decent QA will fix that.

So what is the point, really, of sandboxing if it does not thwart highly technical attackers? It severely limits the functioning of apps, makes it far more difficult for app developers (myself included), and for what benefit that could be worth the trade off?

https://www.google.com/search?q=developers+leaving+%22mac+ap...

[cthulha]

> So what is the point, really, of sandboxing if it does not thwart highly technical attackers?

It thwarts the attackers who aren't highly technical, and frustrating the script kiddies could have flow on effects when beginner attackers don't get the reinforcement to motivate themselves to refine and build their skills.

Secondly, exploits can be patched over time. Ten years from now, is OS X going to be better off for having the sandbox? Do you expect a lot of trivial exploits to be discovered after another century of person-hours are invested in the sandbox?