Apple’s Flashback Lesson

By Alex Brooks Flashback trojan Flash installer
Brushed under the carpet or blown out of proportion by the sensational mainstream media? However you think the coverage of the Flashback trojan played out the fact is that Apple handled the whole thing badly. But in typical Apple fashion seems to have scraped through unharmed, I suspect in future they won’t be so lucky.
It all played out much the same way that any major exploit does. For Microsoft if an exploit grabs hold and spreads to tens of millions of Windows computers then it is big news, even if that proportion of install base is relatively quite low. For Apple, who’s reputation of invisible Macs prevails, the story is much the same. The Flashback trojan was said to have spread to over 600,000 Macs worldwide-which is estimated to be about one percent of the install base.

The method of infection was all relatively textbook, some nefarious JavaScript code on a webpage is used to load a Java-applet which will download a fake Flash installer. Safari if set to open “safe files” upon download will open the installer and any unsuspecting user will jump right into thinking it is a real Flash player installer. Once infected the trojan changes a bunch of network settings and attempts to silence network activity detection apps like LittleSnitch. The aim of the trojan is to add the infected Mac to a botnet used for DDoS attacks on websites.
All sounds unfortunately all too common so far and naturally such a trojan’s spread could be stopped by good user education. Installing apps that you haven’t opted to download or install, not opening downloaded files by default, not entering the system password unless 100% sure why, and ensuring you trust all websites visited are just a few ways in which the spread of such trojans could be slowed significantly. But that’s not the case and I know even relatively savvy Mac users who got snagged by Flashback, somehow.
Apple however doesn’t seem to want to take onboard any of these lessons and instead has opted for a worrying tactic that involves saying nothing about the exploit, releasing a patch and removal tool over a week later and assuming it’ll go away. I’m being kind by saying Apple took just over a week to get a handle on this problem, the truth is that Flashback was discovered by Intego in September 2011, long before the infection spread to hundreds of thousands of Macs. For the record Oracle patched the actual Java exploit earlier in the year but Apple opts to bundle such updates into large security updates which it chooses to release intermittently throughout the year.
When Apple did eventually release a patch, with an accompanying invisible removal tool, the company’s tactics became very clear. Apple’s solution to prevent future infections is to disable the automatic execution of Java applets which can be re-enabled by the user. If after a period of time no Java applets have been used then the Java plugin will disable itself again. This is merely patching a still untreated and bleeding wound.
I can almost see Apple huffing and puffing like a teenager who’s been told to do the washing up. Why should Apple spend resources constantly keeping up-to-date with Java patches and whilst we’re on the subject Flash exploits when Macs don’t even come with these installed? I appreciate that’s not quite an oranges to oranges comparison there as Java will offer to install upon detection and Flash will not but the point remains Apple should not try an remove itself from the responsibility for the security of its customers Macs.
The whole Flashback story is marred by a cringeworthy performance from Apple, when one of the largest mainstream news websites in the world covered the Flashback infection Apple “could not” provide a statement. Any communication from the company came through updates on its support website.
There is even a report that anti-virus firms trying to track the botnet servers and block them came up against Apple’s attempts to do the same but ended up with Apple blocking harmless tracking servers. Could very well have been an innocent error but one that a communication channel would certainly fix.
Apple handled this badly but at the end of the day it wasn’t their plugin. I don’t agree that simply disabling the plugin is a solution nor is assuming that because Macs don’t ship with certain plugins that it is seemingly OK to take in excess of three months to patch major vulnerabilities.
However, one day either OS X or iOS will come up against a serious security problem. We’ve had brushes with incidents on iOS in the past and whilst its true that the OS is heavily sandboxed it is not immune from exploits especially as the market share continues to grow. OS X is a much more vulnerable beast, also with a growing market share. An exploit right inside Apple’s code that spreads to hundreds of thousands of devices couldn’t go ignored for six, four or two months not even one week.
Apple has a gold plated reputation of having computers that don’t require clunky anti-virus software and where users can feel safe using the internet as well as mobile devices that alleviate all the concerns that Android users suffer. But chinks in this shiny facade can and will quickly ruin this reputation for a very long time. Just think how you feel about Windows today.

Source: World of Apple

    

Why Sync?

By Alex Brooks iCloud music on iPhone, iPad and Mac
This week the subject of Apple’s cluttered and bloated iTunes app has been on the agenda. Jason Snell over at Macworld originally argued that if Apple is going to embrace the cloud, like it appears to be doing, then iTunes should be simpler. Snell suggests breaking iTunes down into separate apps, “one devoted to device syncing, one devoted to media playback. (And perhaps the iTunes Store could be broken out separately too?)”
Then Federico Viticci at MacStories chimed in with a slightly different take but along the same lines. Viticci’s take moves along a different tangent and one that has been playing on my mind for a few weeks now. The basic premise of Viticci’s argument is why does iTunes need to the hub of all our media and device syncing? Put simpler, why are we still using iTunes?

It’s a great point and evidently Apple feels the same way. Since the inception of iOS 5 and iCloud Apple clearly recognises the importance of moving away from iTunes and moving away from the traditional method of syncing. However Apple has a serious challenge on its hands and whilst you could argue that Apple is the king of stripping away the unnecessaries in life I can’t help but think that pulling iTunes back to basics is one challenge too far.
Like I said though, Apple recognises the problem. When introducing iCloud Steve Jobs used an analogy he had used many years previous when introducing the idea of the digital hub. The premise of the digital hub was a Mac at the centre of a consumer’s digital lifestyle, iTunes for the iPod, iPhoto for the digital camera and iMovie for the camcorder. With time this changed and all those devices were in one device and so slowly all those functions and more were in one app—iTunes.
With iCloud Apple has made it clear that it is rethinking the digital hub strategy and is moving away from the Mac as the centre of the hub to iCloud as the centre of the hub. And Apple has followed its word, take for example just some of these changes that have occurred in well under a year:
– Movies and TV shows purchased on the iTunes Store can now be streamed to an Apple TV from the cloud
– iTunes in the Cloud allows streaming of music from the cloud to iOS devices
– iTunes Match puts an entire music library, purchased from iTunes or not, in the cloud
– Music, books and apps can now automatically propagate to iOS devices and Macs
– iOS device backups are now stored in the cloud
That is just some of the headline changes in Apple’s move to the cloud and most of them are unfortunately counter acted by a lack of change elsewhere. Take for example if I purchase a Season Pass for a TV show on my Mac, iTunes will then attempt to download a lot of data to my Mac when all I want to do is stream to my Apple TV and whilst we’re on the subject I’d like to stream to my iPad, iPhone and Mac as well.
Third-generation Apple TV showing iTunes movies
The solution to all of this feels a long way off and complex. As Jason Snell argues, iTunes needs to be spun off into multiple apps. I argue that the iTunes store (probably shouldn’t be called iTunes anymore) should be a separate app much like the Mac App Store. Then there should be an app that acts a repository for all this content followed by an app that deals with managing iCloud and effectively syncing (Update:Thomas Verschoren even put together some mockups).
But here’s the thing, why sync at all?
Now I know what you’re thinking, Apple can’t deprecate syncing completely. How would an iPhone magically fill itself with music, movies, apps and books? iOS devices already have a tether-less setup process but currently it’s quick and painless covering some of the basics like connecting to WiFi, turning location on and signing into iCloud; it would be a world of pain to then have to then select what music, video, apps and books should be synced to the device.
Streaming of this content isn’t the answer, that’s a good solution for a housebound device like the Apple TV but iPads and iPhones are meant to be out and about away from WiFi and whilst a good LTE connection could easily stream a HD movie that’d be your data allowance for the month gone in a flash.
It also shouldn’t be overlooked that a recorded video on an iPhone can be very large, not even all home broadband connections could cope with uploading a 1GB video to the cloud and then back to all the over devices. Works great for photos (aka Photostream) but it won’t do the job for video.
There is no clear solution but what is needed is a continued push towards everything on iCloud and a concerted effort to stop the reliance on iTunes and begin stripping it of features. Unfortunate if recent rumours are true it would appear that the iCloud manager that is required so urgently will instead be built into iTunes 11 and not just into the OS or as a separate app.
On the bright side Tim Cook has said that he sees iCloud as a long term strategy, hopefully one day iTunes will be my go to place for playing music and that’s it.

Source: World of Apple

    

Mercurial

By Alex Brooks Walter Isaacson speaks at The Royal Institution in London
In a most auspicious setting Walter Isaacson took to the floor last night to talk about his 2011 biography of Steve Jobs. Having visited Amsterdam and Oxford this week on a whistle stop tour promoting the book it was particularly notable that Isaacson’s visit to London found him in a location that is special for all sorts of reasons but particularly in reference to science of which Isaacson’s past biography subjects include Einstein and Franklin.
Taking place in the famed lecture theatre of The Royal Institution in Mayfair, Isaacson set off the session retelling much of what is present in the biography of Jobs that was released not long after his death in October 2011. Mercurial is a word that pops up a lot when trying to create a summary of Jobs but according to Isaacson Jobs was a fan of the word.

When telling about his first encounter with Steve Jobs in 1984 Isaacson explains that whilst at Time magazine Jobs had come in to demonstrate the Macintosh. Whilst Isaacson was the only one using a computer the rest of the magazine was still stuck with typewriters, according to Isaacson Jobs had him looking at the display of the Macintosh with an artist’s loupe inspecting every pixel.
It was this encounter that Jobs spoke of wanting to get the Oxford English dictionary on the Macintosh and had looked up mercurial and seen it describe someone who is prone to “sudden or unpredictable changes of mood or mind”, it was not this that attracted Jobs to the word but in fact the antonym which suggests “calm, tranquil and unchangeable”.
During the same encounter Jobs demonstrated his mercurial spirit by suddenly becoming aggravated as to why Time magazine hadn’t made him ‘Man of the Year’.
Much of Isaacson’s book of Jobs focuses on his love of simplicity and the same rang true during Isaacson’s 30 minute opening piece in which he described Jobs as having a passion to drive people to do things that weren’t previously thought possible and that Jobs recognised the importance of “connecting beauty to technology”.
Amongst a number of anecdotes about Jobs’ attention to detail Isaacson brings up the story of the iPod’s on/off button, or lack of. Jobs according to Isaacson went into a meeting during the iPod’s creation and asked the design “what the fuck is that?” pointing at the off button, after an uncomfortable silence someone answered saying that it was and on/off switch, Jobs retorted “what does it do?”
Much later on whilst Isaacson and Jobs were talking in the Apple founder’s backyard the question of life and death came up. Jobs expressed much of his Buddhist beliefs that life is a spiritual journey and it’s important to put something back into the flow of history. Jobs then said after a long pause that maybe it all ends just like an off switch, click and it’s over. Then with a little expressed, maybe that’s why I don’t like putting them on Apple products.
Tim Cook speaks at a celebration held in memory of Steve Jobs
Once Isaacson had spoke a bit about the the writing of the biography and restating many of the anecdotes inside he sat down with Roger Highfield for a quick interview and then questions were opened to the floor.
First up was Wikipedia founder Jimmy Wales who asked Isaacson that if he could question Jobs on anything else now what would it be? Isaacson gave no specific example but mentioned that one subject he could not get Jobs to talk about was philanthropy despite Jobs’ wife having setup College Track and serving as its president.
Much like as is outlined in Isaacson’s book he states that Apple’s focus is on digital photography, textbooks and the TV market. Expanding very little on what is already known Isaacson did say that Jobs would have wanted a very integrated system offering whatever you want when you want it.
On the same day that Isaacson spoke in London Google CEO Larry Page had an interview on Bloomberg’s Businessweek and claimed that the differences over Android and iOS were “all for show”. Isaacson disputes this referring back to when Mac OS and Windows were having a similar show down, Jobs believed that Gates and stolen a lot of Apple’s hard work and had then begun licensing it to hardware manufacturers.
According to Isaacson Jobs saw what is happening with Android as a repetition of history, that Android stole much of Apple’s hard work and is now licensing it how to “junky” hardware manufacturers.
Isaacson admits that Jobs was emotional about this, the success of Windows saw his time at Apple come to an end in the 80′s and that his reactions will have be channeled through those emotions. Isaacson says that Tim Cook is less emotional and will deal with the lawsuits and Android differently.
I got the chance to ask Isaacson about those recordings he has of Jobs from their many interviews and whether any revisions are planned to the book. Isaacson told me that most of the interviews are actually in note form and releasing the few interview tapes would be difficult as they’d need some censoring.
More interesting though was Isaacson’s take on any future revisions or additions to the book. At first the answer seemed to be a strong no, expanding upon it Isaacson suggested that the missing bits, or lack of colour in some areas, in the biography would most likely be filled in by biographies of other key figures at Apple. I’m skeptical of how many copies a biography of Jony Ive or Phil Schiller would sell.

Source: World of Apple

    

Tip: How to rotate screen on Mac.

By roman Sometimes for whatever reason you may need to rotate the screen, unfortunately Apple does not provide an obvious switch. To rotate the screen open System Preferences from the dock, and hold down Option and Command as you click on Displays. … Continue reading →

Source: MacTip.net

  

Just another Mac Tips site