To address your points:
1. User education is important on any platform; so I will agree in theory. However, I hasten to point out that if those users had bought into the "Macs don't get viruses" mantra, they wouldn't have opened their wallets and exposed their credit cards to "eradicate" that which does not exist. It was the ones that DID believe the fake warnings that got infected; not the people who know better. Think about it.
2. Although I DO wish they'd change that damned default "Open Safe Files..." in Safari, actually, what Apple did with Safari as far as Sandboxing goes, was better than simple Sandboxing. At least for Snow Leopard. For Leopard users, there is a third party haxie, if you're willing to give up some functionality.
3. Apple hasn't just been sitting around "in Kansas", like most slashdotters seem to think. And as far as OS X itself goes, Apple is now going one better: It turned the soon-to-be-released 10.7 "Lion" over to security researchers and white-hat hackers to pound on for awhile, including the redoubtable Charlie Miller.
wrong. apple is a step behind. the approach they are taking will always leave them playing catch-up. obvious fanbitch modding. pathetic.
Apple is in no way a step behind; other than in the fact that no one can create a malware signature before the malware exists.
And, although Apple doesn't make a big deal about it, they certainly take security quite seriously, now, and even more in their soon-to-be-released OS X, 10.7, "Lion", as any slashdot reader knows.
God it's going to be funny watching the Mac fall to the same malware issues as Windows. Microsoft, through sheer blundering brunt force over the years, undertstands OS security very well. All Apple has is platitudes and wishful thinking to fall back on.
Especially when users hand the trojan their root password, like what was done with MacDefender.
Except it didn't take long for them to release a version that doesn't need the admin password.
But even with that version, the user still has several chances to avoid infection:
1. Don't fall for the fake alerts in the first place.
2. Don't have "Open Safe Files After Downloading" enabled in Safari.
3. If they DO have that option enabled, don't allow the application to run when OS X puts up the "This application was downloaded from the Internet..." dialog.
4. Think about why the application immediately wants CC info, and do not enter it until doing further research.
It is ONLY Lusers that fail at least 3 out of 4 of those "warning signs" (they could have had "Open Safe Files" UNchecked, but downloaded and launched the app on purpose) that were compromised. We'll of course never know how many users got the Alert and said "I don't THINK so!"; but I'm pretty sure that, just as with any other Social Engineering attack, that that percentage was MUCH higher than the people who were gullible enough to actually go through the multi-step process to get infected.
And none of that was compromised or negated (other than not requiring the additional, unnecessary step of entering a password), by the "non-root" variant. I would imagine that the first version collected the admin. passwords for possible future uses; because the only thing this actually does is eventually trick the user into entering their CC info. Nothing more, nothing less.
Because the user experience hasn't changed. The user neither notices the viruses, or the antivirus.
Um. Er.
I'm pretty sure the user notices the virus, actually.
Actually, since the only real goal of this TROJAN (not "virus") was to gather Credit Card info, I'm pretty sure it doesn't actually do anything more after that. It could do some other stuff (like zero out someone's Home folder); but there's no profit in that; so it doesn't. Once it gathers CC info from the LUser, it's work is done.
And, BTW, if the user is smart enough to run something like Little Snitch, they get another crack at negating the effectiveness of this Trojan; by keeping it from phoning home.
Maybe you didn't read the story but the fix was an absolute fail.
So, Mr. Smarty-Pants Communist; just exactly HOW would YOU "fix" an OS (any OS) so that the user can't be social-engineered?
[Crickets]
Personally, I would be using INTERPOL to locate and prosecute the FUCK out of the people responsible for this. Do that about ten times, and the problem would solve itself.
If you've got another way that can protect a user from themselves, I'm all ears. And so is the rest of the world.
OS X doesn't even enable "root". Even an Administrator-level account isn't "root" on an OS X system. But unless you create a scenario where users cannot modify their own system (not bloody likely!), then there will always be the possibility of this kind of slow-moving, small-numbers attacks (everything's relative; but I'm talking about in comparison to some of the worms seen on Windows systems).
What I love about this whole scenario is that, if the Mac users that were social engineered into thinking their machines were virused had simply just followed the rule of "Macs don't get viruses", they would have never gotten infected in the first place.
That is exactly why I postulate that the majority, if not all, of the people who got hosed were ex-Windows users, who are too used to clicking on things that look like Virus Alerts.
BTW, I have yet to see one of these fake banners on my Mac. I guess I must not be surfing the right sites, eh?
Before Microsoft really started pouring effort into IE, most people had Netscape.
Wait, MS didn't really start pouring effort into IE until around version 8. It was mostly IE's being bundled with Windows that made all the difference. That, and Netscape's inability to fix many, many longstanding bugs (until it was Open Sourced, that is)...
Exactly. It is the perceived value that gets someone to pay a premium for a iPhone 4 over iPhone 3 even if they aren't going to use the new features. It is better because it is newer, but it is better also because that is what Apple wants to push now.
I hope you aren't ascribing that behavior exclusively to Apple. Obviously, that is what every manufacturer does that has "refresh cycle" does. Chevrolet doesn't waste its time promoting the 2010 HHR the nanosecond the 2011 comes out. It instantly becomes the old and broken (even though it was the new hotness just the week before), and the new model (which is likely different in fairly small ways) becomes "the new hotness". Such is the way of product life cycles.
Additionally: copyright and patents will win the day. First off if I own the patent or copyright I can make it a rule that you do whatever I tell you to do with my product. For example Apple could explicitly forbid you to give away an iOS device in the EULA of the application. If you do so you violate their copyright and are liable for ~150k of damages in the US at least per offense.
What "application" are you talking about? Software is a special case, in that it is never, or nearly never, "sold"; it is instead "licensed". But the device itself is quite another matter, and I agree with other commenters here that the doctrine of First Sale, plus centuries of Common Law, say that you are free to give it away, smash it to bits, put it in a blender, resell it, stick daisy appliques on it, or whatever. The only time patents and copyrights would enter into it, is if you decided to make a duplicate iPad and load iOS on it.
BTW, even though you misspelled "Buttfuzz", I still like the name...;-) And are you telling me you can get a decent lawyer in Buttfuzz for only $200 an hour? You must have some connections!
And it is also "common" and even "grammatically correct" usage to put "slang", "unusual usage" and "colloquial phrases" in quotes. Quotation marks are also used to denote "terminology" or "jargon"; or, as was the case when I said " 'Everybody' knows...", in my original comment, to "distance" myself from the "everybodys" in that sentence. If you will go back and re-read my original comment, I believe you will find that all of my usage of quotation marks falls into one of the "common use" categories denoted in the "linked-to" Wikipedia article.
Now, with all that in mind, and "with all due respect", FUCK OFF AND DIE!
How's that for some non-quoted text? Feel better? I know I do!
BTW, your snarky use of quotes above, does not fall into one of the "other" uses of quotation marks. Unless, of course, you were "quoting yourself", which is actually seldom done; because it sounds too "pedantic".
That's what is killing the music industry, the perceived value of their product dropped to zero.
Actually, at least in the case of many "Talent du Jour" faux "musicians", the ACTUAL value of the product is somewhat less than zero!
But, I get your point, and it is somewhat true. When people don't have a physical thing, like a vinyl record, or a CD, to actually covet, and then purchase and OWN; something they can look over at, hold in their hands, look at the artwork, read the liner notes, etc., the "perceived value" of the entire experience is greatly diminished.
And I am very sad to report that there seems to be no one (or basically no one) that "gets that". Least of all, those on the forefront of non-physical media distribution, like Apple is currently, and is about to become even more with iCloud.
At some point, the human psyche will adjust (it already has to some point with the current generation of teenagers), and this will no longer be the case; but for me (and likely for most people posting here), there is at least a tinge of regret that the days of making your Mom drive you to the store so you can buy a new album, then spending the rest of the evening playing it over and over (turn that thing DOWN!), while looking at the album art, etc, are basically over.
That's all true. But you're overthinking it. The major objective seems to be to kill as many of those those "FREE iPad" and "FREE iPhone" spams and adverts that piss people off. And are in many cases scams. They turn people off the brand in a way that comes before perceived value.
Wow! I spent about 100 times more time typing my "thoughts" than having them; so I hardly think I "overthought" the matter, LOL!
But, your point is also valid. Let's just say there are both forces at play; because I think, in all actually, they are.
It seems like everyone is going out their way to rationalize Apple's behavior in this matter. Your solid business policy excuse is right on the money though. Heaven forbid they admit they might have a problem. The actual steps to eradicate or at least prevent future infections were pretty straight forward for this minor problem but next time things could be more serious. I also know another company that has violated their "Patch Tuesday" policy on occasion when a serious problem occurs. I just can't help feel that had this been a MS problem people on this site would be calling for Congressional Hearings and recommending UN sanctions be put in place to punish someone for this monumental and egregious attack on the worlds innocent computer users. Oh the children!!
You claim to understand my rational explanation, and then you turn right around and demonstrate that you do not.
Apple does not "have a problem", at least not one that everyone who creates an OS that allows users to install software can solve. Every single person on Slashdot agrees that the biggest security threat to any OS is the user; Apple (and by extension, OS X) is no different. There is only one solution to that problem: Never run as an Admin. Even that isn't 100% effective; because, even if you have to log out, then log back in as an Administrative user, there is absolutely no guarantee that you won't eventually be duped into installing some nefarious, or infected, application. A good example is the latter, where people downloaded bootleg copies of iWork '09, which had been infected. As anyone who installs pirated software knows, sometimes bad things happen to good software... Yes, you can have "signed binaries" and such; but, not only does that become a gigantic pain for the maker of the OS; but then people start crying "Software wants to be freeeeeeeee!" Anyone who has been a member of slashdot for more than three months will attest to the fact that that is exactly what all RMS' virtual chillen' would immediately start screaming.
So, there you have it (and you very well know it).
The only difference is, with Apple, ONE lonely Trojan is NEWSWORTHY; in the case of MS (or, it seems, even Linux), it's just another day in paradise. And, although MS has indeed broken their "Patch Tuesday" rules; if you were being HONEST, instead of intentionally obtuse, something like MacDefender wouldn't even get onto their RADAR, let alone sound the alarm bells.
I'm not sure what they are going for here. If there is a give-away do they think it will water down the brand?
Not "water down"; but "devalue".
Personally, I was trying to figure this seemingly wrongheaded policy out myself. And I think I might have figured it out.
It's called "Perceived Value". Successful marketing in a "technology-driven" company is a curious combination of understanding current (and future) "technology", plus MBA skills, Communication skills, with a dash of Psychology. And the "Psychology" part of that equation tells the Marketeer that when people get things for free, they don't "value" them (or not as much). This, curiously enough, extends even to the people who don't actually receive the item; but even just could have received it.
Think about it: "Everybody" knows that, when when anybody, especially a business (who is, afterall, "in it for the money"), gives something away, that it is very rarely something they could have easily "made money on" (even if they don't actually sell that item themselves).
We are all somewhat "conditioned" to the fact that, only "worthless" items are given away as "Promotion". Often it is basically true. Sometimes not (like, for example, a car); but, in all cases, the "Perceived Value" effect remains in the back of everyone's mind. And Apple is smart enough to pay attention to those nuances of human behavior. it doesn't make them evil, or "dickish"; just perceptive.
Oh, and one of the reasons this will NEVER get to the level of a Windows problem is simple: Macs don't have a "Registry", in the sense that Windows does.
Yeah, because we all know that malware didn't exist until Microsoft invented the system registry./rolls eyes
The rest of your post is similarly "informative."
--Jeremy
Did I say that? I'm pretty sure I didn't.
What I said (or actually "implied"), is that the Windows Registry is one big vulnerability that simply doesn't exist in OS X. And the problem that is unique to the Registry is that, as I have recently encountered with an XP system I "disinfected", long after that last "infected" file has been replaced, the damage can linger on in the form of modified, and/or inserted, and/or deleted Windows Registry keys. And the locating and repair of these Registry changes is something that is painstaking at best.
In the case of the infection I am speaking of, it has modified some startup of Services such that the Windows Firewall doesn't start, nor do several other Services that are used to access "Mapped Drives"; such as the "Workstation" and "Computer Browser" Service (and of course, their depdencies). Changing their "Startup" settings does nothing. They are all set to "Automatic", but they refuse to start. You can start them from the Services "control panel", and they will start and run normally, until the next reboot. No errors, no log entries. Nothing. They simply refuse to start. I have Googled and MS Knowledgebased the problem to death; but cannot find anything that is much help. And it is the insane complexity of the Registry, coupled with the total lack of reasonable documentation regarding same, that contribute to the "throw up your hands" feeling when dealing with complex Registry issues like this one.
THAT is the problem that cannot occur with OS X's "decentralized" plist files. And thus, why I said what I said.
there is a "registry", actually there are a few of them.
Open terminal, type "defaults read | less"....behold! The Registry of Apple Macintosh!
Then there is/System/Library/LaunchDaemons & xml files. Launchd *will* restart your kill -9'd process for you!
Are mpkgs signed yet? If not, or if getting them signed is expensive, good luck!!
Are you just trying to be stupid, or do you not actually understand what the "defaults" command does?
In case you are not understanding, the "defaults" command allows the editing of the multitudinous, but separate "plist" XML files for USER settings for applications. There is no, repeat no centralized database in OS X like the Windows Registry, period, even though the defaults command makes it sort of seem like there is. Yes, there is an "NSGlobalDomain" "key" (Domain); but even that has pretty innocuous settings, at least as far as I can tell. Unless I'm wrong, I simply don't see anything that would change boot behavior.
As far as the LaunchDaemons folder, so what? First you have to modify the contents of that folder. And that, my friend, requires root privileges (or a sudo). Not likely to happen without the user knowing.
So, you can use the "defaults" command to mess with certain Preferences (mostly Application Prefs) for a USER, w00t. That's a far, far cry from the damage you can do via the Windows Registry. And all that a user has to do to re-create a Pref. file is trash it, or simply move it from its usual location, and the app. will re-create it on next launch. Again, w00t.
As far as the signed mpkgs, I do not know. I'm not an OS X dev.
Don't the social engineered attacks act as the gateway for launching deeper attacks?
If this were Windows XP, definitely. But on OS X 10.6 and above, not so much. At least not so far... And recent moves like this are a clear sign that Apple is taking security very seriously in 10.7 (Lion).
Once your foot is in the door all kinds of possibilites present themselves. How is OS X ahead of the curve when according to you they are just growing good practices now. They have a solid security model in place but that doesn't mean it does not have any potential vulnerabilities. Shouldn't they have already been growing good practices all along or did they actually believe OSX invulnerable and decided not to bother?
Your statements above are self-canceling, you realize that, don't you? First you jump on my poorly-worded statement, implying that Apple is just starting to add security features to OS X. Then you say that they have a solid security model in place. So, which is it?
Nevermind; I'll answer for you: OS X 10.6, Snow Leopard, already has several security features; but 10.7, Lion (which is almost ready to release) will have decidedly more. Got it?
They have not handled the current malware attack very well. Thier customer support center started playing down the threat and would not give any advice on how to remove an infection and often tried to mislead those calling into thinking it was some other application causing the problem. Someone from corporate even published a copy of the instructions communicated to the support reps on how to handle the problem without ever admitting the problem actually existed. Now a couple of weeks later they come up with a patch and that is considered as staying ahead of the curve?
Apple was already "ahead of the curve" regarding more serious infections due to the features already implemented in the current version of OS X (see above). As been said on these pages many, many times, nothing can completely insulate an OS (any OS) from the most serious security problem (the one sitting in front of the keyboard).
Although I was not thrilled with the initial response on MacDefender, either; Apple's early decision to tell their support people to "not help people" eradicate MacDefender is actually grounded in sound business policy; which is, when a company like Apple has their "agents" say "This will work", Apple is essentially "owning" that fix, and there could be an "implied warranty" issue if the procedure doesn't work on a particular customer's machine. I know that sounds weasel-y; but that's what happens when Tech Support conflicts with the Legal Department in a big corporation.
But, as soon as Apple was able to figure out and test a solution, they released it. They did not wait for "Patch Tuesday", (I know they have no such thing, thank FSM; but you get my point). They rolled it out fairly promptly. By Microsoft standards, the "denial" period was vanishingly short, and the patch was issued with relative alacrity and candor.
Which would all be fine and dandy, I assume, if it weren't for the fact that (on XP at least) 95% (probably being conservative) of the users still run as an Admin.
1) XP is 10 years old. Why compare a 10 year old OS with the latest version of MacOS X?
Because this is what Windows usage looks like as of March, 2011, that's why. And because that same article says that, conversely, all of the reporting mechanisms show that the current version of OS X, 10.6 "Snow Leopard" is the most widely used. Next!
Most computers And oh, even if you are not running as an Admin, there have been puh-lenty of "privilege escalation" exploits on the Windows platform.
Ditto MacOS. Actually MacOS is worse because it doesn't sandbox Safari (or if it does then not very well), e.g. the carpet bombing exploit of a year or two back. If you 0wn Safari you can fuck up MacOS pretty badly without even needing privilege escalation.
But the carpet bombing attack couldn't make anything execute, and so was utterly useless as an actual "pwn" attack. That's why it really never went anywhere. And it was, BTW, a Safari vulnerability; not an OS X vulnerability; because it could happen on the Windows version of Safari as well.
I would bet my bottom-dollar that the vast majority (I would even go to say "almost all") of the people who fell for the MacDefender trojan were ex-Windows users.
You really do have your head up Job's arse, don't you? Sure, people who buy into the sleek white Apple universe are somehow more intelligent. Feeble minded submission to advertising has nothing to do with it. Having to enter the admin password when installing anything on MacOS in no way trains them to do it, unlike clicking through UAC warnings and then entering the admin password on Windows.
I made no such claim that Mac users were more intelligent than Windows users. What I claimed was that Windows users have become conditioned by years of A/V alerts, and thus, more likely to just click on them without putting much thought into the fact that Macs have enjoyed a virus-free (and therefore A/V alert-free!) existence. After awhile, even Captain Picard believed there were Four Lights. Didn't make him stupid; just benumbed.
I have experienced UAC a number of times. It is in no way an equivalent deterrent in the way that the "sudo" dialog on OS X is. Why? Two reasons: 1) Windows is an alert-happy OS. It seems that either an application or the OS itself almost constantly "wants something". This numbs the user into not thinking. OS X, on the other hand, is (unless you are a heavy "Growl" user, which I am not) a pretty "quiet" OS. So, when something pops up, it tends to make you take notice. 2) Every incarnation of UAC that I have personally experienced merely made you click a button to "Allow" the action to happen. This, coupled with the "Alert-Happy" nature of Windows in general, makes it that the less likely that the user will pay attention to a UAC dialog, rather than just dismissing it as (yet another) damned annoyance. OS X's "sudo" dialog actually forces you to stop and enter your password (or, if you aren't on an admin account) enter both an admin user and pass. Even when I expect it, this extra step (of having to enter at least a password) is "disruptive enough" that it always makes me stop and think "Why do I need to do this?" And that is exactly the extra thought that stops a much larger portion of users from simply giving permission out-of-hand.
pwn2own is anything but a "real-world" test
Hackers looking for vulnerabilities to exploit for monetary gain is not "real-world"?
The conditions in pwn2own are not "real-world". Quit being deliberately obtuse.
The list includes Bliss../bliss --disinfect-files-please
If you count toys, you can get high numbers for anything. Like, the number of cars I had before even getting a drivers license. Sure, they were match box cars, but those are just as real as malware on a list which includes things like Bliss.
Doesn't matter. By your definition (that we don't count "toys", of which you only name one for the Linux platform, BTW), then the number for OS X is (drumroll) ONE.
One stinking serious phishing TROJAN (and zero viruses and worms) in eleven years!
I'm sorry, but by any measure whatsoever, there are less examples of in-the-wild malware on OS X than any other platform, including Linux.
But, please feel free to pull down that Linux number to even get anywhere close to the THREE (even including the OS X "toys") on OS X. I'll be here, waiting...
Man.. what kind of fact-free rant is that.. do you actually believe some of that nonsense?
I dunno. Where are your facts?
I just don't have the patience to get into one of those "my platform is better than your platform" garbage discussions
I see. And yet, you have the time to compose your multi-question reply. But, do go on...
(and I really don't intend to diss your platform) so let me just ask you a couple of questions:
1. Where did you get the number (few hundreds) from?
Same place you got your number to rebut my number. But, ignoring that, I actually couldn't find a "non-inflammatory" source for a solid number; so I will admit it was a (probably a little low) SWAG. But, as soon as you can find a hard number to replace that with, I'd really be interested to see it, seriously.
2. Regarding the "only reason" -- you don't think an unsafe default setting (to run 'safe' files) combined with a murky definition of 'safe' files are contributing factors?
I will wholeheartedly give you that one! On every OS X system that I set up, either for myself, or for others, I always de-select the "Open Safe Files..." option. It was definitely a "usabiltiy over security" decision that I think will now (FINALLY!) be changed. But even the first few iterations of MacDefender didn't catch onto that gaping security hole. As I said, I'll give you that one.
3. Why do you need to bring Windows into the conversation? I fail to see how its relevant to this topic. (not to mention that your comparison of registry vs. p-list is pure garbage!)
Sorry, when the topic of bad security design comes up, Windows is never far behind!
And no, my comparison of the insane vulnerability caused by the Windows Registry, relative to decentralized plist files is any but "Academic". And anyone who says differently is, IMHO, either delusional, or a Windows apologist.
4. What's with using so much capitalization? I can see you're trying to be forceful about making your point, but don't you think you should know what you're talking about before you yell?
Just lazy on my part. I hate having to derail my train of thought with stupid HTML tags. If slashdot would grow one of those dumbass "tag inserter toolbars" on the comment edit window (but that wouldn;t bee l33t enough, of course), then I would use styled text. Would you rather I use _this_ form, or *this* form? I guess I can do that, too. But the capitalization is just a bad habit on my part, and is pretty deeply embedded in my typing routines...
You, sir, have absolutely no fucking idea what you are talking about.
The registry is not a huge security vulnerability because it uses permissions in the same way that the Linux filesystem does. Can you overwrite/bin/sudo with your own virus? How about alter protected config files? Or replace the bootloader? Of course not, unless you somehow already have root access. Ditto with the registry - critical settings are protected by an ACL.
Which would all be fine and dandy, I assume, if it weren't for the fact that (on XP at least) 95% (probably being conservative) of the users still run as an Admin. And as such, have absolutely unfettered access to modify an-y-thing in the system, including (but certainly not llimited to) the Registry. Now, you were saying something about "permissions"?
And oh, even if you are not running as an Admin, there have been puh-lenty of "privilege escalation" exploits on the Windows platform.
BTW, your stupid statement is belied by the thousands upon thousands of examples of malware that plays games in the Registry. To claim the opposite is to engage in willful blindness.
There are two ways Windows systems get infected, and both apply equally to MacOS and Linux. Firstly you have user stupidity, and as Mac Defender shows this is not limited to Microsoft products. People blindly click through warning messages and type their password on demand.
While I will agree about user stupidity, I would bet my bottom-dollar that the vast majority (I would even go to say "almost all") of the people who fell for the MacDefender trojan were ex-Windows users. Why? Not because they are any more stupid (afterall, they switched to the Mac!); but rather, because they cannot imagine living in a world where they don't regularly have infection problems. So, when some "helpful" thing pops up and says they have been infected, they are already conditioned by Windows (and its constant infections) to believe it.
Secondly you have true vulnerabilities that allow code to elevate to admin level access. These types of attack are becoming less common now because not only are there fewer vulnerabilities in Windows but also because of sandboxing and running everything at the lowest possible privilege level. You may be shocked to hear this but Windows Vista and 7 do not run as root the whole time.
Actually, I am not shocked. I use and vastly prefer Macs; but I am fully aware of Windows trends and have even setup a couple of Vista (ewww!) and Win 7 systems, and regularly maintain a few that are still on XP.
And, BTW, OS X has been gaining those ASLR and Sandboxing features as well. And I don't know if you know this; but on OS X, no one runs as "root", specifically. The root account is disabled. You can sudo, of course (which is what the "enter your password" dialog is; but as far as "root" goes, not unless the user has specifically enabled it.
Again, Linux and MacOS are just as likely to have these kinds of vulnerabilities, as demonstrated every single year at pwn2own. Windows is just targeted more because it is by far the dominant platform.
Actually, pwn2own is anything but a "real-world" test. And the number of Linux vulnerabilities (863), as opposed to OS X (3, maybe) would handily belie your "marketshare" argument.
To address your points: 1. User education is important on any platform; so I will agree in theory. However, I hasten to point out that if those users had bought into the "Macs don't get viruses" mantra, they wouldn't have opened their wallets and exposed their credit cards to "eradicate" that which does not exist. It was the ones that DID believe the fake warnings that got infected; not the people who know better. Think about it.
2. Although I DO wish they'd change that damned default "Open Safe Files..." in Safari, actually, what Apple did with Safari as far as Sandboxing goes, was better than simple Sandboxing. At least for Snow Leopard. For Leopard users, there is a third party haxie, if you're willing to give up some functionality.
3. Apple hasn't just been sitting around "in Kansas", like most slashdotters seem to think. And as far as OS X itself goes, Apple is now going one better: It turned the soon-to-be-released 10.7 "Lion" over to security researchers and white-hat hackers to pound on for awhile, including the redoubtable Charlie Miller.
Apple's security update include a new daily malware definitions update.
So, on OS X, every day is a "patch Tuesday" now? ~
And you would propose exactly what update frequency?
wrong. apple is a step behind. the approach they are taking will always leave them playing catch-up. obvious fanbitch modding. pathetic.
Apple is in no way a step behind; other than in the fact that no one can create a malware signature before the malware exists.
And, although Apple doesn't make a big deal about it, they certainly take security quite seriously, now, and even more in their soon-to-be-released OS X, 10.7, "Lion", as any slashdot reader knows.
God it's going to be funny watching the Mac fall to the same malware issues as Windows. Microsoft, through sheer blundering brunt force over the years, undertstands OS security very well. All Apple has is platitudes and wishful thinking to fall back on.
Hardly.
That's funny that you think inherently reactive, definition-based anti-malware software can do a decent job of preventing infection.
So, what would YOU do in Apple's position? Keeping in mind that this is a Social Engineering attack.
Give it time. Windows stuff didn't start with intelligent rootkits either, but it sure got there eventually.
But, the malware writers have had over a decade to get their shit in gear, and this puny Trojan is the best they can do?
Especially when users hand the trojan their root password, like what was done with MacDefender.
Except it didn't take long for them to release a version that doesn't need the admin password.
But even with that version, the user still has several chances to avoid infection:
1. Don't fall for the fake alerts in the first place.
2. Don't have "Open Safe Files After Downloading" enabled in Safari.
3. If they DO have that option enabled, don't allow the application to run when OS X puts up the "This application was downloaded from the Internet..." dialog.
4. Think about why the application immediately wants CC info, and do not enter it until doing further research.
It is ONLY Lusers that fail at least 3 out of 4 of those "warning signs" (they could have had "Open Safe Files" UNchecked, but downloaded and launched the app on purpose) that were compromised. We'll of course never know how many users got the Alert and said "I don't THINK so!"; but I'm pretty sure that, just as with any other Social Engineering attack, that that percentage was MUCH higher than the people who were gullible enough to actually go through the multi-step process to get infected.
And none of that was compromised or negated (other than not requiring the additional, unnecessary step of entering a password), by the "non-root" variant. I would imagine that the first version collected the admin. passwords for possible future uses; because the only thing this actually does is eventually trick the user into entering their CC info. Nothing more, nothing less.
Because the user experience hasn't changed. The user neither notices the viruses, or the antivirus.
Um. Er.
I'm pretty sure the user notices the virus, actually.
Actually, since the only real goal of this TROJAN (not "virus") was to gather Credit Card info, I'm pretty sure it doesn't actually do anything more after that. It could do some other stuff (like zero out someone's Home folder); but there's no profit in that; so it doesn't. Once it gathers CC info from the LUser, it's work is done.
And, BTW, if the user is smart enough to run something like Little Snitch, they get another crack at negating the effectiveness of this Trojan; by keeping it from phoning home.
Maybe you didn't read the story but the fix was an absolute fail.
So, Mr. Smarty-Pants Communist; just exactly HOW would YOU "fix" an OS (any OS) so that the user can't be social-engineered?
[Crickets]
Personally, I would be using INTERPOL to locate and prosecute the FUCK out of the people responsible for this. Do that about ten times, and the problem would solve itself.
If you've got another way that can protect a user from themselves, I'm all ears. And so is the rest of the world.
OS X doesn't even enable "root". Even an Administrator-level account isn't "root" on an OS X system. But unless you create a scenario where users cannot modify their own system (not bloody likely!), then there will always be the possibility of this kind of slow-moving, small-numbers attacks (everything's relative; but I'm talking about in comparison to some of the worms seen on Windows systems).
So, prove me wrong or STFU.
What I love about this whole scenario is that, if the Mac users that were social engineered into thinking their machines were virused had simply just followed the rule of "Macs don't get viruses", they would have never gotten infected in the first place.
That is exactly why I postulate that the majority, if not all, of the people who got hosed were ex-Windows users, who are too used to clicking on things that look like Virus Alerts.
BTW, I have yet to see one of these fake banners on my Mac. I guess I must not be surfing the right sites, eh?
Before Microsoft really started pouring effort into IE, most people had Netscape.
Wait, MS didn't really start pouring effort into IE until around version 8. It was mostly IE's being bundled with Windows that made all the difference. That, and Netscape's inability to fix many, many longstanding bugs (until it was Open Sourced, that is)...
Exactly. It is the perceived value that gets someone to pay a premium for a iPhone 4 over iPhone 3 even if they aren't going to use the new features. It is better because it is newer, but it is better also because that is what Apple wants to push now.
I hope you aren't ascribing that behavior exclusively to Apple. Obviously, that is what every manufacturer does that has "refresh cycle" does. Chevrolet doesn't waste its time promoting the 2010 HHR the nanosecond the 2011 comes out. It instantly becomes the old and broken (even though it was the new hotness just the week before), and the new model (which is likely different in fairly small ways) becomes "the new hotness". Such is the way of product life cycles.
Additionally: copyright and patents will win the day. First off if I own the patent or copyright I can make it a rule that you do whatever I tell you to do with my product. For example Apple could explicitly forbid you to give away an iOS device in the EULA of the application. If you do so you violate their copyright and are liable for ~150k of damages in the US at least per offense.
What "application" are you talking about? Software is a special case, in that it is never, or nearly never, "sold"; it is instead "licensed". But the device itself is quite another matter, and I agree with other commenters here that the doctrine of First Sale, plus centuries of Common Law, say that you are free to give it away, smash it to bits, put it in a blender, resell it, stick daisy appliques on it, or whatever. The only time patents and copyrights would enter into it, is if you decided to make a duplicate iPad and load iOS on it.
;-) And are you telling me you can get a decent lawyer in Buttfuzz for only $200 an hour? You must have some connections!
BTW, even though you misspelled "Buttfuzz", I still like the name...
Dude, lay off the quotes. It is "distracting".
And it is also "common" and even "grammatically correct" usage to put "slang", "unusual usage" and "colloquial phrases" in quotes. Quotation marks are also used to denote "terminology" or "jargon"; or, as was the case when I said " 'Everybody' knows...", in my original comment, to "distance" myself from the "everybodys" in that sentence. If you will go back and re-read my original comment, I believe you will find that all of my usage of quotation marks falls into one of the "common use" categories denoted in the "linked-to" Wikipedia article.
Now, with all that in mind, and "with all due respect", FUCK OFF AND DIE!
How's that for some non-quoted text? Feel better? I know I do!
BTW, your snarky use of quotes above, does not fall into one of the "other" uses of quotation marks. Unless, of course, you were "quoting yourself", which is actually seldom done; because it sounds too "pedantic".
That's what is killing the music industry, the perceived value of their product dropped to zero.
Actually, at least in the case of many "Talent du Jour" faux "musicians", the ACTUAL value of the product is somewhat less than zero!
But, I get your point, and it is somewhat true. When people don't have a physical thing, like a vinyl record, or a CD, to actually covet, and then purchase and OWN; something they can look over at, hold in their hands, look at the artwork, read the liner notes, etc., the "perceived value" of the entire experience is greatly diminished.
And I am very sad to report that there seems to be no one (or basically no one) that "gets that". Least of all, those on the forefront of non-physical media distribution, like Apple is currently, and is about to become even more with iCloud.
At some point, the human psyche will adjust (it already has to some point with the current generation of teenagers), and this will no longer be the case; but for me (and likely for most people posting here), there is at least a tinge of regret that the days of making your Mom drive you to the store so you can buy a new album, then spending the rest of the evening playing it over and over (turn that thing DOWN!), while looking at the album art, etc, are basically over.
That's all true. But you're overthinking it. The major objective seems to be to kill as many of those those "FREE iPad" and "FREE iPhone" spams and adverts that piss people off. And are in many cases scams. They turn people off the brand in a way that comes before perceived value.
Wow! I spent about 100 times more time typing my "thoughts" than having them; so I hardly think I "overthought" the matter, LOL!
But, your point is also valid. Let's just say there are both forces at play; because I think, in all actually, they are.
It seems like everyone is going out their way to rationalize Apple's behavior in this matter. Your solid business policy excuse is right on the money though. Heaven forbid they admit they might have a problem. The actual steps to eradicate or at least prevent future infections were pretty straight forward for this minor problem but next time things could be more serious. I also know another company that has violated their "Patch Tuesday" policy on occasion when a serious problem occurs. I just can't help feel that had this been a MS problem people on this site would be calling for Congressional Hearings and recommending UN sanctions be put in place to punish someone for this monumental and egregious attack on the worlds innocent computer users. Oh the children!!
You claim to understand my rational explanation, and then you turn right around and demonstrate that you do not.
Apple does not "have a problem", at least not one that everyone who creates an OS that allows users to install software can solve. Every single person on Slashdot agrees that the biggest security threat to any OS is the user; Apple (and by extension, OS X) is no different. There is only one solution to that problem: Never run as an Admin. Even that isn't 100% effective; because, even if you have to log out, then log back in as an Administrative user, there is absolutely no guarantee that you won't eventually be duped into installing some nefarious, or infected, application. A good example is the latter, where people downloaded bootleg copies of iWork '09, which had been infected. As anyone who installs pirated software knows, sometimes bad things happen to good software... Yes, you can have "signed binaries" and such; but, not only does that become a gigantic pain for the maker of the OS; but then people start crying "Software wants to be freeeeeeeee!" Anyone who has been a member of slashdot for more than three months will attest to the fact that that is exactly what all RMS' virtual chillen' would immediately start screaming.
So, there you have it (and you very well know it).
The only difference is, with Apple, ONE lonely Trojan is NEWSWORTHY; in the case of MS (or, it seems, even Linux), it's just another day in paradise. And, although MS has indeed broken their "Patch Tuesday" rules; if you were being HONEST, instead of intentionally obtuse, something like MacDefender wouldn't even get onto their RADAR, let alone sound the alarm bells.
PER DAY.
Yeah, Apple sure has a problem.
I'm not sure what they are going for here. If there is a give-away do they think it will water down the brand?
Not "water down"; but "devalue".
Personally, I was trying to figure this seemingly wrongheaded policy out myself. And I think I might have figured it out.
It's called "Perceived Value". Successful marketing in a "technology-driven" company is a curious combination of understanding current (and future) "technology", plus MBA skills, Communication skills, with a dash of Psychology. And the "Psychology" part of that equation tells the Marketeer that when people get things for free, they don't "value" them (or not as much). This, curiously enough, extends even to the people who don't actually receive the item; but even just could have received it.
Think about it: "Everybody" knows that, when when anybody, especially a business (who is, afterall, "in it for the money"), gives something away, that it is very rarely something they could have easily "made money on" (even if they don't actually sell that item themselves).
We are all somewhat "conditioned" to the fact that, only "worthless" items are given away as "Promotion". Often it is basically true. Sometimes not (like, for example, a car); but, in all cases, the "Perceived Value" effect remains in the back of everyone's mind. And Apple is smart enough to pay attention to those nuances of human behavior. it doesn't make them evil, or "dickish"; just perceptive.
Oh, and one of the reasons this will NEVER get to the level of a Windows problem is simple: Macs don't have a "Registry", in the sense that Windows does.
Yeah, because we all know that malware didn't exist until Microsoft invented the system registry. /rolls eyes
The rest of your post is similarly "informative."
--Jeremy
Did I say that? I'm pretty sure I didn't.
What I said (or actually "implied"), is that the Windows Registry is one big vulnerability that simply doesn't exist in OS X. And the problem that is unique to the Registry is that, as I have recently encountered with an XP system I "disinfected", long after that last "infected" file has been replaced, the damage can linger on in the form of modified, and/or inserted, and/or deleted Windows Registry keys. And the locating and repair of these Registry changes is something that is painstaking at best.
In the case of the infection I am speaking of, it has modified some startup of Services such that the Windows Firewall doesn't start, nor do several other Services that are used to access "Mapped Drives"; such as the "Workstation" and "Computer Browser" Service (and of course, their depdencies). Changing their "Startup" settings does nothing. They are all set to "Automatic", but they refuse to start. You can start them from the Services "control panel", and they will start and run normally, until the next reboot. No errors, no log entries. Nothing. They simply refuse to start. I have Googled and MS Knowledgebased the problem to death; but cannot find anything that is much help. And it is the insane complexity of the Registry, coupled with the total lack of reasonable documentation regarding same, that contribute to the "throw up your hands" feeling when dealing with complex Registry issues like this one.
THAT is the problem that cannot occur with OS X's "decentralized" plist files. And thus, why I said what I said.
Got it?
there is a "registry", actually there are a few of them.
Open terminal, type "defaults read | less"....behold! The Registry of Apple Macintosh! Then there is /System/Library/LaunchDaemons & xml files. Launchd *will* restart your kill -9'd process for you!
Are mpkgs signed yet? If not, or if getting them signed is expensive, good luck!!
Are you just trying to be stupid, or do you not actually understand what the "defaults" command does?
In case you are not understanding, the "defaults" command allows the editing of the multitudinous, but
separate "plist" XML files for USER settings for applications. There is no, repeat no centralized database in OS X like the Windows Registry, period, even though the defaults command makes it sort of seem like there is. Yes, there is an "NSGlobalDomain" "key" (Domain); but even that has pretty innocuous settings, at least as far as I can tell. Unless I'm wrong, I simply don't see anything that would change boot behavior.
As far as the LaunchDaemons folder, so what? First you have to modify the contents of that folder. And that, my friend, requires root privileges (or a sudo). Not likely to happen without the user knowing.
So, you can use the "defaults" command to mess with certain Preferences (mostly Application Prefs) for a USER, w00t. That's a far, far cry from the damage you can do via the Windows Registry. And all that a user has to do to re-create a Pref. file is trash it, or simply move it from its usual location, and the app. will re-create it on next launch. Again, w00t.
As far as the signed mpkgs, I do not know. I'm not an OS X dev.
Don't the social engineered attacks act as the gateway for launching deeper attacks?
If this were Windows XP, definitely. But on OS X 10.6 and above, not so much. At least not so far... And recent moves like this are a clear sign that Apple is taking security very seriously in 10.7 (Lion).
Once your foot is in the door all kinds of possibilites present themselves. How is OS X ahead of the curve when according to you they are just growing good practices now. They have a solid security model in place but that doesn't mean it does not have any potential vulnerabilities. Shouldn't they have already been growing good practices all along or did they actually believe OSX invulnerable and decided not to bother?
Your statements above are self-canceling, you realize that, don't you? First you jump on my poorly-worded statement, implying that Apple is just starting to add security features to OS X. Then you say that they have a solid security model in place. So, which is it?
Nevermind; I'll answer for you: OS X 10.6, Snow Leopard, already has several security features; but 10.7, Lion (which is almost ready to release) will have decidedly more. Got it?
They have not handled the current malware attack very well. Thier customer support center started playing down the threat and would not give any advice on how to remove an infection and often tried to mislead those calling into thinking it was some other application causing the problem. Someone from corporate even published a copy of the instructions communicated to the support reps on how to handle the problem without ever admitting the problem actually existed. Now a couple of weeks later they come up with a patch and that is considered as staying ahead of the curve?
Apple was already "ahead of the curve" regarding more serious infections due to the features already implemented in the current version of OS X (see above). As been said on these pages many, many times, nothing can completely insulate an OS (any OS) from the most serious security problem (the one sitting in front of the keyboard).
Although I was not thrilled with the initial response on MacDefender, either; Apple's early decision to tell their support people to "not help people" eradicate MacDefender is actually grounded in sound business policy; which is, when a company like Apple has their "agents" say "This will work", Apple is essentially "owning" that fix, and there could be an "implied warranty" issue if the procedure doesn't work on a particular customer's machine. I know that sounds weasel-y; but that's what happens when Tech Support conflicts with the Legal Department in a big corporation.
But, as soon as Apple was able to figure out and test a solution, they released it. They did not wait for "Patch Tuesday", (I know they have no such thing, thank FSM; but you get my point). They rolled it out fairly promptly. By Microsoft standards, the "denial" period was vanishingly short, and the patch was issued with relative alacrity and candor.
Which would all be fine and dandy, I assume, if it weren't for the fact that (on XP at least) 95% (probably being conservative) of the users still run as an Admin.
1) XP is 10 years old. Why compare a 10 year old OS with the latest version of MacOS X?
Because this is what Windows usage looks like as of March, 2011, that's why. And because that same article says that, conversely, all of the reporting mechanisms show that the current version of OS X, 10.6 "Snow Leopard" is the most widely used. Next!
Most computers And oh, even if you are not running as an Admin, there have been puh-lenty of "privilege escalation" exploits on the Windows platform.
Ditto MacOS. Actually MacOS is worse because it doesn't sandbox Safari (or if it does then not very well), e.g. the carpet bombing exploit of a year or two back. If you 0wn Safari you can fuck up MacOS pretty badly without even needing privilege escalation.
But the carpet bombing attack couldn't make anything execute, and so was utterly useless as an actual "pwn" attack. That's why it really never went anywhere. And it was, BTW, a Safari vulnerability; not an OS X vulnerability; because it could happen on the Windows version of Safari as well.
I would bet my bottom-dollar that the vast majority (I would even go to say "almost all") of the people who fell for the MacDefender trojan were ex-Windows users.
You really do have your head up Job's arse, don't you? Sure, people who buy into the sleek white Apple universe are somehow more intelligent. Feeble minded submission to advertising has nothing to do with it. Having to enter the admin password when installing anything on MacOS in no way trains them to do it, unlike clicking through UAC warnings and then entering the admin password on Windows.
I made no such claim that Mac users were more intelligent than Windows users. What I claimed was that Windows users have become conditioned by years of A/V alerts, and thus, more likely to just click on them without putting much thought into the fact that Macs have enjoyed a virus-free (and therefore A/V alert-free!) existence. After awhile, even Captain Picard believed there were Four Lights. Didn't make him stupid; just benumbed.
I have experienced UAC a number of times. It is in no way an equivalent deterrent in the way that the "sudo" dialog on OS X is. Why? Two reasons: 1) Windows is an alert-happy OS. It seems that either an application or the OS itself almost constantly "wants something". This numbs the user into not thinking. OS X, on the other hand, is (unless you are a heavy "Growl" user, which I am not) a pretty "quiet" OS. So, when something pops up, it tends to make you take notice. 2) Every incarnation of UAC that I have personally experienced merely made you click a button to "Allow" the action to happen. This, coupled with the "Alert-Happy" nature of Windows in general, makes it that the less likely that the user will pay attention to a UAC dialog, rather than just dismissing it as (yet another) damned annoyance. OS X's "sudo" dialog actually forces you to stop and enter your password (or, if you aren't on an admin account) enter both an admin user and pass. Even when I expect it, this extra step (of having to enter at least a password) is "disruptive enough" that it always makes me stop and think "Why do I need to do this?" And that is exactly the extra thought that stops a much larger portion of users from simply giving permission out-of-hand.
pwn2own is anything but a "real-world" test
Hackers looking for vulnerabilities to exploit for monetary gain is not "real-world"?
The conditions in pwn2own are not "real-world". Quit being deliberately obtuse.
The list includes Bliss. ./bliss --disinfect-files-please
If you count toys, you can get high numbers for anything. Like, the number of cars I had before even getting a drivers license. Sure, they were match box cars, but those are just as real as malware on a list which includes things like Bliss.
Doesn't matter. By your definition (that we don't count "toys", of which you only name one for the Linux platform, BTW), then the number for OS X is (drumroll) ONE.
One stinking serious phishing TROJAN (and zero viruses and worms) in eleven years!
I'm sorry, but by any measure whatsoever, there are less examples of in-the-wild malware on OS X than any other platform, including Linux.
But, please feel free to pull down that Linux number to even get anywhere close to the THREE (even including the OS X "toys") on OS X. I'll be here, waiting...
"A few hundred macs, worldwide"?
This is utter bullshit. Everything reported suggests it's significantly more than that. But then given your username, you were bound to be a fanboy.
And yet, you offer no other number to rebut my statement.
Kinda telling, isn't it?
Man.. what kind of fact-free rant is that.. do you actually believe some of that nonsense?
I dunno. Where are your facts?
I just don't have the patience to get into one of those "my platform is better than your platform" garbage discussions
I see. And yet, you have the time to compose your multi-question reply. But, do go on...
(and I really don't intend to diss your platform) so let me just ask you a couple of questions:
1. Where did you get the number (few hundreds) from?
Same place you got your number to rebut my number. But, ignoring that, I actually couldn't find a "non-inflammatory" source for a solid number; so I will admit it was a (probably a little low) SWAG. But, as soon as you can find a hard number to replace that with, I'd really be interested to see it, seriously.
2. Regarding the "only reason" -- you don't think an unsafe default setting (to run 'safe' files) combined with a murky definition of 'safe' files are contributing factors?
I will wholeheartedly give you that one! On every OS X system that I set up, either for myself, or for others, I always de-select the "Open Safe Files..." option. It was definitely a "usabiltiy over security" decision that I think will now (FINALLY!) be changed. But even the first few iterations of MacDefender didn't catch onto that gaping security hole. As I said, I'll give you that one.
3. Why do you need to bring Windows into the conversation? I fail to see how its relevant to this topic. (not to mention that your comparison of registry vs. p-list is pure garbage!)
Sorry, when the topic of bad security design comes up, Windows is never far behind!
And no, my comparison of the insane vulnerability caused by the Windows Registry, relative to decentralized plist files is any but "Academic". And anyone who says differently is, IMHO, either delusional, or a Windows apologist.
4. What's with using so much capitalization? I can see you're trying to be forceful about making your point, but don't you think you should know what you're talking about before you yell?
Just lazy on my part. I hate having to derail my train of thought with stupid HTML tags. If slashdot would grow one of those dumbass "tag inserter toolbars" on the comment edit window (but that wouldn;t bee l33t enough, of course), then I would use styled text. Would you rather I use _this_ form, or *this* form? I guess I can do that, too. But the capitalization is just a bad habit on my part, and is pretty deeply embedded in my typing routines...
You, sir, have absolutely no fucking idea what you are talking about.
The registry is not a huge security vulnerability because it uses permissions in the same way that the Linux filesystem does. Can you overwrite /bin/sudo with your own virus? How about alter protected config files? Or replace the bootloader? Of course not, unless you somehow already have root access. Ditto with the registry - critical settings are protected by an ACL.
Which would all be fine and dandy, I assume, if it weren't for the fact that (on XP at least) 95% (probably being conservative) of the users still run as an Admin. And as such, have absolutely unfettered access to modify an-y-thing in the system, including (but certainly not llimited to) the Registry. Now, you were saying something about "permissions"?
And oh, even if you are not running as an Admin, there have been puh-lenty of "privilege escalation" exploits on the Windows platform.
BTW, your stupid statement is belied by the thousands upon thousands of examples of malware that plays games in the Registry. To claim the opposite is to engage in willful blindness.
There are two ways Windows systems get infected, and both apply equally to MacOS and Linux. Firstly you have user stupidity, and as Mac Defender shows this is not limited to Microsoft products. People blindly click through warning messages and type their password on demand.
While I will agree about user stupidity, I would bet my bottom-dollar that the vast majority (I would even go to say "almost all") of the people who fell for the MacDefender trojan were ex-Windows users. Why? Not because they are any more stupid (afterall, they switched to the Mac!); but rather, because they cannot imagine living in a world where they don't regularly have infection problems. So, when some "helpful" thing pops up and says they have been infected, they are already conditioned by Windows (and its constant infections) to believe it.
Secondly you have true vulnerabilities that allow code to elevate to admin level access. These types of attack are becoming less common now because not only are there fewer vulnerabilities in Windows but also because of sandboxing and running everything at the lowest possible privilege level. You may be shocked to hear this but Windows Vista and 7 do not run as root the whole time.
Actually, I am not shocked. I use and vastly prefer Macs; but I am fully aware of Windows trends and have even setup a couple of Vista (ewww!) and Win 7 systems, and regularly maintain a few that are still on XP.
And, BTW, OS X has been gaining those ASLR and Sandboxing features as well. And I don't know if you know this; but on OS X, no one runs as "root", specifically. The root account is disabled. You can sudo, of course (which is what the "enter your password" dialog is; but as far as "root" goes, not unless the user has specifically enabled it.
Again, Linux and MacOS are just as likely to have these kinds of vulnerabilities, as demonstrated every single year at pwn2own. Windows is just targeted more because it is by far the dominant platform.
Actually, pwn2own is anything but a "real-world" test. And the number of Linux vulnerabilities (863), as opposed to OS X (3, maybe) would handily belie your "marketshare" argument.