I don’t want applications mining my personal documents.

In fact, there have been worldwide outbreaks of attacks by malicious code.

You said: “Common sense dictates you only download from trusted sources” and common sense also dictates you don’t double click an unexpected attachment called ‘Love-Letter-For-You.txt.vbs’. But many did and the outbreak of the “I Love You-virus” was a fact.
———-
@Alan

Yes, _we_ know that, but does your 11 year old nephew know that?
———-

This post actually raises an excellent point, and it’s not about technology, it’s about perception. Flash games are extremely popular time wasters. They _will_ be extended with offline capabilities through Air (like playing on a laptop and later synchronizing high scores, or extrra down loadable levels/characters). At this point, Air applications will be perceived to be relatively save, and many users will click Yes to the ‘scary’ dialog.

The application should be able to access its initially empty home directory at will, and should be able to access any file that the user has selected from a file open dialog controlled by the Adobe AIR runtime and displayed in fashion that shows its relationship to the particular AIR appliction.

Similarly for access to anything sensitive – only through dialogs whose appearance and behavior is controlled by the runtime, not the particular application.

Comparing an online Flash game to an offline one assumes a lot of factors that aren’t applicable. I can’t chance upon a desktop application…I can only choose to download it from somewhere and install it with free will (I can’t be redirected to one or have it unintentionally forced upon me with creative browser commands). In this respect the rules that apply to all downloadable applications (whether AIR or not) apply here as well. Common sense dictates you only download from trusted sources.

The fact AIR right now has limited access to the OS isn’t really a debit in this regard…it’s actually smart while in beta so they can work out how it will differ from the way commercial wrappers handle things now (and there is a huge userbase of people cranking out desktop apps with far more OS access than AIR offers right now….with no catastrophic worldwide outbreaks of attacks by malicious code I might add) and what level of access they choose to allow. I do think they need to mirror the options offered by the existing commercial wrappers because if they don’t, at least how it relates to desktop RIA’s based on Flash/Flex content, they will cut their own throat limiting their platform by rules of engagement not respected (nor abused in large numbers) by their competitors. If a user wishes to put out malicious code, they will…no matter the platform….this isn’t specific to AIR nor more susceptible to AIR. The question is…with a distribution model that cannot be compared to a web delivered one, what avenue would they have for distribution in today’s world? Surely not any shareware repository…it would get reported too fast. They would be limited to distribution via personal means (self served as a download from their domain) and the word would get out quickly that their code is malicious should they choose become a developer that has “creating havoc” on his/her mind.

We need to quit pretending that AIR invented the ability to create desktop applications with the benefit of a lower level language encompassed by a higher level one and they need to stay focused on how it will differ from these existing applications (with dedicated runtimes, dedicated html engines, internal DB handling and etc for example) and ignore the stabs at security and other supposed flaws by people that tend to…in fact…pretend they did invent it.

I personally think (I wrote about this at an earlier date) that scary install splash screen you mention is being done on purpose. To me it simply negates any worries that users will jump the gun and begin commercial distribution of anything AIR based until it at least hits final version 1. I sure wouldn’t (imagine the look on a clients face when they see that). If I had to guess it’s that way for a reason and will not look anything like that when it’s all said and done.

Chris

The security restraints have not been fully set in the current beta… here’s the current situation:
http://labs.adobe.com/wiki/index.php/AIR:Developer_FAQ#What_security_model_does_the_Adobe_AIR_runtime_provide.3F

The issues you raise are valid ones, and the team here has had these explicitly in mind the past few months. When the release goes 1.0 it’d be great if you could provide a reality-check then too, thanks.

jd/adobe