Page 1 of 1

What is a sandbox and why does Nisus Writer adopt it?

Posted: 2015-03-17 11:27:56
by martin
The application sandbox is a system feature that enhances security on your Mac. The sandbox is enforced by the system (Mac OS X / macOS) to prevent unauthorized access to data on your computer.

What are the risks of using an application without sandboxing?
To understand the benefits of sandboxing, it is helpful to understand the risk of running applications that are not sandboxed. Whenever you use an unsandboxed app, you are implicitly giving it permission to access nearly any data on your Mac.

For example, hypothetically some small utility application you use to make custom icons could secretly be reading your emails, scanning your documents for tax payer information, etc. Obviously such an app does not need that kind of access, and you shouldn't have to blindly trust that the app won't abuse its privileges. Even if an app is completely harmless and trustworthy, if it is somehow hacked or has a bug, its access to all your data could be misappropriated.

What are the benefits of sandboxing?
The sandbox prevents an application from accessing files and resources on your Mac, unless you (the user) first grant it permission. A sandboxed app cannot read any files or documents unless you first interact with them. If you choose files or folders in a system dialog, this implicitly grants the application permission to access those items. This lets you be sure that an app does not access any data without your permission. This is ultimately a security benefit.

When an application is sandboxed (like Nisus Writer Pro), you can use such an app with greater confidence.