Right, as I suspected. (I really didn't touch Mac OS after about 7.5, and am just re-investigating as of 10.3.)
Part of my point is that past history of Mac OS isn't helpful when evaluating OS X.
This is rather analogous to Win9X vs. the NT family. Windows 9X didn't have many services, while NT did. So, even though NT is "more secure" in some senses, it makes it more remotely attackable.
In the same sense, OS X is a much wider remote target now.
There's a reason that heuristic scanners aren't used in practice.
No, had they been serious about their contest (and it seems apparant now that they were not) then they should have been talking about tripwire databases, and forensic disk images.
No the article doesn't say that explicitly, you'd have to understand how viruses spread, and make a logical connection to get there.
Let me help you out.
Here's my paraphrasing of the individual claims, from memory. I'd quote better, but oh look, they've cancelled already.
-We have two Macs on different Internet connections. We won't tell you the IPs. -We're going to check for the next couple of months and see if they are infected, just by being on the Internet. -(Vague statements about being successful enough in the wild)
Leaving alone the email vector, which I've agreed elsewhere is(was) viable, how do the viruses get onto their two Macs? Has to be both, mind you.
Prior to OS X, the Mac OS had no security model. I.e. any process on the machine could molest the entire disk and memory. Just like WIn9x. So, if security is the sole determinant of who gets all the viruses, why weren't there more for OS 9 and below?
Now that's interesting.. I did a similar experiment a while back
If you only read the headline, you might think I was agreeing with your position. However, my results were that the SP2 box went untouched for a couple weeks. And that none of the boxes that were infected had spyware, they had worms. It's also extremely rare that spyware gets on via any other mechanism besides web browsing.
So, I'd be curious to see the data you have to back up your claim.
They are trying to determine the "success" of a virus by finding that it has infected two specific machines. Which means that it has spread to enough other Macs that it got to theirs.
They have left an actual practical vector, with the email route. See my other note about that.
If they gave the IPs for the Macs in question, you could go fo that route. There are ways to find out of course, but that doesn't seem to be what they are after, by my reading. Who wants to start attacking random Macs, on the assumption that they are the right ones? Well, and be able to claim the prize after...
They HAVE actually left a practical attack vector, should someone want to try. They will accept email, but not open attachments. They have left open the vector of client-side holes in their email app(s). Were I going to try, that's how I'd do it.
Yes, at one point I traded a couple of emails with one of the slashdot guys (Hemos? Taco?) about a book review. This was when it was somewhat early in the process for them, and I had sent a couple of books to them, and they were going to find a reviewer. At the time I was told that they had an explict policy of not posting bad book reviews. I guess that changed at some point. I DO think there is utility in unfavorabe reviews. I just don't think there was in this instance.
Indeed. In fact, I didn't actually have an Apple ][, I had a Golden ][. Even at 12 years old, I was aware I had an illegal clone due to copyright violations.
But I specifically meant the Apple I monitor. Woz says that he gave that code away in the Homebrew Computer Club, so he considers it to be usable by anyway. Granted, Apple and Woz don't always agree on those fine points, but I suspect there will be no issue here.
I find the reviewer to be confused, unclear, and unnecessary.
He seems unclear on what is typically said in a foreword, especially by someone like Woz. He doesn't seem to understand why an unrelated Mac chapter might be added as an appendix.. it's there because Apple hackers might find it entertaining. It's a free bonus.
I found the first chapter, the one about the Apple I history, to be essential and appropriately placed at the beginning. I started with the Apple ][, and I had always assumed that the Apple I was similar, i.e. standardized, came with basic, etc... instead, Chapter 1 has cleared up the fact that nearly all owners customized their Apple Is. It also tells why the serial board was popular, and hence why you might want one for the Replica I. It tells what was up with the different RAM amounts, BASIC, and so on.
To be fair, I only got a couple of chapters into my copy before I had to give it away to a Mac enthusiast (who used to work at Apple) who wanted it to have an electronics project for his kids. My replacement copy is on the way, maybe I'll write a proper review and see if Slashdot will take it. Note: for the conspiracy theorists, I often write for Syngress, though I had nothing to do with this book. Assume I'm a shill if you must.
Also, I see a few talking about Apple suing and such. I doubt that will happen. Syngress is generally pretty careful about that. Woz gave his blessing for the use of the ROM monitor, and the book states that Apple had given over support of the Apple I to the Apple I Owners Club anyway.
Looks like you're correct, thanks for catching that. I had gotten the impression that the 1-3 gen were single-core chipsets. In fact, they are dual core just like the 4Gs. The earlier ones are rated to 90Mhz, while the 4G is only rated to 80Mhz.
I looked up the spec sheets to double-check my info (and realized I was wrong.) Here they are in case anyone else wants to check them out:
Nice. Yeah, there's no problem at all reading the memory on the iPod once you have your code running. The files that go on during an update are encrypted, but they get decrypted in order to go to flash, so they are there in the clear.
Now, I understand the Nintendo DS is a bit closer to your situation...
Yes. At the time, the only bit of hardware he knew how to control was the piezo. In the PP5020 models, most of the hardware is at a different address, so the knowledge from previosu models was of limited use. The existing iPodLinux would essentially die right away on the 4Gs and above.
Now that he has dumped the firmware, he knows where most of the other hardware is mapped.
Slashdot Mirror
Right, as I suspected. (I really didn't touch Mac OS after about 7.5, and am just re-investigating as of 10.3.)
Part of my point is that past history of Mac OS isn't helpful when evaluating OS X.
This is rather analogous to Win9X vs. the NT family. Windows 9X didn't have many services, while NT did. So, even though NT is "more secure" in some senses, it makes it more remotely attackable.
In the same sense, OS X is a much wider remote target now.
Exactly.
There's a reason that heuristic scanners aren't used in practice.
No, had they been serious about their contest (and it seems apparant now that they were not) then they should have been talking about tripwire databases, and forensic disk images.
OS X consists of a full unix, and essentially another OS for Mac compatibility.
So, were the two combined in such a way as to have half the vulnerabilities, twice as many vulnerabilities, or about the same?
How is it crunchy on the outside? Firewalls? IPSec? SSH? That sort of thing?
Or do you perhaps mean that it lacked Internet-reachable external services?
Hey look, the contest has been cancelled already.
http://www.dvforge.com/virus.shtml
No the article doesn't say that explicitly, you'd have to understand how viruses spread, and make a logical connection to get there.
Let me help you out.
Here's my paraphrasing of the individual claims, from memory. I'd quote better, but oh look, they've cancelled already.
-We have two Macs on different Internet connections. We won't tell you the IPs.
-We're going to check for the next couple of months and see if they are infected, just by being on the Internet.
-(Vague statements about being successful enough in the wild)
Leaving alone the email vector, which I've agreed elsewhere is(was) viable, how do the viruses get onto their two Macs? Has to be both, mind you.
Prior to OS X, the Mac OS had no security model. I.e. any process on the machine could molest the entire disk and memory. Just like WIn9x. So, if security is the sole determinant of who gets all the viruses, why weren't there more for OS 9 and below?
Never seen the movie. Apologies for making you have to explain your joke.
I don't know who they are. Does this revelation support my claim that this contest is stupid? :)
:)
Yes, I was thinking along the same lines. "It's almost as if they are trying to *avoid* giving away the $25,000-$50,000"
I'm sorry, it doesn't appear that your browser properly supports the sarcasm tags in my post.
Now that's interesting.. I did a similar experiment a while back
If you only read the headline, you might think I was agreeing with your position. However, my results were that the SP2 box went untouched for a couple weeks. And that none of the boxes that were infected had spyware, they had worms. It's also extremely rare that spyware gets on via any other mechanism besides web browsing.
So, I'd be curious to see the data you have to back up your claim.
Yes, (two) would be a subset of (all).
They are trying to determine the "success" of a virus by finding that it has infected two specific machines. Which means that it has spread to enough other Macs that it got to theirs.
They have left an actual practical vector, with the email route. See my other note about that.
If they gave the IPs for the Macs in question, you could go fo that route. There are ways to find out of course, but that doesn't seem to be what they are after, by my reading. Who wants to start attacking random Macs, on the assumption that they are the right ones? Well, and be able to claim the prize after...
They HAVE actually left a practical attack vector, should someone want to try. They will accept email, but not open attachments. They have left open the vector of client-side holes in their email app(s). Were I going to try, that's how I'd do it.
Guts for whom? The virus author who has the balls to infect every Mac, and then claim responsibility?
This has got to be one of the stupidest contests of this type I've heard about.
1) If a virus has spread over every Mac on the Internet, then it's harmful.
2) Many people would say that ANY virus is harmful, just by virtue of it being a virus (spreading, infecting.)
3) I'm so sure it's worth $50,000 for Symantec to finally put that "Antivirus companies don't write viruses" myth to bed.
4) We're going to use antivirus software to determine if we've been infected... which will only catch previously known viruses.
5) Hey you guy that wrote the virus that spread to every Mac on the Internet: just identify yourself afterwards, and we'll pay you.
Thanks.
Yes, at one point I traded a couple of emails with one of the slashdot guys (Hemos? Taco?) about a book review. This was when it was somewhat early in the process for them, and I had sent a couple of books to them, and they were going to find a reviewer. At the time I was told that they had an explict policy of not posting bad book reviews. I guess that changed at some point. I DO think there is utility in unfavorabe reviews. I just don't think there was in this instance.
Indeed. In fact, I didn't actually have an Apple ][, I had a Golden ][. Even at 12 years old, I was aware I had an illegal clone due to copyright violations.
But I specifically meant the Apple I monitor. Woz says that he gave that code away in the Homebrew Computer Club, so he considers it to be usable by anyway. Granted, Apple and Woz don't always agree on those fine points, but I suspect there will be no issue here.
I find the reviewer to be confused, unclear, and unnecessary.
He seems unclear on what is typically said in a foreword, especially by someone like Woz. He doesn't seem to understand why an unrelated Mac chapter might be added as an appendix.. it's there because Apple hackers might find it entertaining. It's a free bonus.
I found the first chapter, the one about the Apple I history, to be essential and appropriately placed at the beginning. I started with the Apple ][, and I had always assumed that the Apple I was similar, i.e. standardized, came with basic, etc... instead, Chapter 1 has cleared up the fact that nearly all owners customized their Apple Is. It also tells why the serial board was popular, and hence why you might want one for the Replica I. It tells what was up with the different RAM amounts, BASIC, and so on.
To be fair, I only got a couple of chapters into my copy before I had to give it away to a Mac enthusiast (who used to work at Apple) who wanted it to have an electronics project for his kids. My replacement copy is on the way, maybe I'll write a proper review and see if Slashdot will take it. Note: for the conspiracy theorists, I often write for Syngress, though I had nothing to do with this book. Assume I'm a shill if you must.
Also, I see a few talking about Apple suing and such. I doubt that will happen. Syngress is generally pretty careful about that. Woz gave his blessing for the use of the ROM monitor, and the book states that Apple had given over support of the Apple I to the Apple I Owners Club anyway.
WTF! They're all dead now!
Looks like you're correct, thanks for catching that. I had gotten the impression that the 1-3 gen were single-core chipsets. In fact, they are dual core just like the 4Gs. The earlier ones are rated to 90Mhz, while the 4G is only rated to 80Mhz.
I looked up the spec sheets to double-check my info (and realized I was wrong.) Here they are in case anyone else wants to check them out:
PP5002 for 1-3 Gen iPods:
PP5002
PP5020 for 4+ Gen iPods:
PP5020
Nice. Yeah, there's no problem at all reading the memory on the iPod once you have your code running. The files that go on during an update are encrypted, but they get decrypted in order to go to flash, so they are there in the clear.
Now, I understand the Nintendo DS is a bit closer to your situation...
I suppose if you're running a platform with no iTunes support. Seems like it might be more productive to clone iTunes or remove the DRM.
Yes. At the time, the only bit of hardware he knew how to control was the piezo. In the PP5020 models, most of the hardware is at a different address, so the knowledge from previosu models was of limited use. The existing iPodLinux would essentially die right away on the 4Gs and above.
Now that he has dumped the firmware, he knows where most of the other hardware is mapped.
The newer iPods (the ones in this article) have at least twice as much CPU power. So, the Ogg question may be worth revisiting.