1.) Several proof-of-concept viruses have been written for OS X in the past, so this isn't the "first." They never propagate.
This isn't a "proof-of-concept" it was discovered in the wild, albeit at a direct point of infection. It has already propagated, or attempted to, in the wild as well, sending file transfer requests to other machines on a LAN.
2.) When you download this.tgz file in Safari, Safari warns you that it's an application, and you have to click to continue.
If I'm not mistaken it warns you that it "might be" an application, as it does with all archives in.zip,.gtz, or.dmg format. Also, not everyone uses Safari.
3.) When you run it, an admin password prompt is displayed by OS X, and you have to enter it to continue.
...Unless you are running an admin account. Then it just runs. Like a lot of clueless people who only set up one account when they buy a machine. Maybe even most people.
This is not going to spread far and wide for numerous reasons and has no real payload and bugs prevent it from working properly. This is not a serious threat to most people. It is however, a first OS X virus in the wild and seems to have been written by someone with a clue. It also seems unfinished. This may be the basis for more malware in the future.
OS X does better than most OS's under this type of an attack and this threat is minimal. Hopefully, however, this will spur Apple to actually improve the default security of their systems both with a default non-admin account on setup, with better GUI indications of what a file is and is doing, and with BSD jail, VM sandboxes, or really cool ACLs that default to limited permissions for any new software. Frankly, Windows desperately needs this right now, but OS X could benefit from it as well and give MS something to copy.
I wouldn't call adding a thumbnail to a malicious executable 'sophisticated'.
i wouldn't call this malware sophisticated, either, at least no in terms of its interaction with the user.
OS X does. It asks for your admin password. This is generally a clue that it might be doing something critical.
This is completely wrong. If I download a new application, drag it to my Applications folder, and run it, OS X does not apply any restrictions beyond what my account has. It can do anything I can. Any new program can access the internet, monitor the keystrokes of my other apps, look at my personal files and modify them, or do anything else I, as a user, can do. It only asks for a password to modify items beyond my current privilege level, ie. sudo.
Heh... The.jpg, and.tgz extentions are a dead give away. Though I agree that OS X might need some form of executable extention. Only an idiot turns off extentions. Though sadly OS X and Windows do it by default.
Most users don't know what file extensions apply to executables and which apply to data. Many don't know the difference between the two. A visual cue would be useful for making users aware of this. Does OS X really ship with extensions hidden by default? It has been so long since I configured a machine from scratch I don't recall. I thought they shipped with extensions visible by default though.
I also think that OS X might need to actually tell you WHY you are putting in your admin password, in terms that both the knowledgable and typical user would understand. It does beat the "Yes" dialogue that we have to come to express from Windows, though, but there is room for improvement.
That is partly why the system needs finer permissions for application behaviors. That way it can have well defined, "This program is trying to access the keyboard input while another application is in the foreground. (stop it from reading keystrokes destined for other programs)(stop it from accessing keystrokes at all)(kill the program)(allow it to read typing destined for other programs)."
No application that displays untrusted content should EVER have an option to open files automatically after downloading.
Wow, that is going to make Web browsing really suck when I have to download the HTML file and all the images and then open them by hand.
Files outside specific "application" or "plugin" locations should never be considered as potential handlers for content, and there must be no mechanism to move files to these locations without an EXPLICIT request by the user. (yes, that means no auto-installing Dashboard plugins or Firefox extensions... and of course ActiveX is beyond the pale)
How does this increase security? At least by auto placing them (with an appropriate dialogue confirmation) the files go in the right place and users aren't accustomed to having to move some random file to some random location to get things to work, which is a lot more dangerous than moving executables to a properly insulated sandbox. (Not that OS X does use a properly insulated sandbox mind you.)
Any way, in this particular case auto-running content is not exploited anyway. you have to manually run the script with a jpeg icon on it.
That's why we don't consider it a vulnerability. There is no way to "fix" this without totally locking out the user.
You're partially right. The owner of a computer should have the ability to do whatever they want on their computer, including mess it up. The problem is that is not the only thing that is happening here. The user is being tricked into doing this because they are not given enough information and granularity of security. Now OS X does a lot of things right in this regard and is better than most of the competition, but it is not good enough to deal with some of the more sophisticated threats of the day.
First, new applications and scripts should run either with pre-configured ACLs or in a BSD-Jail type environment. Basically, any program that wants to contact the internet, access files it did not create, or modify other applications should have to ask the user for that privilege. Further, steps can be taken to make it harder for an executable to disguise itself as data, via the UI, like a visual clue to differentiate data and programs. Finally, by default the first user created has admin privileges that are, perhaps, over-broad. When a system is set up an administrative password should be required to be set, but the default user account should probably have somewhat lesser privileges, or at least need a password to alter default programs.
Now there will always be people who can be tricked into doing anything, but I really think that some better defaults and more user interaction is warranted for many events. How often do you want to run a program, by double clicking, that will modify other common programs on your machine. Would you rather have a dialogue that warns you when something tries to do this or not? Viruses like this one are performing uncommon operations and are easily recognizable due to that. It should not be hard to better deal with them.
You haven't stolen/my/ car, but you have stolen the car from Ford. Why? Because the end result would be the same as if you stole it: You would be driving around in a car that you did not pay for.
You're wrong. The end result is not what matters, the action is. Stealing is an action, not an end result. If I copy a Ford car I have probably infringed on any number of patents and trademarks, but I have stolen nothing. By your definition if someone gave me a gift that would be stealing, since I did not pay for it and I still have something.
That car design cost millions to come up with. If they only sold one and the rest were "free copies", they would never make their money back, and consequently, they would never design another car!
True, such a device would greatly change the industry and probably cause large car manufacturing operations to lay off thousands. The economic impact would be severe. But what does any of this have to do with whether or not it is ethical or legal? Would you halt all progress to insure that every business that is making money now will continue to do so? The traditional example is the drastic decline carriage sales with the advent of the car industry. Plenty of laws were passed trying to make cars hard to own and to ensure progress was halted. Back in the day in many places if you were driving down the road (at the 5mph speed limit designed to ensure cars were no faster than horses) and you saw a horse coming you had to pull over and hide your car in the bushes.
This is analogous to current copyright laws and the DMCA now. Technology has progressed, but the industry wishes it hadn't so they try to artificially restrain progress by paying off corrupt politicians.
Second of all, how is ownership of something subjective?!?! In our present world and economy, trade works by exchanging things of value for other things of value. If you obtain something of value, you should have to pay someone for it. What's subjective about that?
First, the subjective part is where you said "something you should not have." Whether or not someone should have something is wholly subjective. Secondly you're confusing a basic human right with a government enforced restriction on a basic human right, for a specific purpose. The US constitution (and many international rights accords) hold that man has the right to life, liberty, and the pursuit of happiness. Among those rights are included the right to be secure in ones possessions and the right to free speech(expression). A person has the natural right to own physical property. If you own a car, no one can take that from you. A person has the natural right to say or write anything they feel like. This includes something someone else has already said. If I want to sing "happy birthday" that is my natural right. US law does not dispute this in any way. It is very clear and well established. So why can't I sing "happy birthday" legally? The answer is that copyright laws were passed to artificially restrict my freedom of speech (and consequently all expression). Now doing that was a matter of great debate. Many of the founding fathers were very opposed to it because they believed it would lead the US to eventually have a system as bad as existed in Europe at the time, where big publishing houses controlled access to all works and the artists themselves were powerless. Sound familiar? In the end they included in the constitution the ability for congress to grant copy rights, but only for very limited purposes and only for limited times. The purpose was to "promote useful arts and sciences."
Now fast forward to today. While the originators of the law foresaw copyright lengths becoming shorter over time, as technology and the ability to quickly publish and ship works improved instead they have been extended to last virtually forever. In fact whenever certain works get close to expiring another extension is added to them. The rights granted specifically to the people (the right to
OK, welcome to malware nomenclature 101. Will everyone please take their seats. Thank you. There are three basic classifications for malware:
trojan - malicious application disguised as either a benign application or data.
virus - a malicious application that copies itself into other locations infecting data or applications in an attempt to spread. Viruses often attempt to e-mail, IM, FTP, etc. themselves to other machines.
worm - a worm is a virus that auto-propagates. That is to say it sends copies of itself automatically and traditionally without any user intervention.
This particular malware is a trojan (partly disguised as a jpg) which them copies itself to a new location on your drive and modifies a few commonly used applications in order to spread itself via they Bonjour discovery and file transfer mechanism in OS X. It requires human intervention to extract itself run, spread, and for download. I'd call this a virus to be clear about its functionality.
In both cases you are in possesion of something that you should have paid for to obtain, but you didn't.
But as to whether someone should pay for something or get it for free is merely a matter of opinion. If I find a block of gold on the ocean floor in unclaimed waters, who should I have paid for it? If I find a block of gold in a store, I should probably pay the store owner. Copyrighted works are somewhere in between (and a bit to one side). There is no ethical reason why I should pay copyright owners, only practical ones.
Like I have been saying, there is no fundamental difference in the end result whether you walk out of the store with a CD or if you download it off of the internet. THERE IS NO FUNDAMENTAL DIFFERENCE IN THE END RESULT.
So If I shoot someone in the head, they are dead and I have committed murder. But if I sell someone a gun and they shoot themselves in the head I have still committed murder? After all, the end result of my actions is the same, right?
i submit that a physical object is not necessarily required for theft.
I submit that you are wrong.
if you're a gamer, does it incur your ire when someone steals from you in game?
No. You see games are symbolic representations of the real world. You're confusing fantasy and reality. If someone stabs your character in a game to death have they committed murder?
if you developed a neat idea and had it on your hard drive, would it bother you when someone copied it onto their USB drive, and distributed it or claimed it as their own?
That is called plagiarism. It is unethical in my opinion, but not theft.
how about your digitized poetry? your art?
This is called copyright infringement if they copy and republish it. It is called plagiarism if they claim it as their own. Not everything you can do that is unethical or that might bother someone is called "theft." Here's another one for you. If someone stabs you in the head haven't they "stolen" your life. Should they not be convicted of stealing? No, of course not. It is called murder. We have different names and punishments for different crimes and we decide separately what should be legal and illegal. Right now most copyrights are detrimental to society and are doing just the opposite of what the original purpose of copyright law set forth. The RIAA, MPAA, and other big publishers know this so they try to confuse the issue by calling copyright infringement stealing. In this way they hope to confuse people who are against stealing into thinking that the two concepts are one and the same. You fell for their pitch.
i'm not using these as exactly analogous to downloading a movie, but the concept of a noncorporeal object of value is important.
So what? I may value the pleasure of a good blow job, but if the girl stops she isn't stealing that from me and I don't have any fundamental human right to blow jobs.
either way, there's some price point where you'd be willing to exchange something of value for it. taking even a copy of it without reimbursing the 'owner' is, in a word, a theft. moreover, you don't get to set the price that you pay for it.
No. It is copyright infringement. They have had nothing taken from them but the potential to make a sale. They have no entitlement to money. The law says copying without their permission is illegal, but it is not and never has been stealing. Whether or not they should have the right to restrict me from copying unless I pay them is a matter for debate. I'd say "yes" so long as it fulfills the constitutional goals set forth, which is to say about 1% of the time in my personal judgement.
and i think that you're right that downloading a file is significantly different from stuffing one's outerwear at walmart, but hey--let's not kid ourselves about what we, fundamentally, are doing, alright?
Speak for yourself. When I make a copy of some rare out of print book or music or video game that otherwise would be on a short road to oblivion I don't consider that fundamentally the same as shoplifting. I'm preserving important pieces of our culture and history, many of which are copyrighted by unknown parties. Maybe you don't see the damage copyright law is doing and just want something for nothing, but that does not apply to all of us. Copyright laws as they exist now are evil. They are deleting our cultural heritage for a very tiny profit. Please educate yourself on what is really happening to all those copyrighted works that can no longer be purchased anywhere, have no reference copies, and are vanishing from all existence.
The bottom line is that downloading content without paying for it functionally is identical to stealing it because the end result is the same. In both cases you are in possesion of something that you should have paid for to obtain, but you didn't.
Except whether or not someone should have something is a very subjective judgement. Now if I see you driving down the street in a mustang and think, "wow what a great car" and I aim my patented new duplicator beam at it and make myself a car just like yours... have I stolen your car?
Everyone who buys into this "physical product" definition of theft is forgetting one thing: A specific pattern of ones and zeroes IS a physical product!
Yes but people aren't stealing that pattern, they are copying it. The physical pattern still exists in the original location.
There is a significant difference between stealing and copyright violation. For example one is violating someone's basic human rights according to the constitution and one is violating an artificial government granted right imposed for a particular purpose. If, for example, by violating that government granted right you are actually more efficiently promoting that particular purpose then constitutionally, the lesser law is wrong, not you. Note, because of the wording in the constitution which calls for a value judgement, this is impossible to prove. In fact the supreme court ruled that although current laws are almost certainly violating the intent of the constitution, it is not their job to interpret the intent of lawmakers. Basically, the laws on the books aren't doing what they should, but it is not their job to say congress is a bunch of liars.
It would be more apt to say it's illegal everywhere except Nevada then to say it's legal if you live in any state as long as that state is Nevada.
I disagree. Given there is no federal law banning it, prostitution is a inclusively legal in the US. That is to say, if there is a territory not governed by any particular state law that bans it then prostitution is legal in that jurisdiction.
If you're a prostitute in America more than likely you are engaging in prostitution illegally.
But if you're a member of an official organization called "Sex workers of America" the chances are you're not openly breaking any law, whether you're are a porn star or a legal prostitute. Sure maybe some of those people do break laws, but that has no bearing on their right to protest something.
People who buy Mac hardware, would still continueto[sic] do so. I doubt anyone with a powerbook titanium would ever give it up for a placstic[sic] cased dell. Mac users are all about aesthetics and status.
I suppose you have an in-depth market analysis to back that up? I know a lot of mac users and from my experience at least half of them would rather buy cheaper hardware if it could run OS X. I know my company would almost certainly be buying cheaper laptops for us to run it on. In any case, I'm guessing Apple has better market research into mac buyers and potential mac buyers than you do.
Mac dosen't[sic] make much money on selling Os X because they're really not in the OS market. Think about it. The only people who even by[sic] it are people who are running os 9 (a very small % of the computer market) and most computers that are running os 9 can't really run OS X.
I'm guessing about 90% of boxed OS X sales are to existing OS X customers. What Apple (not "Mac") sells is basically an upgrade for existing users. 10.1 was a free upgrade, 10.2, 10.3, and 10.4 cost money.
The bottem[sic] line is growing the Mac user base.
The number of customers is not the only consideration for profit. Apple made about as much money as Dell last year. It is highly likely that Apple would lose a lot of hardware sales. It is highly unlikely they would gain nearly as much in OS sales, given MS's stranglehold on the pre-install OEM market. They tried licensing to OEMs and almost went out of business. Jobs tried selling both and OS and cool high end software and nearly went out of business.
I'd like to be able to buy OS X and install it on a white box. I'm sure you would as well. That does not mean it is a good business plan for Apple to sell it that way. Until MS is restrained from anti-competitive actions or until they are broken up and competing with one another there is not a viable way to enter that market. Even with the best product, Apple will still lose big time. Only by selling a vertical solution can Apple maintain their OS as a viable product.
I personally went with the DVR from Comcast. IMHO it was a better offering than tivo (pains me to say Comcast offered a better deal).
I don't trust Tivo as a company anymore and went with a smaller company with a less restricted product when I decided on a PVR. That said, it is not fair to compare Tivo to Comcast on price. Comcast just raises everyone's subscription fees to cover the difference (seeing as they have a monopoly in most areas they are available). Ditto on integration with a Cable box. The truth of the matter is, Tivo has pretty much sold out to the cable companies and given the cable companies' leverage a lot more people are choosing like you. It is too bad too, since the cable companies are motivated to remove as much of the ability to store video long-term and skip commercials as possible. They will kill the 30 second skip as much as possible. They will try to ad more advertisements using the PVR. They are motivated to make it hard and/or expensive for you to archive video, since then you would be less tied to them and since they are owned largely by the same corps as content producers who want to sell you that archived copy on DVD.
You may have made a wise choice in the short term, but the long term consequences are going to suck.
Meanwhile, I'll be using the built in editor on my PVR to remove commercials for my favorite shows/movies before I burn them to DVD or VCD. I'll also be exporting recent episodes of shows to mpeg-4 so I can watch them on my laptop while flying/commuting. It even uses less battery than a DVD would and I can catch up on those shows I haven't gotten to before I delete those not worth archiving. Also note, I pay no monthly fee for my PVR and can pick my choice of independent scheduling providers instead of being tied to one particular service.
I'm firmly convinced all this functionality should be in every PVR, except of course those being made by corporation with a vested interest in them being less functional and those companies who have signed huge sales contracts with those companies. Oh well, hopefully IPTV will take off and fundamentally change the market, separating content from other content and from being tied to delivery mechanism.
Hmm, I seem to remember putting C: and a path into IE being an easy way to access the entire filesystem, including files to which I would not normally have permission. Sounds like access to a lot more than user space (which is where a browser should be running) to me.
IE has no more ability to "cause serious changes to the core of the OS" than any other app like Firefox does.
See the above example. You can install and run firefox as a non admin.
Architecturally, it's essentially identical to KDE's khtml or OS X's WebCore/WebKit.
Not really. Sure all three offer HTML parsing services to other apps, but two are clean services to do that with applications that utilize them. IE is not a service, it is an application by itself that leaves a lot more room for the large number of security holes that are the result.
The monopoly stuff I'm not really going to comment on, other than saying I disagree with the basic principle that Microsoft is - or ever was - a monopoly, and the idea that they can't add functionality to their product as customers or developers demand is ridiculous.
That is because you are erroneously thinking that monopolies are defined by products. This is not the case. They are defined by markets. MS can add any products and features they want so long as they are not combining one product or bundle that combines their monopolized market and another one. You seem to be fundamentally failing to understand the concept of a monopoly or bundling. This failing is so common even on Slashdot that it would be a great example of how the public school system fails. It not only failed to teach you this basic concept but it also failed to provide you with the research and critical thinking skills needed to look up and do any basic research on a topic before asserting your uneducated opinion on it.
If you like Apple's product, buy them. But please realize that even if they go out of buisness[sic] in 5 years, you will still be satisfied with your purchase (if you think it's a good one). If you are not a fanboy, you will just buy from an other company.
If this were a free market I might agree with you, but it is not. How many viable OS choices do I have and how many will I have if Apple goes under? I do have a vested interest in Apple staying around because without them the computer industry would have stagnated even more than it has under a certain monopolist's reign. Anyone who works in the computer industry probably has that same vested interest, even if they don't use any Apple products.
Why everybody here must defend a company like Apple (or any other company)?
Who is defending anything? I am explaining the reasons why they won't take a particular action to someone who asked why they won't take a particular action. I'm also pointing out some things the previous poster seemed to have factually incorrect to improve their understanding.
Reading this topic, it seems like if all the money made by Apple was money made for the./ community.
Apple products are popular among Slashdot users because they are some of the best available. No mystery there. Most of us also appreciate anything that can lessen the dangerous MS monoculture and facilitate advances in the state of the art. Apple has certainly done that as well. Even if most users only see a bad copy from MS five years after Apple has implemented something at least it does reach people and computing gets a little bit better. Apple doing well, makes a lot of us happy for this reason alone.
If that was what was happening, why didn't they just stop authenticating Real files, or perhaps more deviously, always give authentication for Real files, rather than going through the potentially-breaking-people's-devices extreme step of a firmware update?
They revamped the whole authentication system to make it harder to fool. They did not do anything until they were already releasing a firmware update to fix a number of other issues and add some new features. It is not even clear that Real was the motivator for their changes. They did not do it right after Real started spoofing and it is entirely possible the tiny number of Real files was not even really a concern at all.
The unanswered question is: how many copies of OS X do they sell today versus how many would they sell if they had an available installed base of 40 million PCs?
Have you seen the market for OS's that are not pre-installed? It is tiny by comparison to the whole market. The majority of those licenses in that small segment of the market are to big business, MS's strongest point. Unless Apple could break into the pre-install market they would have no chance of recovering lost hardware sales. If you had a big chunk of the retail PC market and MS could kill you at a whim with their differential pricing would you bet the whole show on people switching? Would you do so knowing you'd be putting yourself in competition with and at the mercy of Apple at the same time?
That to me is the big thing Apple seems not to value. The chances of me going out and buying an Apple computer today are 0%. Partly because I have a fairly new PC that is sufficiently powerful to do the job, and partly because I can't cut my family off Windows cold-turkey.
That's the thing. You aren't a good customer for them because the only way to reach you is to sacrifice their biggest source of profit. They have done several things to reach people like you, but slightly more willing to change. They introduced a really cheap model so you can try it out. They introduced free software that comes bundled and covers the needs of 90% of computer users. You're just a part of that 10% that it is not profitable for them to sell to.
As for "cold turkey" on Windows, with WINE, VMWare, Virtual PC, etc. it will soon be reasonable to use the Windows applications on OS X. If that is still not enough then you'll just have to stick with Windows. Note that it likely Vista will boot on Apple hardware.
It is also important to note that Apple has been down this road before. They licensed their OS to other manufacturers in the 90's and it almost killed them. Jobs tried selling a great OS and really cool hardware separate from each other at NeXT, but the market was not large enough. Apple has a lot of smart businessmen and access to much better market research than you or I. If it was profitable or likely to gain long term profit via a viable strategy, they'd have done it by now. In any market there are customers it is not profitable to reach. In this market, that seems to be you.
since when does any comercial OS company give free support.. that'll be the day!
Well Apple has some of the best support in the business according to consumer reports and they provide that support (for a limited time) bundled with all machines and some other products. They also provide free on-site support at their retail stores. Finally, most companies, even ones that say they don't offer support, still do provide some support even if it is just paying people to answer the phones and try to sell support contracts. Trust me, the more machines running diverse configurations with third party or no drivers the more calls they will be getting.
Apple is 5% of the market selling hardware. I don't think they net $800 off of every sell. In fact my mac mini was loaded and only cost $799.
Take a look at another company with a similar market cap, Dell. They are 20% of the market with similar profits. Now note that 50% of Apple's income is from iPod, services, and other software. It actually lines up rather well doesn't it? I've seen multiple evaluations of this possibility. Apple would lose nearly half their incoming cash by making this move and to make up that amount based upon current prices for retail OS X would be between 30-40% of the market. If I had the numbers in front of me I'd copy them for you. I believe 5% was too high for their sales as is the $800 figure for average profit per machine.
It wasn't a server thing, it required changing the firmware on the ipods.
There were multiple components, but the gist of it is Real was getting Apple's authentication servers to issue authentication for Real's files wrapped in an imitation of Apple's DRM. Apple servers were being used to enforce Real's DRM. Want to play that file on another computer, well we'll just contact Apple's servers and see if you are authorized. They updated the whole system, one component of which was updating the ipod firmware.
Actually, in this case it was hacking, not cracking. They did not crack any encryption or work around any security. They simply hacked together a new system using a lot of OS X, with many parts replaced with alternatives (like the whole kernel).
Re:I don't see the problem...
on
OSx86 Cracked Again
·
· Score: 4, Insightful
I don't understand why Apple is missing the boat here. I'm waving my $150 at you Steve Jobs come and get it.
I'll explain it. You and the several thousand others like you would cost more money for the free support and other missed opportunity cost than you would give. Basically, Apple offering OS X fort other hardware will cost them hardware sales since many people will buy other hardware now that they can run OS X on it. It will increase support costs in trying to deal with all that hardware. And Apple makes very little money selling OS X. They make their money selling hardware and in order to make the same amount of money they would have to capture 30-40% of the OS market. Since they are locked out of the pre-install market by MS's OEM pricing and since the non-preinstall market is about 5% of the market right now the chances of them even making the same amount of money as they do now are basically zero. I'd buy it too, but it just doesn't make sense for them to sell it.
Re:If you replace enough files...
on
OSx86 Cracked Again
·
· Score: 5, Insightful
Whoa, whoa, whoa. I'm on board that just "downloading a DVD" is unethical, but if I BUY an official copy of OS/X, then who the hell is Steve Jobs to tell me what I can or can't do with it?
I agree with you in principal, but OS X for x86 is only available with the purchase of an imac right now (as far as I know) and while it is possible that you might want to take that one license and install it on a different machine while wiping the imac, don't think it is likely. I'm all in favor of hacking the OS and researching, but I'm more than a little leery that this will lead to just another way to get crappy warez versions of OS X hacked up to work on generic boxes without paying for a license. Right now it is just that, a concern. I don't see anything that has been inappropriate yet.
This is one of the main reasons I dislike Apple as a company: the arrogance. Steve wants to tell me what I can and can't play on an iPod (e.g., suing Real). Steve wants to tell me what I can and can't do with software I buy. Frankly, screw Steve!
And here is where you lost me. When did Apple sue Real? As far as I know there has only been one lawsuit and it was Real suing Apple. What Apple did do was change the DRM authentication on the iPods to stop Real's hack from working, but seeing as Real was using Apple's servers to do the authentication I don't think anyone can really fault them for that. It was a very legitimate security and support concern. Hell, I wouldn't let my competitor's use my servers to authenticate their DRM either.
Apple could be so much more successful if they would stop being such a-hole control freaks and just sell their products and embrace people wanting to use THE SOFTWARE AND HARDWARE THAT THEY FREAKING OWN the way the want to.
Apple is very successful now and not because they operate using a simplistic view of the market. They are in a market dominated by a monopoly and they can only compete by maintaining a complete vertical chain on their own. Apple sells computers because they can't survive selling software and because they make more money that way. They use software as a differentiator, but they are not an OS company, they are a hardware company. Selling OS X for intel would be huge financial loss. The OS market, like it or not, is basically the pre-installed OS market. MS has that market locked down. Apple can only sell pre-installs on their own hardware. The secondary market of installs after the fact is a small one for the tech savvy. A lot of Apple's customers would be included, but not a significant share of the market. Operating in such a commodity business Apple would have to grab nearly 40% of the market just to break even with the hardware sales losses they would endure. It is just not very likely. I'd like OS X for generic hardware as much as the next guy, but not at the cost of Apple going out of business and it no longer being available in the future. Sorry but a lot of people have looked at this business case including Apple and it just doesn't make sense for them.
Why should apple bother with "security measures... It'll crash, it won't have proper driver support and it won't be updated nearly as fast... Users would eventually figure that using OSX on regular, unsupported PCs is too much trouble and would thus cease from doing so.
It will crash and have driver problems and generally be hard to use, but users won't figure out that this is due to running on unsupported hardware; instead it will develop a reputation as an unstable OS. Apple would prefer not to poison their brand.
that if such a powerfull (talent-wise) company fails to create a considerabe protection for its highly wanted OS, and every release gets eventually cracked, it is yet another confirmation that they want it to be hacked?
Sigh. First this isn't a crack, per-se, more of a hack. If I take a Linux distro running on a x86 white box and replace the apache install with the modified one OS X uses what do I have? I have a nasty hybrid that is mostly Linux and a tiny bit OS X. This hack is basically replacing many core parts of OS X with different versions, including the entire kernel. It would be just as accurate to say someone got the OS X window management system running on a Linux system (sans several parts).
In any case, no Apple does not want people running their OS on generic hardware as it has a number of negative effects upon their business. At the same time, those negative effects are only significant is they are easy and common. Most people can't even install a regular OS, let alone rip out major components of OS X and replace them piecemeal. It makes business sense for them to spend some effort installing a roadblock, after that they face diminishing returns.
Every release will be cracked so long as people have the time and interest, but the results, like those mentioned here, are an unsupported Frankenstein's monster that is going to be a mess to use and likely very unstable.
1.) Several proof-of-concept viruses have been written for OS X in the past, so this isn't the "first." They never propagate.
This isn't a "proof-of-concept" it was discovered in the wild, albeit at a direct point of infection. It has already propagated, or attempted to, in the wild as well, sending file transfer requests to other machines on a LAN.
2.) When you download this .tgz file in Safari, Safari warns you that it's an application, and you have to click to continue.
If I'm not mistaken it warns you that it "might be" an application, as it does with all archives in .zip, .gtz, or .dmg format. Also, not everyone uses Safari.
3.) When you run it, an admin password prompt is displayed by OS X, and you have to enter it to continue.
...Unless you are running an admin account. Then it just runs. Like a lot of clueless people who only set up one account when they buy a machine. Maybe even most people.
This is not going to spread far and wide for numerous reasons and has no real payload and bugs prevent it from working properly. This is not a serious threat to most people. It is however, a first OS X virus in the wild and seems to have been written by someone with a clue. It also seems unfinished. This may be the basis for more malware in the future.
OS X does better than most OS's under this type of an attack and this threat is minimal. Hopefully, however, this will spur Apple to actually improve the default security of their systems both with a default non-admin account on setup, with better GUI indications of what a file is and is doing, and with BSD jail, VM sandboxes, or really cool ACLs that default to limited permissions for any new software. Frankly, Windows desperately needs this right now, but OS X could benefit from it as well and give MS something to copy.
I wouldn't call adding a thumbnail to a malicious executable 'sophisticated'.
i wouldn't call this malware sophisticated, either, at least no in terms of its interaction with the user.
OS X does. It asks for your admin password. This is generally a clue that it might be doing something critical.
This is completely wrong. If I download a new application, drag it to my Applications folder, and run it, OS X does not apply any restrictions beyond what my account has. It can do anything I can. Any new program can access the internet, monitor the keystrokes of my other apps, look at my personal files and modify them, or do anything else I, as a user, can do. It only asks for a password to modify items beyond my current privilege level, ie. sudo.
Heh... The .jpg, and .tgz extentions are a dead give away. Though I agree that OS X might need some form of executable extention. Only an idiot turns off extentions. Though sadly OS X and Windows do it by default.
Most users don't know what file extensions apply to executables and which apply to data. Many don't know the difference between the two. A visual cue would be useful for making users aware of this. Does OS X really ship with extensions hidden by default? It has been so long since I configured a machine from scratch I don't recall. I thought they shipped with extensions visible by default though.
I also think that OS X might need to actually tell you WHY you are putting in your admin password, in terms that both the knowledgable and typical user would understand. It does beat the "Yes" dialogue that we have to come to express from Windows, though, but there is room for improvement.
That is partly why the system needs finer permissions for application behaviors. That way it can have well defined, "This program is trying to access the keyboard input while another application is in the foreground. (stop it from reading keystrokes destined for other programs)(stop it from accessing keystrokes at all)(kill the program)(allow it to read typing destined for other programs)."
No application that displays untrusted content should EVER have an option to open files automatically after downloading.
Wow, that is going to make Web browsing really suck when I have to download the HTML file and all the images and then open them by hand.
Files outside specific "application" or "plugin" locations should never be considered as potential handlers for content, and there must be no mechanism to move files to these locations without an EXPLICIT request by the user. (yes, that means no auto-installing Dashboard plugins or Firefox extensions... and of course ActiveX is beyond the pale)
How does this increase security? At least by auto placing them (with an appropriate dialogue confirmation) the files go in the right place and users aren't accustomed to having to move some random file to some random location to get things to work, which is a lot more dangerous than moving executables to a properly insulated sandbox. (Not that OS X does use a properly insulated sandbox mind you.)
Any way, in this particular case auto-running content is not exploited anyway. you have to manually run the script with a jpeg icon on it.
That's why we don't consider it a vulnerability. There is no way to "fix" this without totally locking out the user.
You're partially right. The owner of a computer should have the ability to do whatever they want on their computer, including mess it up. The problem is that is not the only thing that is happening here. The user is being tricked into doing this because they are not given enough information and granularity of security. Now OS X does a lot of things right in this regard and is better than most of the competition, but it is not good enough to deal with some of the more sophisticated threats of the day.
First, new applications and scripts should run either with pre-configured ACLs or in a BSD-Jail type environment. Basically, any program that wants to contact the internet, access files it did not create, or modify other applications should have to ask the user for that privilege. Further, steps can be taken to make it harder for an executable to disguise itself as data, via the UI, like a visual clue to differentiate data and programs. Finally, by default the first user created has admin privileges that are, perhaps, over-broad. When a system is set up an administrative password should be required to be set, but the default user account should probably have somewhat lesser privileges, or at least need a password to alter default programs.
Now there will always be people who can be tricked into doing anything, but I really think that some better defaults and more user interaction is warranted for many events. How often do you want to run a program, by double clicking, that will modify other common programs on your machine. Would you rather have a dialogue that warns you when something tries to do this or not? Viruses like this one are performing uncommon operations and are easily recognizable due to that. It should not be hard to better deal with them.
You haven't stolen /my/ car, but you have stolen the car from Ford. Why? Because the end result would be the same as if you stole it: You would be driving around in a car that you did not pay for.
You're wrong. The end result is not what matters, the action is. Stealing is an action, not an end result. If I copy a Ford car I have probably infringed on any number of patents and trademarks, but I have stolen nothing. By your definition if someone gave me a gift that would be stealing, since I did not pay for it and I still have something.
That car design cost millions to come up with. If they only sold one and the rest were "free copies", they would never make their money back, and consequently, they would never design another car!
True, such a device would greatly change the industry and probably cause large car manufacturing operations to lay off thousands. The economic impact would be severe. But what does any of this have to do with whether or not it is ethical or legal? Would you halt all progress to insure that every business that is making money now will continue to do so? The traditional example is the drastic decline carriage sales with the advent of the car industry. Plenty of laws were passed trying to make cars hard to own and to ensure progress was halted. Back in the day in many places if you were driving down the road (at the 5mph speed limit designed to ensure cars were no faster than horses) and you saw a horse coming you had to pull over and hide your car in the bushes.
This is analogous to current copyright laws and the DMCA now. Technology has progressed, but the industry wishes it hadn't so they try to artificially restrain progress by paying off corrupt politicians.
Second of all, how is ownership of something subjective?!?! In our present world and economy, trade works by exchanging things of value for other things of value. If you obtain something of value, you should have to pay someone for it. What's subjective about that?
First, the subjective part is where you said "something you should not have." Whether or not someone should have something is wholly subjective. Secondly you're confusing a basic human right with a government enforced restriction on a basic human right, for a specific purpose. The US constitution (and many international rights accords) hold that man has the right to life, liberty, and the pursuit of happiness. Among those rights are included the right to be secure in ones possessions and the right to free speech(expression). A person has the natural right to own physical property. If you own a car, no one can take that from you. A person has the natural right to say or write anything they feel like. This includes something someone else has already said. If I want to sing "happy birthday" that is my natural right. US law does not dispute this in any way. It is very clear and well established. So why can't I sing "happy birthday" legally? The answer is that copyright laws were passed to artificially restrict my freedom of speech (and consequently all expression). Now doing that was a matter of great debate. Many of the founding fathers were very opposed to it because they believed it would lead the US to eventually have a system as bad as existed in Europe at the time, where big publishing houses controlled access to all works and the artists themselves were powerless. Sound familiar? In the end they included in the constitution the ability for congress to grant copy rights, but only for very limited purposes and only for limited times. The purpose was to "promote useful arts and sciences."
Now fast forward to today. While the originators of the law foresaw copyright lengths becoming shorter over time, as technology and the ability to quickly publish and ship works improved instead they have been extended to last virtually forever. In fact whenever certain works get close to expiring another extension is added to them. The rights granted specifically to the people (the right to
How can it be a virus if it is a Trojan?
OK, welcome to malware nomenclature 101. Will everyone please take their seats. Thank you. There are three basic classifications for malware:
This particular malware is a trojan (partly disguised as a jpg) which them copies itself to a new location on your drive and modifies a few commonly used applications in order to spread itself via they Bonjour discovery and file transfer mechanism in OS X. It requires human intervention to extract itself run, spread, and for download. I'd call this a virus to be clear about its functionality.
In both cases you are in possesion of something that you should have paid for to obtain, but you didn't.
But as to whether someone should pay for something or get it for free is merely a matter of opinion. If I find a block of gold on the ocean floor in unclaimed waters, who should I have paid for it? If I find a block of gold in a store, I should probably pay the store owner. Copyrighted works are somewhere in between (and a bit to one side). There is no ethical reason why I should pay copyright owners, only practical ones.
Like I have been saying, there is no fundamental difference in the end result whether you walk out of the store with a CD or if you download it off of the internet. THERE IS NO FUNDAMENTAL DIFFERENCE IN THE END RESULT.
So If I shoot someone in the head, they are dead and I have committed murder. But if I sell someone a gun and they shoot themselves in the head I have still committed murder? After all, the end result of my actions is the same, right?
P.S. Your caps lock seems to be broken.
i submit that a physical object is not necessarily required for theft.
I submit that you are wrong.
if you're a gamer, does it incur your ire when someone steals from you in game?
No. You see games are symbolic representations of the real world. You're confusing fantasy and reality. If someone stabs your character in a game to death have they committed murder?
if you developed a neat idea and had it on your hard drive, would it bother you when someone copied it onto their USB drive, and distributed it or claimed it as their own?
That is called plagiarism. It is unethical in my opinion, but not theft.
how about your digitized poetry? your art?
This is called copyright infringement if they copy and republish it. It is called plagiarism if they claim it as their own. Not everything you can do that is unethical or that might bother someone is called "theft." Here's another one for you. If someone stabs you in the head haven't they "stolen" your life. Should they not be convicted of stealing? No, of course not. It is called murder. We have different names and punishments for different crimes and we decide separately what should be legal and illegal. Right now most copyrights are detrimental to society and are doing just the opposite of what the original purpose of copyright law set forth. The RIAA, MPAA, and other big publishers know this so they try to confuse the issue by calling copyright infringement stealing. In this way they hope to confuse people who are against stealing into thinking that the two concepts are one and the same. You fell for their pitch.
i'm not using these as exactly analogous to downloading a movie, but the concept of a noncorporeal object of value is important.
So what? I may value the pleasure of a good blow job, but if the girl stops she isn't stealing that from me and I don't have any fundamental human right to blow jobs.
either way, there's some price point where you'd be willing to exchange something of value for it. taking even a copy of it without reimbursing the 'owner' is, in a word, a theft. moreover, you don't get to set the price that you pay for it.
No. It is copyright infringement. They have had nothing taken from them but the potential to make a sale. They have no entitlement to money. The law says copying without their permission is illegal, but it is not and never has been stealing. Whether or not they should have the right to restrict me from copying unless I pay them is a matter for debate. I'd say "yes" so long as it fulfills the constitutional goals set forth, which is to say about 1% of the time in my personal judgement.
and i think that you're right that downloading a file is significantly different from stuffing one's outerwear at walmart, but hey--let's not kid ourselves about what we, fundamentally, are doing, alright?
Speak for yourself. When I make a copy of some rare out of print book or music or video game that otherwise would be on a short road to oblivion I don't consider that fundamentally the same as shoplifting. I'm preserving important pieces of our culture and history, many of which are copyrighted by unknown parties. Maybe you don't see the damage copyright law is doing and just want something for nothing, but that does not apply to all of us. Copyright laws as they exist now are evil. They are deleting our cultural heritage for a very tiny profit. Please educate yourself on what is really happening to all those copyrighted works that can no longer be purchased anywhere, have no reference copies, and are vanishing from all existence.
The bottom line is that downloading content without paying for it functionally is identical to stealing it because the end result is the same. In both cases you are in possesion of something that you should have paid for to obtain, but you didn't.
Except whether or not someone should have something is a very subjective judgement. Now if I see you driving down the street in a mustang and think, "wow what a great car" and I aim my patented new duplicator beam at it and make myself a car just like yours... have I stolen your car?
Everyone who buys into this "physical product" definition of theft is forgetting one thing: A specific pattern of ones and zeroes IS a physical product!
Yes but people aren't stealing that pattern, they are copying it. The physical pattern still exists in the original location.
There is a significant difference between stealing and copyright violation. For example one is violating someone's basic human rights according to the constitution and one is violating an artificial government granted right imposed for a particular purpose. If, for example, by violating that government granted right you are actually more efficiently promoting that particular purpose then constitutionally, the lesser law is wrong, not you. Note, because of the wording in the constitution which calls for a value judgement, this is impossible to prove. In fact the supreme court ruled that although current laws are almost certainly violating the intent of the constitution, it is not their job to interpret the intent of lawmakers. Basically, the laws on the books aren't doing what they should, but it is not their job to say congress is a bunch of liars.
It would be more apt to say it's illegal everywhere except Nevada then to say it's legal if you live in any state as long as that state is Nevada.
I disagree. Given there is no federal law banning it, prostitution is a inclusively legal in the US. That is to say, if there is a territory not governed by any particular state law that bans it then prostitution is legal in that jurisdiction.
If you're a prostitute in America more than likely you are engaging in prostitution illegally.
But if you're a member of an official organization called "Sex workers of America" the chances are you're not openly breaking any law, whether you're are a porn star or a legal prostitute. Sure maybe some of those people do break laws, but that has no bearing on their right to protest something.
You know prostitution is legal in the US right? It is illegal in most states (all but Nevada I think) but I think you're a little off base.
People who buy Mac hardware, would still continueto[sic] do so. I doubt anyone with a powerbook titanium would ever give it up for a placstic[sic] cased dell. Mac users are all about aesthetics and status.
I suppose you have an in-depth market analysis to back that up? I know a lot of mac users and from my experience at least half of them would rather buy cheaper hardware if it could run OS X. I know my company would almost certainly be buying cheaper laptops for us to run it on. In any case, I'm guessing Apple has better market research into mac buyers and potential mac buyers than you do.
Mac dosen't[sic] make much money on selling Os X because they're really not in the OS market. Think about it. The only people who even by[sic] it are people who are running os 9 (a very small % of the computer market) and most computers that are running os 9 can't really run OS X.
I'm guessing about 90% of boxed OS X sales are to existing OS X customers. What Apple (not "Mac") sells is basically an upgrade for existing users. 10.1 was a free upgrade, 10.2, 10.3, and 10.4 cost money.
The bottem[sic] line is growing the Mac user base.
The number of customers is not the only consideration for profit. Apple made about as much money as Dell last year. It is highly likely that Apple would lose a lot of hardware sales. It is highly unlikely they would gain nearly as much in OS sales, given MS's stranglehold on the pre-install OEM market. They tried licensing to OEMs and almost went out of business. Jobs tried selling both and OS and cool high end software and nearly went out of business.
I'd like to be able to buy OS X and install it on a white box. I'm sure you would as well. That does not mean it is a good business plan for Apple to sell it that way. Until MS is restrained from anti-competitive actions or until they are broken up and competing with one another there is not a viable way to enter that market. Even with the best product, Apple will still lose big time. Only by selling a vertical solution can Apple maintain their OS as a viable product.
I personally went with the DVR from Comcast. IMHO it was a better offering than tivo (pains me to say Comcast offered a better deal).
I don't trust Tivo as a company anymore and went with a smaller company with a less restricted product when I decided on a PVR. That said, it is not fair to compare Tivo to Comcast on price. Comcast just raises everyone's subscription fees to cover the difference (seeing as they have a monopoly in most areas they are available). Ditto on integration with a Cable box. The truth of the matter is, Tivo has pretty much sold out to the cable companies and given the cable companies' leverage a lot more people are choosing like you. It is too bad too, since the cable companies are motivated to remove as much of the ability to store video long-term and skip commercials as possible. They will kill the 30 second skip as much as possible. They will try to ad more advertisements using the PVR. They are motivated to make it hard and/or expensive for you to archive video, since then you would be less tied to them and since they are owned largely by the same corps as content producers who want to sell you that archived copy on DVD.
You may have made a wise choice in the short term, but the long term consequences are going to suck.
Meanwhile, I'll be using the built in editor on my PVR to remove commercials for my favorite shows/movies before I burn them to DVD or VCD. I'll also be exporting recent episodes of shows to mpeg-4 so I can watch them on my laptop while flying/commuting. It even uses less battery than a DVD would and I can catch up on those shows I haven't gotten to before I delete those not worth archiving. Also note, I pay no monthly fee for my PVR and can pick my choice of independent scheduling providers instead of being tied to one particular service.
I'm firmly convinced all this functionality should be in every PVR, except of course those being made by corporation with a vested interest in them being less functional and those companies who have signed huge sales contracts with those companies. Oh well, hopefully IPTV will take off and fundamentally change the market, separating content from other content and from being tied to delivery mechanism.
No, it doesn't. These things are all modular.
Hmm, I seem to remember putting C: and a path into IE being an easy way to access the entire filesystem, including files to which I would not normally have permission. Sounds like access to a lot more than user space (which is where a browser should be running) to me.
IE has no more ability to "cause serious changes to the core of the OS" than any other app like Firefox does.
See the above example. You can install and run firefox as a non admin.
Architecturally, it's essentially identical to KDE's khtml or OS X's WebCore/WebKit.
Not really. Sure all three offer HTML parsing services to other apps, but two are clean services to do that with applications that utilize them. IE is not a service, it is an application by itself that leaves a lot more room for the large number of security holes that are the result.
The monopoly stuff I'm not really going to comment on, other than saying I disagree with the basic principle that Microsoft is - or ever was - a monopoly, and the idea that they can't add functionality to their product as customers or developers demand is ridiculous.
That is because you are erroneously thinking that monopolies are defined by products. This is not the case. They are defined by markets. MS can add any products and features they want so long as they are not combining one product or bundle that combines their monopolized market and another one. You seem to be fundamentally failing to understand the concept of a monopoly or bundling. This failing is so common even on Slashdot that it would be a great example of how the public school system fails. It not only failed to teach you this basic concept but it also failed to provide you with the research and critical thinking skills needed to look up and do any basic research on a topic before asserting your uneducated opinion on it.
If you like Apple's product, buy them. But please realize that even if they go out of buisness[sic] in 5 years, you will still be satisfied with your purchase (if you think it's a good one). If you are not a fanboy, you will just buy from an other company.
If this were a free market I might agree with you, but it is not. How many viable OS choices do I have and how many will I have if Apple goes under? I do have a vested interest in Apple staying around because without them the computer industry would have stagnated even more than it has under a certain monopolist's reign. Anyone who works in the computer industry probably has that same vested interest, even if they don't use any Apple products.
Why everybody here must defend a company like Apple (or any other company)?
Who is defending anything? I am explaining the reasons why they won't take a particular action to someone who asked why they won't take a particular action. I'm also pointing out some things the previous poster seemed to have factually incorrect to improve their understanding.
Reading this topic, it seems like if all the money made by Apple was money made for the ./ community.
Apple products are popular among Slashdot users because they are some of the best available. No mystery there. Most of us also appreciate anything that can lessen the dangerous MS monoculture and facilitate advances in the state of the art. Apple has certainly done that as well. Even if most users only see a bad copy from MS five years after Apple has implemented something at least it does reach people and computing gets a little bit better. Apple doing well, makes a lot of us happy for this reason alone.
If that was what was happening, why didn't they just stop authenticating Real files, or perhaps more deviously, always give authentication for Real files, rather than going through the potentially-breaking-people's-devices extreme step of a firmware update?
They revamped the whole authentication system to make it harder to fool. They did not do anything until they were already releasing a firmware update to fix a number of other issues and add some new features. It is not even clear that Real was the motivator for their changes. They did not do it right after Real started spoofing and it is entirely possible the tiny number of Real files was not even really a concern at all.
The unanswered question is: how many copies of OS X do they sell today versus how many would they sell if they had an available installed base of 40 million PCs?
Have you seen the market for OS's that are not pre-installed? It is tiny by comparison to the whole market. The majority of those licenses in that small segment of the market are to big business, MS's strongest point. Unless Apple could break into the pre-install market they would have no chance of recovering lost hardware sales. If you had a big chunk of the retail PC market and MS could kill you at a whim with their differential pricing would you bet the whole show on people switching? Would you do so knowing you'd be putting yourself in competition with and at the mercy of Apple at the same time?
That to me is the big thing Apple seems not to value. The chances of me going out and buying an Apple computer today are 0%. Partly because I have a fairly new PC that is sufficiently powerful to do the job, and partly because I can't cut my family off Windows cold-turkey.
That's the thing. You aren't a good customer for them because the only way to reach you is to sacrifice their biggest source of profit. They have done several things to reach people like you, but slightly more willing to change. They introduced a really cheap model so you can try it out. They introduced free software that comes bundled and covers the needs of 90% of computer users. You're just a part of that 10% that it is not profitable for them to sell to.
As for "cold turkey" on Windows, with WINE, VMWare, Virtual PC, etc. it will soon be reasonable to use the Windows applications on OS X. If that is still not enough then you'll just have to stick with Windows. Note that it likely Vista will boot on Apple hardware.
It is also important to note that Apple has been down this road before. They licensed their OS to other manufacturers in the 90's and it almost killed them. Jobs tried selling a great OS and really cool hardware separate from each other at NeXT, but the market was not large enough. Apple has a lot of smart businessmen and access to much better market research than you or I. If it was profitable or likely to gain long term profit via a viable strategy, they'd have done it by now. In any market there are customers it is not profitable to reach. In this market, that seems to be you.
since when does any comercial OS company give free support.. that'll be the day!
Well Apple has some of the best support in the business according to consumer reports and they provide that support (for a limited time) bundled with all machines and some other products. They also provide free on-site support at their retail stores. Finally, most companies, even ones that say they don't offer support, still do provide some support even if it is just paying people to answer the phones and try to sell support contracts. Trust me, the more machines running diverse configurations with third party or no drivers the more calls they will be getting.
Apple is 5% of the market selling hardware. I don't think they net $800 off of every sell. In fact my mac mini was loaded and only cost $799.
Take a look at another company with a similar market cap, Dell. They are 20% of the market with similar profits. Now note that 50% of Apple's income is from iPod, services, and other software. It actually lines up rather well doesn't it? I've seen multiple evaluations of this possibility. Apple would lose nearly half their incoming cash by making this move and to make up that amount based upon current prices for retail OS X would be between 30-40% of the market. If I had the numbers in front of me I'd copy them for you. I believe 5% was too high for their sales as is the $800 figure for average profit per machine.
It wasn't a server thing, it required changing the firmware on the ipods.
There were multiple components, but the gist of it is Real was getting Apple's authentication servers to issue authentication for Real's files wrapped in an imitation of Apple's DRM. Apple servers were being used to enforce Real's DRM. Want to play that file on another computer, well we'll just contact Apple's servers and see if you are authorized. They updated the whole system, one component of which was updating the ipod firmware.
not hackers, crackers; please...
Actually, in this case it was hacking, not cracking. They did not crack any encryption or work around any security. They simply hacked together a new system using a lot of OS X, with many parts replaced with alternatives (like the whole kernel).
I don't understand why Apple is missing the boat here. I'm waving my $150 at you Steve Jobs come and get it.
I'll explain it. You and the several thousand others like you would cost more money for the free support and other missed opportunity cost than you would give. Basically, Apple offering OS X fort other hardware will cost them hardware sales since many people will buy other hardware now that they can run OS X on it. It will increase support costs in trying to deal with all that hardware. And Apple makes very little money selling OS X. They make their money selling hardware and in order to make the same amount of money they would have to capture 30-40% of the OS market. Since they are locked out of the pre-install market by MS's OEM pricing and since the non-preinstall market is about 5% of the market right now the chances of them even making the same amount of money as they do now are basically zero. I'd buy it too, but it just doesn't make sense for them to sell it.
Whoa, whoa, whoa. I'm on board that just "downloading a DVD" is unethical, but if I BUY an official copy of OS/X, then who the hell is Steve Jobs to tell me what I can or can't do with it?
I agree with you in principal, but OS X for x86 is only available with the purchase of an imac right now (as far as I know) and while it is possible that you might want to take that one license and install it on a different machine while wiping the imac, don't think it is likely. I'm all in favor of hacking the OS and researching, but I'm more than a little leery that this will lead to just another way to get crappy warez versions of OS X hacked up to work on generic boxes without paying for a license. Right now it is just that, a concern. I don't see anything that has been inappropriate yet.
This is one of the main reasons I dislike Apple as a company: the arrogance. Steve wants to tell me what I can and can't play on an iPod (e.g., suing Real). Steve wants to tell me what I can and can't do with software I buy. Frankly, screw Steve!
And here is where you lost me. When did Apple sue Real? As far as I know there has only been one lawsuit and it was Real suing Apple. What Apple did do was change the DRM authentication on the iPods to stop Real's hack from working, but seeing as Real was using Apple's servers to do the authentication I don't think anyone can really fault them for that. It was a very legitimate security and support concern. Hell, I wouldn't let my competitor's use my servers to authenticate their DRM either.
Apple could be so much more successful if they would stop being such a-hole control freaks and just sell their products and embrace people wanting to use THE SOFTWARE AND HARDWARE THAT THEY FREAKING OWN the way the want to.
Apple is very successful now and not because they operate using a simplistic view of the market. They are in a market dominated by a monopoly and they can only compete by maintaining a complete vertical chain on their own. Apple sells computers because they can't survive selling software and because they make more money that way. They use software as a differentiator, but they are not an OS company, they are a hardware company. Selling OS X for intel would be huge financial loss. The OS market, like it or not, is basically the pre-installed OS market. MS has that market locked down. Apple can only sell pre-installs on their own hardware. The secondary market of installs after the fact is a small one for the tech savvy. A lot of Apple's customers would be included, but not a significant share of the market. Operating in such a commodity business Apple would have to grab nearly 40% of the market just to break even with the hardware sales losses they would endure. It is just not very likely. I'd like OS X for generic hardware as much as the next guy, but not at the cost of Apple going out of business and it no longer being available in the future. Sorry but a lot of people have looked at this business case including Apple and it just doesn't make sense for them.
Why should apple bother with "security measures... It'll crash, it won't have proper driver support and it won't be updated nearly as fast... Users would eventually figure that using OSX on regular, unsupported PCs is too much trouble and would thus cease from doing so.
It will crash and have driver problems and generally be hard to use, but users won't figure out that this is due to running on unsupported hardware; instead it will develop a reputation as an unstable OS. Apple would prefer not to poison their brand.
that if such a powerfull (talent-wise) company fails to create a considerabe protection for its highly wanted OS, and every release gets eventually cracked, it is yet another confirmation that they want it to be hacked?
Sigh. First this isn't a crack, per-se, more of a hack. If I take a Linux distro running on a x86 white box and replace the apache install with the modified one OS X uses what do I have? I have a nasty hybrid that is mostly Linux and a tiny bit OS X. This hack is basically replacing many core parts of OS X with different versions, including the entire kernel. It would be just as accurate to say someone got the OS X window management system running on a Linux system (sans several parts).
In any case, no Apple does not want people running their OS on generic hardware as it has a number of negative effects upon their business. At the same time, those negative effects are only significant is they are easy and common. Most people can't even install a regular OS, let alone rip out major components of OS X and replace them piecemeal. It makes business sense for them to spend some effort installing a roadblock, after that they face diminishing returns.
Every release will be cracked so long as people have the time and interest, but the results, like those mentioned here, are an unsupported Frankenstein's monster that is going to be a mess to use and likely very unstable.