Back to Don`t go there GURLfriend! page
Don`t go there GURLfriend! free download for Mac

Don`t go there GURLfriend! Reviews

1.1
19 May 2004

Fixes the help:// Safari exploit.

Anonymous
18 May 2004

Most helpful

Haven't tried it, but you have to give kudos to the developer for creating this so quickly.
Like
Version 1.0

Read 19 Don`t go there GURLfriend! User Reviews

Rate this app:

Regular-Warren
14 August 2012
"Don't Go there GURLfriend." Hahaha. 2004 was a magical time for Mac software.
Like
Version 1.1
Anonymous
21 May 2004
Now that apple's released a fix themselves, everyone just click restore at some point, and everything will be as it was. It was a fun ride, and I'm glad to have helped anyone DGTGF helped. Apple's patch seems to be great.
Like
Version 1.1
Anonymous
20 May 2004
(via MacInTouch.com) The simplest fix for the Help system code execution vulnerability is to run the following in Terminal: sudo defaults write /System/Library/CoreServices/Help\ Viewer.app/Contents/Info NSAppleScriptEnabled -bool 'no' This does not stop disk images from downloading but any malicious payload cannot run without user intervention.
Like
Version 1.1
Anonymous
19 May 2004
Hopefully Apple will fix this properly instead of just patching this particular case, by separating the internet type/resource bindings completely away from launchservices.
Like
Version 1.1
Anonymous
19 May 2004
The only thing you need to do is: 1) Open up your moldy old copy of Explorer 5.2 2) Go to preferences->network->protocol helpers and change it to Finder or Chess or whatever 3) Quit Explorer and go back to Safari (5/19/2004, Version: 1.1)
Like
Version 1.1
Anonymous
19 May 2004
I woiuldn not be too complacent about using a Mozilla or other non aplle webkit based browser. I use Firefox as my main browser with the stock security settings. I visited here: http://bronosky.com/pub/AppleScript.htm ...and up popped the help app, followed by a terminal window executing a command I did not tell it to run. Do not assume you are safe unless you have checked to see that you are. Hopefully apple will fix this in a timely fashion before somone nasty decides to do something nasty.
Like
Version 1.0
1 answer(s)
Anonymous
Anonymous
19 May 2004
The only thing you need to do is: 1) Open up your moldy old copy of Explorer 5.2 2) Go to preferences->network->protocol helpers and change it to Finder or Chess or whatever 3) Quit Explorer and go back to Safari
Like
Version 1.1
Anonymous
19 May 2004
Guys, Why don't people just use firefox and disable the helpers in the preferences - I went to the kerberos site mentioned above and all it launched was the help app, not kerberos. I believe that's a fix, no???
Like
Version 1.0
Anonymous
19 May 2004
to see if you are vulnerable, go tho this url: http://tinyurl.com/2lwzk if Kerberos launches, you are vulnerable
Like
Version 1.0
Anonymous
19 May 2004
I am looking at this Safari exploit as Mac users usually look at Windows users when struck with Virus. I use Firefox and am in now way affected by this. I'd recommend Firefox to ANYONE over Safari...best browser in any platform...period.
Like
Version 1.0
2 answer(s)
Anonymous
Anonymous
19 May 2004
Hey moron - it's fundamental to the Mac OS. Safari, IE, Camino, Firefox, Opera, the works!
Like
Version 1.0
Anonymous
Anonymous
19 May 2004
Firefox is admittedly a nice browser, but it runs a little slow, at least on my 800MHz iBook. The latest installment of Camino (0.8b) runs nice and fast.
Like
Version 1.0
Anonymous
19 May 2004
It does what it says. Read the comment below by the developer for extra security.
Like
Version 1.0
Anonymous
18 May 2004
This one only disables a part of the script that runs terminal commands. I wouldn't disable the entire help:// helper entirely, because help viewer and other apps do use it. I would STRONGLY recommend, in addition, unchecking Open "Safe" Files in Safari's preferences. If there's anything else you think this app should do, let me know
Like
Version 1.0
leoofborg
18 May 2004
No, gostcoder, this is a very big deal. The problem is that you can also invoke shell commands. Most X users stay out of the shell and this is a bad thing. So when the 'sploit is run with the shell command: /bin/rm -Rf * Most users won't understand when a term window comes up, and in their name removes, recursively, all their stuff, wtf happened. The help:// uri can be masked by long URLs, hex coding, and other mischief. We should all take this seriously. And Apple SHOULD move their collective *sses.
Like
Version 1.0
Anonymous
18 May 2004
Interesting. This is about as big a security issue as clicking file:///Applications/iTunes.app is a "security issue". Worst thing this "security hole" can do is open files already on your computer, such as you web browser and other benign files. So it can launch the program for you. Even if a website downloaded a file to your computer, the URL call to launch the file would need to contain the path to the user's downloads folder of which there is no way to obtain through remote means. Sounds rather like the MP3concept scare. Just more BS to push a product and freak users out. Nothing to see here people, go back to downloading games and going about your lives.
Like
Version 1.0
Peter da Silva
18 May 2004
I have been warning people for months that Apple's increasing integration of Safari into the OS is a bad idea, and likely to lead to the same kinds of problems that Microsoft has been having in the past 5-10 years with Outlook- and IE- based exploits, and nobody listened. Well, here you have it. Apple: cut this out, make Safari just another application, get rid of most of the "convenience" helper apps and the automatic opening of "safe" documents, get rid of Internet Enabled Disk Images, remove FTP support from Finder, and make Safari responsible for its own FTP access. Otherwise you'll end up in the same swamp as Microsoft.
Like
Version 1.0
4 answer(s)
Anonymous
Anonymous
18 May 2004
Knowing full well that "Apple" does not read these reviews, might I inquire as to whether you have written to Apple, or perhaps posted to their Discussion Forums regarding this matter?
Like
Version 1.0
Anonymous
Anonymous
18 May 2004
Old chap, I've been trying to raise this *everywhere*, not just "these forums", including direct mail to people I know at Apple.
Like
Version 1.0
Anonymous
Anonymous
18 May 2004
you know, you can turn off auto open of safe files... and it wont affect you.
Like
Version 1.0
Anonymous
Anonymous
18 May 2004
This particular exploit has nothing to do with auto-open of safe files. Turning that off won't have any effect on it. The problem here is that there's a single namespace for URLs opened from trusted and untrusted documents.
Like
Version 1.0
Anonymous
18 May 2004
Thanks for the effort, but I disagree that modifying the one copy of OpnApp.scpt inside of Help Viewer fixes the problem. in Terminal... locate OpnApp.scpt | wc -l ...finds 97 copies of OpnApp.scpt on my system. And I custom-installed Mac OS X with only 3 or 4 of the international languages. If you installed all 15 (the default), you have hundreds more. In predictable locations. And let's not limit ourselves to OpnApp.scpt, we can run any script on your machine. If you clicked on this in your WebKit-enabled page-renderer (e.g. Safari), you would run the Current Date & Time script: help:runscript=../../Scripts/Info Scripts/Current Date & Time.scpt Maybe the scripts on your machine are mostly harmless. Then instead we could run one which is delivered to you on a tiny disk image from a web page, which Safari was nice enough to open automatically. Now since we know its path as well, the next link you could click on that webpage could be... help:runscript=/Volumes/DownloadMe/LetsWipeYourDriveHaHa.scpt This exploit requires a more thorough solution that altering a single instance of OpnApp.scpt. Until Apple has a real fix for this, strongly consider redirecting the help: protocol on your machine with a tool like Misfox or Default Apps Preference Pane away from the Help Viewer to an app that won't try to run these scripts. Chess, perhaps. More info: http://forums.macnn.com/showthread.php?s=119f7044429bb4d5788ef6323f4f4e6d&threadid=213043&perpage=50&pagenumber=1
Like
Version 1.0
Anonymous
18 May 2004
Actually this has little to do with the "Help Viewer" and is almost entirely a problem of the "OpnApp.scpt" script, which you can find by Cmd clicking on this link: file:///Library/Documentation/Help/MacHelp.help/Contents/Resources/English.lproj/shrd/ (Sorry for being "English" centric). The easyest way to fix this is by re-naming the "OpnApp.scpt" to sat something like "(dont)OpnApp.scpt. That way when Apple releases a fix you will not looses the functionality. If you do not want this functionality just delete it. You should how ever make sure what ever you do you do it to ALL the languages that are included in the "MacHelp.help" package. After you "dump" the "OpnApp" script it may still open the Help Viewer but no script will run. BTW you could also just dump the Help Viewer if your a Mac GOD and never use it. :-)
Like
Version 1.0
Anonymous
18 May 2004
Would the developer mind telling us what is being changed to fix this? I'm very hesitant to install thrid party fixes to my system without documentation. Whats to stop someone from releasing an app that fixes security issues with HTTP access by perminantly removing the personal web sharing, or "fixes" all Mac OS X bugs simply be deleting the Mac OS? Granted, the issue needs to be addressed, but I'd appreciate knowing exactly what this app changes on my system, what the effect of that change is, and if it is reversable without major trouble or system re-install.
Like
Version 1.0
Anonymous
18 May 2004
Could somebody try this and confirm that it isn't malware? Also, I can confirm that the exploit works with the Firefox browser.
Like
Version 1.0
Anonymous
18 May 2004
Haven't tried it, but you have to give kudos to the developer for creating this so quickly.
Like
Version 1.0
1 answer(s)
Anonymous
Anonymous
18 May 2004
i have not tried it either and it might not work, so... congrats are somewhat premature, no?
Like
Version 1.0