You can only do this if you are a registered developer (I know because I am one.)
You can only install your friend's app if he adds you to he too is a developer certificate.
Actually, you can install his stuff (if he is a developer that added your device under his provisioning profile) even if you are not a developer, but you cant install your own stuff without you being a developer yourself.
Heck, even if you are a developer you must add your own devices to your profile, and there is a limit to how many devices you can add (arguably it's high enough to have all your friends devices registered.)
You can't just download software written by strangers and add it to your device, though.
Oh, if you are a corporation with a much more expensive (although not prohibitive) corporate program, you don't have a device limit (either that or its a frigging large limit) and you can even remotely push software and updates, but this is not in the realm of the common guy and still subject to Apple's blessing.
But you can install anything you want on the device and use whatever APIs are available.
No you can’t, not without hammering down the OS with a jailbreak. That's like saying banks allow anyone to withdraw as much money as they want with a bit of dynamite placing on the vault.
As a developer I can actually install any app (I compile and sign myself) but even that will be limited to the certificate lifetime.
Article is talking WinRT, which is the equivalent of iOS.
iOS IS restrictive, and Microsoft is aiming exactly for that. Actually... not exactly. From what I read, Microsoft will allow third party browsers, with third party HTML and JavaScript engines (something Apple does not allow.) The issue is in restricting some APIs required for JIT, and that will give third party browsers a heavy performance penalty.
So as much as I tend to be on Apple's side, this is nowhere near as restrictive as Apple's stance.
I pick the same way on all third party run-time environments. Flash, Silverlight, Java, heck the browsers get a bit of slack because:
1) They get updated very often 2) I would be a Luddite if I don't have at lest one installed.
I don't need third party run-times. Java is not on my system anymore. Nor is Flash. Thanks to the wonders of standardization (sarcasm), every time a website requires flash I launch it on my phone to get a standard HTML version that does not.
Funny story: "recently" I got a PC game at Target (Deus Ex, wanted the OnLive free bonus.) I was not able to install it because I was not even able to open my CD Drive. I opened up my PC to find that all metallic pieces had sort of rusted into place since I had not ever used the drive since the last Windows install, which happened several years back (don't recall date but I recall it was several months before Win7 SP 1 came out.)
They allow "media playback", it's only DVD and Blu-ray physical media that they wont be doing the playback out of the box. Why? Because these formats are not free or open. There is a licensing cost involved, and it’s paid on a per-sold-copy basis. By not including the functionality in the box, they do two things:
1) They don't force those that don't care for it to pay the extra cost 2) They, accidentally, encourage the growth of more open and free media formats.
Script kiddies screwed up the meaning, taking open source hacks from repository and going out to destroy every computer and deface every page they can, all in while calling themselves also "hackers."
For every "old school" hacker, there are about 20 script kiddies. Since they outnumber the legitimate hackers, and they call themselves so... well... it IS a democracy. They took it. It's theirs. Hacker is now synonymous with idiotic kid that does illegal computing activities.
We all know these religious zealots hate pornography! This must mean the reason they are doing this is instead to terrorize US citizens!!! How? From now on the TSA will request all pornography in your laptop or smartphone be carefully analyzed, frame by frame, before you board your flight!!! They may simply force you to trash your smartphones, laptops and tablets just like they do with your coke!
Conspiracy Theory B: This was hoaxed by the TSA themselves so they have legal reasons to confiscate cool looking laptops, new top of the line smart phones, and expensive tablets!
I got to say, it sounds extremely odd that there were no more eyes. Google is a company that has a price tag on how much every signle web search executed by a user cost them, in energy and equipment degradation. They have specially manufactured cpus that can run hot so they can conserve as much heat as they can.... but in all those years, even in the initial test run... no one noticed the cars where filling their hard-drives WAY too fast?
This takes me back about 7 years ago in a contract involving 3 parties. Client, contractor and a sub-contractor. In a meeting, the usually incompetent IT manager employed by the client to run their data center, asks our sub-contractor "why is the database growing at a rate of 1GB per day?" The sub-contractor was clueless and we shocked. Sure, we perhaps should had noticed.... (BTW, reason for the growth: zero normalization. I kid you not, these guys had absolutely no normalized tables at all, and nearly every field indexed.)
My point is: unexpected bursts in data storage are too easy to notice, because the first time hard drives fill up and windows (or whatever OS they use) shouts for air... well... some one will notice.
But these are not morons... these are Google engineers... the ones that have quantified the cost of a search to the atomic level. I'm sure more than just an unnamed "rogue engineer" was very aware of this.
Interesting tidbit I noticed: only about 1% of macs were infected by flashback.
From the users than installed the free antivirus (that appears to also be spyware) 2.7% had flashback.
My theory? Users that installed this thing re 170% more likely to get infected by a trojan than the average mac user. They are also likely to have an inbox full of exe attachments.
I uninstalled Chrome from my computer because I got pissed off at their virus-like approach at updates. I guess I can now also uninstall Firefox for the same (or worse) reason.
1) Macs install java in a nearly transparent fashion the first time you encounter it (I have it on my new iMac with Lion and have no clue when it got installed.)
2) Your setting for Java applets is not the default (or at least not the default at the time of the virus spreading, the defaults changed due to the virus)
BTW, this iMac did not get infected with Flashback, Im certain due to it avoiding me since I run Xcode.
Oracle is not to blame on this one, Apple is not supporting it but they are still the ones distributing the updates. It was reported that Oracle did it's part and provided Apple with the update back in February. Apple dragged it's feet on releasing it. Thats why this story is so annoying. I'm one that will usually take Apple's side on arguments (because I honestly think they are right in those topics) but I can't stand by Apple on this one. They really fucked up.
I've been working on my same Windows installation going on 2 years now with only Windows Defender and UAC enabled and haven't had any issues and I consider myself an expert Windows user.
Firefox+NoScript helps alot as well.
How can you be sure you have no virus hiding away? If you have Microsoft Security Essentials I'd say your chances are high of having a safe Windows installation, since it's as good of a virus scanner as any other out there. If you update often also you are low risk.
But without any virus scanner, how can you be sure you don't have a silent virus? It seems many think that they are virus free if they don't have porn pop-ups showing up every few minutes.
These are not all really security practices. Just having XCode (Apple's IDE) installed (something every single MacOSX developer will do) was enough to avoid Flashback. But this is not because the tools added any security at all; instead this was the virus being "smart" and staying away of any machine that had the tools that would more likely expose its own existence.
Basically "this guy MAY be smart, let me get out of here." And it worked; the virus was spotted 2 months late by someone in Russia monitoring botnets, not by anyone from a Mac.
At the end of the day, despite the gargantuan security hole (and it was huge) the virus only infected 1% of active Macs. No anti-virus was able to detect the thing. I dare bet this has more to do with the virus avoiding coders. Had it gone free-for-all, it may had been discovered earlier but it also likely had affected up to 10% of the macs out there.
The only actual security measure anyone would had been able to do to avoid something like this would had been to disable Java entirely, something few Mac users do. On the other hand, OSX does not come with Java. On the other other hand, it will happily download it from Apple (not Sun) the first time the browser meets a Java applet.
What to get out of this? Apple fucked up, and third party code execution environments are huge security holes.
P.S.=> Linux Security Blunders DOMINATE in 2011-2012, despite all/. "FUD" for years saying "Linux = SECURE" (what bs that's turning out to be, especially on ANDROID where it can't hide by "security-by-obscurity" anymore & is in the hands of non-tech users galore - & EXPLOITS ARE EXPLODING ON ANDROID, nearly daily)
... apkLinux
Nice roundup of articles, but at the end of the day anyone that uses a blanket statement like "Linux = secure" is as stupid as anyone that says Macs are virus-proof.
I know Linux server admins, and all of them take security seriously and acknowledge they are as vulnerable as any other OS if you just lay back and look at them pretty. You have to make sure they are updated, secure, and properly configured for your needs with minimal permissions granted to processes that need them.
I'm sorry; I love my Macs BUT this last Flasback virus would easily get into your computer without doing anything. All you had to do was visit a page with the virulent java applet for your computer to be infected. Once infected it may attempt to ask a password off you to dive further into your system, but even ignoring it did nothing, the virus was fully active in your system.
Some tech geeks love to think "I'm too smart for me to be infected", and blame anyone with a virus of being stupid. Ironically, those tech geeks" tend to be some of the most vulnerable users for real virus infections, since they refuse to use any anti-virus solution because it will "slow down their system" or patch their systems with latest updates because "it's working fine and I know what I'm doing."
That’s how viruses actually work. Everything that requires you to do something to accept it is qualified as a Trojan. No amount of tech savvinnes makes anyone less likely to get virus infections (unless you are savvy enough to update asap and run some form of antivirus.)
THAT being said: 0.7% flashback victims were Linux machines 0.6% flashback victims were Windows 7 or Windows 8 PCs 0.3% flashback victims were FreeBSD 0.5% flashback victims were machines running an unidentified OS.
How on Earth does Linux got more Flashback infections than Windows??? Hint: I said why above. At least Macs have the excuse of Apple negligence at patching the vulnerability.
Although you can say I'm technically inclined, I didn't touch a computer until I was 20, my older brother was about 26 when he first touched one.
My mother just started using computers two years ago, at 65, and has the common sense of refusing to enter cc information anywhere without first consulting with someone to make sure "the coast is clear." Similar story with my father.
Seeing how I am surrounded by people that didnt grow with computers, I can say that alone is no excuse. Even if you don't get computers, everyone "gets" the vulnerability of credit cards, unless the individual is drastically stupid.
And remember: at the end of the day Apple gave this guy his money back, as they should. This entire argument is over how far should any entity be forced to nanny retarded people so they don't ever feel any form of distress, even of its reparable.
Obviously, this is slashdot, there is no room for objective Apple comments here, and anything that does not insult Apple is the result of rabid chronic fanboism.
Scan the entire page and you will see a bunch of trolls, one that even dares bring up Mike Daisey's "testimonials" as evidence that Apple is eeeeeeeviillllll.
Slashdot Mirror
Like the Weekly World News, once in a while, they do get lucky and print a real story.
In its own tax filings, Apple reported these tax rate figures paid in the last three years: “approximately 24.2%, 24.4% and 31.8% for 2011, 2010 and 2009, respectively.”
You can only do this if you are a registered developer (I know because I am one.)
You can only install your friend's app if he adds you to he too is a developer certificate.
Actually, you can install his stuff (if he is a developer that added your device under his provisioning profile) even if you are not a developer, but you cant install your own stuff without you being a developer yourself.
Heck, even if you are a developer you must add your own devices to your profile, and there is a limit to how many devices you can add (arguably it's high enough to have all your friends devices registered.)
You can't just download software written by strangers and add it to your device, though.
Oh, if you are a corporation with a much more expensive (although not prohibitive) corporate program, you don't have a device limit (either that or its a frigging large limit) and you can even remotely push software and updates, but this is not in the realm of the common guy and still subject to Apple's blessing.
But you can install anything you want on the device and use whatever APIs are available.
No you can’t, not without hammering down the OS with a jailbreak. That's like saying banks allow anyone to withdraw as much money as they want with a bit of dynamite placing on the vault.
As a developer I can actually install any app (I compile and sign myself) but even that will be limited to the certificate lifetime.
Article is talking WinRT, which is the equivalent of iOS.
iOS IS restrictive, and Microsoft is aiming exactly for that. Actually... not exactly. From what I read, Microsoft will allow third party browsers, with third party HTML and JavaScript engines (something Apple does not allow.) The issue is in restricting some APIs required for JIT, and that will give third party browsers a heavy performance penalty.
So as much as I tend to be on Apple's side, this is nowhere near as restrictive as Apple's stance.
I pick the same way on all third party run-time environments. Flash, Silverlight, Java, heck the browsers get a bit of slack because:
1) They get updated very often
2) I would be a Luddite if I don't have at lest one installed.
I don't need third party run-times. Java is not on my system anymore. Nor is Flash. Thanks to the wonders of standardization (sarcasm), every time a website requires flash I launch it on my phone to get a standard HTML version that does not.
This article was brought to you by your friendly neighbor Oracle!
Slashdot's comment section is more about cathartic bashing than insightful commentary.p>
You are reading it wrong. :P
Funny story: "recently" I got a PC game at Target (Deus Ex, wanted the OnLive free bonus.) I was not able to install it because I was not even able to open my CD Drive. I opened up my PC to find that all metallic pieces had sort of rusted into place since I had not ever used the drive since the last Windows install, which happened several years back (don't recall date but I recall it was several months before Win7 SP 1 came out.)
They allow "media playback", it's only DVD and Blu-ray physical media that they wont be doing the playback out of the box. Why? Because these formats are not free or open. There is a licensing cost involved, and it’s paid on a per-sold-copy basis. By not including the functionality in the box, they do two things:
1) They don't force those that don't care for it to pay the extra cost
2) They, accidentally, encourage the growth of more open and free media formats.
Script kiddies screwed up the meaning, taking open source hacks from repository and going out to destroy every computer and deface every page they can, all in while calling themselves also "hackers."
For every "old school" hacker, there are about 20 script kiddies. Since they outnumber the legitimate hackers, and they call themselves so... well... it IS a democracy. They took it. It's theirs. Hacker is now synonymous with idiotic kid that does illegal computing activities.
If this was the reason why brick and mortar stores are dying, Amazon would had been bankrupt by now due to their censorship of "adult material". Not to mention Apple.
No, brick and mortar is dying because we are too lazy to drive to buy stuff, we can just pay to download or have the mailman bring us our orders.
Mind you: not saying I agree with this at all, just noting that it's not at all the reason they are dying.
We all know these religious zealots hate pornography! This must mean the reason they are doing this is instead to terrorize US citizens!!! How? From now on the TSA will request all pornography in your laptop or smartphone be carefully analyzed, frame by frame, before you board your flight!!! They may simply force you to trash your smartphones, laptops and tablets just like they do with your coke!
Conspiracy Theory B:
This was hoaxed by the TSA themselves so they have legal reasons to confiscate cool looking laptops, new top of the line smart phones, and expensive tablets!
I got to say, it sounds extremely odd that there were no more eyes. Google is a company that has a price tag on how much every signle web search executed by a user cost them, in energy and equipment degradation. They have specially manufactured cpus that can run hot so they can conserve as much heat as they can. ... but in all those years, even in the initial test run... no one noticed the cars where filling their hard-drives WAY too fast?
This takes me back about 7 years ago in a contract involving 3 parties. Client, contractor and a sub-contractor. In a meeting, the usually incompetent IT manager employed by the client to run their data center, asks our sub-contractor "why is the database growing at a rate of 1GB per day?" The sub-contractor was clueless and we shocked. Sure, we perhaps should had noticed.... (BTW, reason for the growth: zero normalization. I kid you not, these guys had absolutely no normalized tables at all, and nearly every field indexed.)
My point is: unexpected bursts in data storage are too easy to notice, because the first time hard drives fill up and windows (or whatever OS they use) shouts for air... well... some one will notice.
But these are not morons... these are Google engineers... the ones that have quantified the cost of a search to the atomic level. I'm sure more than just an unnamed "rogue engineer" was very aware of this.
Interesting tidbit I noticed: only about 1% of macs were infected by flashback.
From the users than installed the free antivirus (that appears to also be spyware) 2.7% had flashback.
My theory? Users that installed this thing re 170% more likely to get infected by a trojan than the average mac user. They are also likely to have an inbox full of exe attachments.
I uninstalled Chrome from my computer because I got pissed off at their virus-like approach at updates. I guess I can now also uninstall Firefox for the same (or worse) reason.
That leaves me with IE, Safari and Opera...
1) Macs install java in a nearly transparent fashion the first time you encounter it (I have it on my new iMac with Lion and have no clue when it got installed.)
2) Your setting for Java applets is not the default (or at least not the default at the time of the virus spreading, the defaults changed due to the virus)
BTW, this iMac did not get infected with Flashback, Im certain due to it avoiding me since I run Xcode.
Oracle is not to blame on this one, Apple is not supporting it but they are still the ones distributing the updates. It was reported that Oracle did it's part and provided Apple with the update back in February. Apple dragged it's feet on releasing it. Thats why this story is so annoying. I'm one that will usually take Apple's side on arguments (because I honestly think they are right in those topics) but I can't stand by Apple on this one. They really fucked up.
I've been working on my same Windows installation going on 2 years now with only Windows Defender and UAC enabled and haven't had any issues and I consider myself an expert Windows user.
Firefox+NoScript helps alot as well.
How can you be sure you have no virus hiding away? If you have Microsoft Security Essentials I'd say your chances are high of having a safe Windows installation, since it's as good of a virus scanner as any other out there. If you update often also you are low risk.
But without any virus scanner, how can you be sure you don't have a silent virus? It seems many think that they are virus free if they don't have porn pop-ups showing up every few minutes.
It didn't. It attempted the user to enter a password to dive deeper into the system, but it was perfectly functional without the extra priviledges.
These are not all really security practices. Just having XCode (Apple's IDE) installed (something every single MacOSX developer will do) was enough to avoid Flashback. But this is not because the tools added any security at all; instead this was the virus being "smart" and staying away of any machine that had the tools that would more likely expose its own existence.
Basically "this guy MAY be smart, let me get out of here." And it worked; the virus was spotted 2 months late by someone in Russia monitoring botnets, not by anyone from a Mac.
At the end of the day, despite the gargantuan security hole (and it was huge) the virus only infected 1% of active Macs. No anti-virus was able to detect the thing. I dare bet this has more to do with the virus avoiding coders. Had it gone free-for-all, it may had been discovered earlier but it also likely had affected up to 10% of the macs out there.
The only actual security measure anyone would had been able to do to avoid something like this would had been to disable Java entirely, something few Mac users do. On the other hand, OSX does not come with Java. On the other other hand, it will happily download it from Apple (not Sun) the first time the browser meets a Java applet.
What to get out of this? Apple fucked up, and third party code execution environments are huge security holes.
APK
P.S.=> Linux Security Blunders DOMINATE in 2011-2012, despite all /. "FUD" for years saying "Linux = SECURE" (what bs that's turning out to be, especially on ANDROID where it can't hide by "security-by-obscurity" anymore & is in the hands of non-tech users galore - & EXPLOITS ARE EXPLODING ON ANDROID, nearly daily)
... apkLinux
Nice roundup of articles, but at the end of the day anyone that uses a blanket statement like "Linux = secure" is as stupid as anyone that says Macs are virus-proof.
I know Linux server admins, and all of them take security seriously and acknowledge they are as vulnerable as any other OS if you just lay back and look at them pretty. You have to make sure they are updated, secure, and properly configured for your needs with minimal permissions granted to processes that need them.
To add (thanks for the edit button, slashdot!)
Source of the numbers
I'm sorry; I love my Macs BUT this last Flasback virus would easily get into your computer without doing anything. All you had to do was visit a page with the virulent java applet for your computer to be infected. Once infected it may attempt to ask a password off you to dive further into your system, but even ignoring it did nothing, the virus was fully active in your system.
Some tech geeks love to think "I'm too smart for me to be infected", and blame anyone with a virus of being stupid. Ironically, those tech geeks" tend to be some of the most vulnerable users for real virus infections, since they refuse to use any anti-virus solution because it will "slow down their system" or patch their systems with latest updates because "it's working fine and I know what I'm doing."
That’s how viruses actually work. Everything that requires you to do something to accept it is qualified as a Trojan. No amount of tech savvinnes makes anyone less likely to get virus infections (unless you are savvy enough to update asap and run some form of antivirus.)
THAT being said:
0.7% flashback victims were Linux machines
0.6% flashback victims were Windows 7 or Windows 8 PCs
0.3% flashback victims were FreeBSD
0.5% flashback victims were machines running an unidentified OS.
How on Earth does Linux got more Flashback infections than Windows??? Hint: I said why above. At least Macs have the excuse of Apple negligence at patching the vulnerability.
Although you can say I'm technically inclined, I didn't touch a computer until I was 20, my older brother was about 26 when he first touched one.
My mother just started using computers two years ago, at 65, and has the common sense of refusing to enter cc information anywhere without first consulting with someone to make sure "the coast is clear." Similar story with my father.
Seeing how I am surrounded by people that didnt grow with computers, I can say that alone is no excuse. Even if you don't get computers, everyone "gets" the vulnerability of credit cards, unless the individual is drastically stupid.
And remember: at the end of the day Apple gave this guy his money back, as they should. This entire argument is over how far should any entity be forced to nanny retarded people so they don't ever feel any form of distress, even of its reparable.
And yet, I was MODDED DOWN for my trouble...
Obviously, this is slashdot, there is no room for objective Apple comments here, and anything that does not insult Apple is the result of rabid chronic fanboism.
Scan the entire page and you will see a bunch of trolls, one that even dares bring up Mike Daisey's "testimonials" as evidence that Apple is eeeeeeeviillllll.