The videoconferencing industry seems to believe it's necessary to bypass regular OS protections to make the UX "better".
For example: https://www.theverge.com/2019/7/8/20687014/zoom-security-fla... By design, instead of using a URL handler, they run a HTTP server on your machine to bypass the "open with" dialog. There are good reasons not to trust the binaries they ask you to run.
Here, it turns out they offer a web client after all, which is nice and sandboxed, but they default to trying to run a binary on your machine where you have less control over what it does.
> Update, 5:15PM ET July 9th: Zoom has published a blog post detailing its response to this vulnerability, including how it will patch its software and uninstall the webserver it has installed on Macs. More details here, and original story follows.
This is an example. Why would you trust an organisation that engineers "solutions" to security measures but does so without due care and attention leading to a widespread critical security bug?
For example: https://www.theverge.com/2019/7/8/20687014/zoom-security-fla... By design, instead of using a URL handler, they run a HTTP server on your machine to bypass the "open with" dialog. There are good reasons not to trust the binaries they ask you to run.
Here, it turns out they offer a web client after all, which is nice and sandboxed, but they default to trying to run a binary on your machine where you have less control over what it does.