Incidentally, Apple stores are the only computer stores that I, a female computer geek, can walk into and not have to start throwing around teenage hacker language that I never use in real life in order to get a decent level of customer service.
Identification and analysis for software compatibility is a different ball game from hacking it to put it on different hardware.
In my opinion the first cannot exist without the latter.
The point remains that if you download or upload a cracked version, you're "distributing" copyrighted materials improperly. I don't know which country you're from, but in most of them, that's a legal issue.
It was my understanding that we're required to by law have licensed copies of software. I've never actually seen any law here that said copying software was illegal (just using unlicensed software was).
Maybe they (osx86 project) can make a script that takes a Leopard DVD and converts it into a cracked disk image, and distribute the script. That could circumvent a lot of the issues. I still wouldn't advertise the fact that you've got a hackintosh though.
Being how Apple is with lawsuits, if they could of got the project on something legally, they would of done it in my opinion.
It's true that the actions can be questionable, but nobody can say outright it's piracy when you do have a licensed copy. They can really only say that MacOSX is running on a 'unsupported' platform.
Most countries in the WTO have similar laws to the DMCA because the DMCA was forced on those countries and the US by the World Intellectual Property Organization Treaty.
Actually it's called the 'WIPO Copyright Treaty' (strangely enough, they consider software a 'literary works').
By the way, from section 1201 (f)(1) of the DMCA, states that:
Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
As far as I understand it, the DMCA comes into effect when you break a software licensing agreement.
Could you please show me where this is, in the DMCA and the 'WIPO Copyright Treaty', I'm having trouble finding this?
Additionally, it has an effect whether or not you are out to do something that would be otherwise infringing. For instance, a lot of uses of DeCSS were/are to view DVDs on Linux, but that doesn't help legitimize DeCSS.
It is also known that DVD backup utilities which used "licensed" CSS decoding systems were widely available before libdvdcss came out.
Was not the issue with libdvdcss, the fact that it was a 'unlicensed' system for decrypting some sort of technology that required a 'license'?
the libdvdcss issue isn't really related to MacOSX in my opinon.
Also, in the US and in most other countries, hackintoshes are illegal via the DMCA or other anti-hacking laws.
And I'm not in the US...
Could I have your sources on it being illegal in most other countries please?
Anything which breaks encryption without the creator's permission is illegal.
IANAL.
It was my understanding that the DMCA makes anything that circumvents measures taken to protect copyrighted works a penalty for copyright infringement.
Now, I don't quite understand how this is circumventing measures to protect copyrighted works? Since this is about binding software to specific hardware -- Which apparently is not even legally enforceable in the States?
If it were about piracy, then it would be more of a copy protection, like say Windows's Activation.
Until my grandmother can go to BestBuy, and have the morons there sell her a Linux box which will mindless run her email program without her ever knowing what OS its on... Until then Windows will win.
We don't have bestbuy here, but the big stores do sell cheap underpowered Linux systems.
You can't run x86 OSX legally on non-Apple hardware
Sure you can. If own a license for that software. By the way, the EULA that states you cannot run the OS on non-Apple hardware is not legally enforceable, where I live (may not be where you live where you are either).
the difficulty is non-trivial. It's not a quick download away
Well... Actually it is a download away, and it isn't that hard if you don't choose todo this all manually.
I'd say Boot Camp is easier, and it is legal and supported.
My method is legal too, your method is not easier when you can't afford the hardware. As for support, I'm sorry to say but in my expirence, Apple's support really wasn't that good, so I don't trust their support with bootcamp to be any better.
Those come down to a lack of perminence - if the things they get in the system cannot stay long, they do not bother. They want systems that continue to stay compromised which you cannot do simply taking over a user account.
If that were true, there wouldn't be Malware that run exclusively under things like Firefox (not easy to remove for techs if you want to keep the customizations, other extentions -- First hand experience).
There are no open ways to get the root account at this time.
Seeing that a lot of Malware under Windows is usually a extra that comes with other applications, you do get the password prompt when you use the installer (.pkg files). Just make the requirement that the package has to be installed system wide (can't you also specify scripts to be executed in a.pkg?)
Here you must be thinking of Windows, as key loggers do indeed need system access to get installed in OS X.
There are ways, having extendable applications like webbrowsers, writing extentions for them like a keylogger which could be installed in the local user profile... Yeah.
Sure, just as we can also see Windows viruses using Parallels desktop. There is nothing funny or odd about seeing an OS do what it does when running under virtualization or an emulator.
Difference is that those had access to files that the local user had access to. I sure don't mind running Windows under things like VMWARE/Parallels, since they don't have access to my files.
OS 9 and earlier versions were rife with viruses which is why I did not buy macs until OS X.
What were you using before?
Exactly what I am saying - it's too hard on a Mac so they do not do it. The numbers are compelling enough, so the fact the mac sees no viruses means it is more secure (for whatever reason) and harder to target than Windows.
Blah, you already saw my response to this in another post.
They don't HVAE to run as admin. They CAN deinstall IE. The problem is not what people can do with Windows, the problem is all about the defaults and how most people DO use the systen.
To be honest, I don't really care what other people do, I care about the systems I manage.
It's like buying a car and then having to attach the body panels yourself - you get tired of doing so.
Not really a good analogy in my opinion, because once you've done one, you can automate this for all the others, no manual labour after that.
That's why I bought a Mac after years of using Windows and Linux.
Defaults maybe the problems for others, but they aren't my problem. I don't tend to stick with any defaults, not even MacOSX's (they just don't suit me or my family's needs or even the company I work for).
I have a hard time understanding that statemnet as the mechanism for managing multiple computers are so very similar.
Packages are already done on most Linux distros, if I want to add futher customizations, it's usually just simple configuration packages I build.
The frameworks are global but loaded up seperatley for each application.
I was pretty sure the memory was shared, but I guess I'll have to check this later.
Of course they are interested in tageting them because there is financial incentive to do so.
Then why don't they? I mean, many of dumb user exploits applied on windows would work. There are vulnerabilities that are known about for many months that Apple doesn't care enough to fix quickly.
You argument relies on the people writing Malware not to care about money.
No, my argument is that the Apple platform is fully capable of receiving Malware using similar methods that is used on Windows. But, the fact that nobody even bothers trying with even the dumb user exploits, which work when you have someone who isn't very computer literate at the computer.This tells me there is no interest.
That's whay although neither of us can proove our case, I know I am correct.
My points still stand, the system CAN be exploited, the fact that even the lowest of low exploits aren't being used shows nobody is interested to me.
My argument relies only on people being greedy, not on people ignoring the macs for no good reason whatsoever.
Well, people being greedy want the bigger numbers in my opinion, is it time productive to try to exploit what some people consider a 'niche' market compared to Windows's when you could be updating your Malware to use different signatures so anti-virus software won't catch it?
Sure I can deny that. They are interestested in zombie computers, period - and don't care how they come by them. As I said the numbers are already enough (10 million plus mMac in the amrket today, probably much more) that anyone looking to get zombine computers cannot help but look at that and be enticed.
If they care about numbers, they're going to go after Windows anyway.
It all begins and ends with that. Macs are a target but no attacks are forthecoming.
They maybe a target, but nobody is interested in targeting them. I certainly have enough programming knowledge and knowledge of MacOSX to write malware/viruses for the platform, however I'm not in that business. But, assuming I was, I would target Windows platforms over MacOSX, since the numbers are much bigger.
By what definition is 10 million+ potential zombie computers "not interesting". Not to mention that in theory they are more homogenous.
Malware writers, virus writers etc. are not interested in MacOSX, you cannot deny that.
Yes, and then what. It affects the user account but needs a further password to affect the system itself. Security in depth is the key which OS X holds and Windows lacks.
And why do you need to bother with the rest of the system? Script kiddies, they use the system to DDOS targets usually -- you can do that from a user account. Plus there are ways you can grab the root password if you wanted anyway. Forced Adware just wants wants to show adverts to the user, not having root access is not going to prevent that. Key loggers don't need root access to operate. Viruses don't need root access to spread.
How am I not supposed to take offense at an applied stereotype? I switched to the Mac because I was tired of customizing Linux ethernet drivers that didn't quite work with crappy 3COM cards. All of the mac users I know are of a similar level of experience, some of them former mainframe guys.
Stereotypes are not necessarily true, but it is what many people think. I just don't understand why MacOSX doesn't give interest as a target.
The sterotype is not only offensive but is wildly inaccurate.
I don't know anyone personally who is only a Apple user. I know people who use many platforms (just like I do).
My steroetype of windows users (take no offense) is the ones too stuck in a rut or unable to see what moving on or simply to simple technically can do. I would say the vast majority of people who really know nothing whatsoever about computers mostly use WIndows - because that's what everyone else does. You have to have a certain level of comfort with computers to even know you might want to consider a Mac.
I take no offense (although I don't really consider myself much of a Windows user).
Also, how is it considered to be overconfident in security to point out the blindingly obvious fact there ARE NO VIRUSES ON THE MAC.
Actually, I have seen MacOS classic viruses running on MacOSX -- funny enough.
That's the elephant in the room every windows user seems fit to ignore - yes I know there could be viruses but with many millions of macs around to the infect the numbers game is quite simply grasping at straws that will draq no liquid.
If people wanted to write malware of some sort for MacOSX, nothing is stopping them, there just is no interest at the moment it seems.
Here again you lack understanding of my issue with the IE embeddedness. It's all too easy for an exploit using IE or any other system component to get deep into Windows, because most users have to run as admin. OS X also comes sensibly with no open ports to eliminate that hole.
I have to disagree here, most users don't have to run as admin. It's just the defaults, this is not a issue in the upcoming Windows Vista however (Why did Microsoft take so long?).
The integration can make things easier for a virus once it gets in.... but getting in and stayng in are two different things. The majorty of issues now are spyware and on Macs it's far harder to hide software in nooks and crannies of the system than in Windows.
Mhmm. Although admittedly I don't know MacOSX's internals to the extent I know Windows's.
Again my issue with IE is that if you affect the explorer stuff in memory, you've got everything across the system. In OS X you'd have to infect the system Webkit framework to do the same and that is much harder.
You need to be running as Administrator to be able todo that under Windows (I run always as a 'limited user' under Windows).
Very little software needs more than just Application entries -
You also ignore the very real fact that there are many hundreds of thousands of programs making active use of exploits for Windows (even some for Vista) today, whereas there are NONE on the Mac.
You do realise that Apple stuff isn't really a interesting target?
Hell, you could do the same dumb-user exploits done on windows. Sending dynamically generated encrypted archives that require a password to be opened (so anti-virus scanners don't catch it), with the password specified in the e-mail. The user opens said archive, executes binary in there, that has the executable flag...
Which in turn infects them with a virus that e-mails all their buddies or something. MacOSX doesn't even get THAT attention, even though that Mac users would be the perfect target (applying stereotype here -- take no offense): over confident in security, not very good at computers.
Is MacOSX more secure by design? There are less prompts on things that the user may need to know about if it risks their system to being exposed to some sort of malware. Mac software is generally preferred to be very integrated with the rest of the system, Aqua UI elements, system services, libraries, frameworks. It's more orderly for someone who wanted to write malware or such for the platform. This is the very thing you complain that's bad with Windows (Windows doesn't yet have the amount of integration you have on MacOSX when it comes to UI widgets).
Off the top of my head, having those text services on MacOSX, you could even implement a pretty nifty keylogger (which would even get around the copy/paste of preventing your password from being seen, even if you knew there was a keylogger), the user wouldn't even see it as a process on the system.
(I don't think you can't really say there is Malware out for Vista when the end product isn't even finished yet.)
You can try to weasel around with terminology all you want, but it's all rather a case of not seeing trees or the forest because you are looking at your feet. Fundamentally your arguments make little sense because of the reality of what is all around you.
Neither do yours really. I just don't understand how MSHTML is that much different from Webkit, that it's 'integrated' while Webkit is not.
Avenues of exploits, it's another path by which something can trigger an exploit
I don't see how this is different from applications using Webkit under MacOSX.
by preview of things in Explorer or by other means of tricking the Explorer into looking at HTML with an embedded attack.
Explorer does not preview HTML, nor will the MSHTML component be in a active frame unless you're browsing websites. Explorer launches the default HTML viewer defined in filetypes to view HTML files. The closest thing I can think of you could be referring to is Win98's 'web view' function -- which was removed for a better folder customization system -- doesn't use MSHTML.
Funny enough, it's really difficult for any of 'preview' function in Explorer to use any of MSHTML's component's specific exploits, since that component isn't even used at all for any of Explorer's previewing functions. Also, there has never been a exploit that I know of that targeted windows explorer's specific use of MSHTML component (aka: A exploit not targeted at just the MSHTML component it self). I still don't see any malware taking advantage of this so called path you mention.
I still don't see the difference between MSHTML and Webkit from your examples.
What central management features do you think are lacking? There are tools to push out updates to multiple computers.
The biggest ones for me are software policies/restrictions. But I also have plenty of problems with software management (install/uninstall/upgrade -- Some software need far more than just copying the application folder. Automating it is a lot of manual work for me for each package), ba
Yes, one of which was not Finder - again my point is that Webkit use is not as widespread by the underlying OS itself.
Returning to my original point, how does having the MSHTML component available in Explorer create new unique exploits? You never gave any valid points.
So do I which is why I bought a Mac.
Mac doesn't do a lot of things, which the company I work for needs. It's also a security risk, since there isn't really any good comparable central management systems for MacOSX at the moment (even I need this at home because I own more than just one computer).
Which apps?
I've already mentioned Dashboard, Help Viewer, Software Update.
There is no contradiction in what I am saying.
You go on about how this isn't the case for MacOSX because those programs are not part of the operating system because they are seperate applications, yet you go on about how this is not the case with Windows, even though they're just applications, and not required to run the OS, just like MacOSX. Yet somehow, because it's Windows it's worse, but you fail to provide any reasonable explanation othat than stating that Finder doesn't use Webkit in some fashion like Explorer does with MSHTML.
In my mind one of the differences is between libraries being used more in a static or dynamic sense, where Windows apps are more relying on a global instance.
Not only are those contradictory statements (the webbrowser component being used by Explorer)
Yeah, I also remember when webkit did widget auto-installation crap, no questions asked and it took forever for Apple to even fix it -- This effected all applications that used webkit -- Just like a exploit with MSHTML under Windows would. Which was a flaw by design, nevermind about the exploits that require more intelligence like buffer overflows in JPEG proccessing, which is the sort of exploits you have to deal with more on windows. Obviously MacOSX doesn't have to worry about that much.
The other thing is that it's sort of hard to take advantage of a webbrowser exploit in Windows Explorer, unless you're using it to browse the web, in which case you'd be just as vulnerable as using IE, no more, no less. It's not like the WMF exploit which was used in a image proccessing library by almost everything in Windows that handled WMF in someway.
How do you know what vector each of the hundreds of thousands of bits of spyware make use of?
Oh, I don't know, maybe because I spend a lot of time securing systems against the possibility. I've certainly dealt with hundreds in my lifetime.
You made my point, which is that the web browsing component in Windows is ubiquitous and deeply embedded, so there are many avenues for malicious code to reach said component and do what it was designed to do.
You talk about contradictions... Earlier you stated
How are they parts of the OS? Each is a seperate application.
Those apps are either considered part of the OS or aren't.
Interesting fact by the way, you can replace the Windows's MSHTML engine with Gecko's using Reactos's MSHTML replacement if you don't think MSHTML's engine cuts it (you're even using Gecko in IE then), on MacOSX, I haven't even seen that option for Webkit/Safari.
Why don't you ask one of the few hundred thousands of spyware writers that question? They hseem to have figured it out.
I haven't seen one spyware writer that used a exploit that was specifically caused by having a webbrowser available in windows explorer. What I have seen is they have used exploits in the webbrowser component.
So I guess what it boils down to, is that like with so many other aspects of OSX it comes secure by default where you have to go through extra work that almost no-one does to secure Windows.
How does windows explorer having the ability to browse websites introduce any new security issues?
It was my understanding that we're required to by law have licensed copies of software. I've never actually seen any law here that said copying software was illegal (just using unlicensed software was).
Being how Apple is with lawsuits, if they could of got the project on something legally, they would of done it in my opinion.
It's true that the actions can be questionable, but nobody can say outright it's piracy when you do have a licensed copy. They can really only say that MacOSX is running on a 'unsupported' platform.
By the way, from section 1201 (f)(1) of the DMCA, states that:
Could you please show me where this is, in the DMCA and the 'WIPO Copyright Treaty', I'm having trouble finding this?
It is also known that DVD backup utilities which used "licensed" CSS decoding systems were widely available before libdvdcss came out.
Was not the issue with libdvdcss, the fact that it was a 'unlicensed' system for decrypting some sort of technology that required a 'license'?
the libdvdcss issue isn't really related to MacOSX in my opinon.
Could I have your sources on it being illegal in most other countries please?
IANAL.
It was my understanding that the DMCA makes anything that circumvents measures taken to protect copyrighted works a penalty for copyright infringement.
Now, I don't quite understand how this is circumventing measures to protect copyrighted works? Since this is about binding software to specific hardware -- Which apparently is not even legally enforceable in the States?
If it were about piracy, then it would be more of a copy protection, like say Windows's Activation.
It seems it's too much to ask to be able to just copy a folder with music in your filemanager to your device.
Well... Actually it is a download away, and it isn't that hard if you don't choose todo this all manually.My method is legal too, your method is not easier when you can't afford the hardware. As for support, I'm sorry to say but in my expirence, Apple's support really wasn't that good, so I don't trust their support with bootcamp to be any better.
Malware writers, virus writers etc. are not interested in MacOSX, you cannot deny that.
And why do you need to bother with the rest of the system? Script kiddies, they use the system to DDOS targets usually -- you can do that from a user account. Plus there are ways you can grab the root password if you wanted anyway.
Forced Adware just wants wants to show adverts to the user, not having root access is not going to prevent that.
Key loggers don't need root access to operate.
Viruses don't need root access to spread.
Stereotypes are not necessarily true, but it is what many people think. I just don't understand why MacOSX doesn't give interest as a target.
I don't know anyone personally who is only a Apple user. I know people who use many platforms (just like I do).
I take no offense (although I don't really consider myself much of a Windows user).
Actually, I have seen MacOS classic viruses running on MacOSX -- funny enough.
If people wanted to write malware of some sort for MacOSX, nothing is stopping them, there just is no interest at the moment it seems.
I have to disagree here, most users don't have to run as admin. It's just the defaults, this is not a issue in the upcoming Windows Vista however (Why did Microsoft take so long?).
Mhmm. Although admittedly I don't know MacOSX's internals to the extent I know Windows's.
You need to be running as Administrator to be able todo that under Windows (I run always as a 'limited user' under Windows).
You do realise that Apple stuff isn't really a interesting target?
Hell, you could do the same dumb-user exploits done on windows. Sending dynamically generated encrypted archives that require a password to be opened (so anti-virus scanners don't catch it), with the password specified in the e-mail. The user opens said archive, executes binary in there, that has the executable flag...
Which in turn infects them with a virus that e-mails all their buddies or something. MacOSX doesn't even get THAT attention, even though that Mac users would be the perfect target (applying stereotype here -- take no offense): over confident in security, not very good at computers.
Is MacOSX more secure by design? There are less prompts on things that the user may need to know about if it risks their system to being exposed to some sort of malware. Mac software is generally preferred to be very integrated with the rest of the system, Aqua UI elements, system services, libraries, frameworks. It's more orderly for someone who wanted to write malware or such for the platform. This is the very thing you complain that's bad with Windows (Windows doesn't yet have the amount of integration you have on MacOSX when it comes to UI widgets).
Off the top of my head, having those text services on MacOSX, you could even implement a pretty nifty keylogger (which would even get around the copy/paste of preventing your password from being seen, even if you knew there was a keylogger), the user wouldn't even see it as a process on the system.
(I don't think you can't really say there is Malware out for Vista when the end product isn't even finished yet.)
Neither do yours really. I just don't understand how MSHTML is that much different from Webkit, that it's 'integrated' while Webkit is not.
I don't see how this is different from applications using Webkit under MacOSX.
Explorer does not preview HTML, nor will the MSHTML component be in a active frame unless you're browsing websites. Explorer launches the default HTML viewer defined in filetypes to view HTML files. The closest thing I can think of you could be referring to is Win98's 'web view' function -- which was removed for a better folder customization system -- doesn't use MSHTML.
Funny enough, it's really difficult for any of 'preview' function in Explorer to use any of MSHTML's component's specific exploits, since that component isn't even used at all for any of Explorer's previewing functions. Also, there has never been a exploit that I know of that targeted windows explorer's specific use of MSHTML component (aka: A exploit not targeted at just the MSHTML component it self). I still don't see any malware taking advantage of this so called path you mention.
I still don't see the difference between MSHTML and Webkit from your examples.
The biggest ones for me are software policies/restrictions. But I also have plenty of problems with software management (install/uninstall/upgrade -- Some software need far more than just copying the application folder. Automating it is a lot of manual work for me for each package), ba
The other thing is that it's sort of hard to take advantage of a webbrowser exploit in Windows Explorer, unless you're using it to browse the web, in which case you'd be just as vulnerable as using IE, no more, no less. It's not like the WMF exploit which was used in a image proccessing library by almost everything in Windows that handled WMF in someway.Oh, I don't know, maybe because I spend a lot of time securing systems against the possibility. I've certainly dealt with hundreds in my lifetime.You talk about contradictions... Earlier you stated Those apps are either considered part of the OS or aren't.
Interesting fact by the way, you can replace the Windows's MSHTML engine with Gecko's using Reactos's MSHTML replacement if you don't think MSHTML's engine cuts it (you're even using Gecko in IE then), on MacOSX, I haven't even seen that option for Webkit/Safari.
This is needless text being written here because I am not allowed to use so many caps