JonHoyle.com Mirror of MacCompanion
http://www.maccompanion.com/archives/April2006/Columns/IvoryTower.htm

 

Views from the Ivory Tower

Hackers and Mactels, Windows and French Law

by Ted Bade

All you Mac fanatics out there have been stirring up trouble with the “hacker” community. They (and we) have been going around crowing as loud as they can (and to anyone who will listen), that Mac OS X is incapable of being hacked into. This apparently has been taken as a challenge by some members of the hacking community. Which means that some of them have been working hard to bring some piece of true malware to Mac OS X.

You might have heard that a fellow in Sweden apparently placed his Mac mini on the Internet and challenged any hacker to break into it. Again apparently, it took one hacker only 30 minutes to break in. But don’t worry, I said apparently for a reason. According to some sources, this was some type of setup.

According to one article, the task of hacking into the Mac was made very easy by giving the hacker an account on the Mac in question. Well sure, if a person already has an account on the machine it would be significantly easier to break into other parts of it. I guess the lesson here is; if you don’t want hackers to hack into your Mac, don’t give them an account on it.

In any case, the person who was questioning this hack, put his Mac mini on the Internet and asked people to hack into it as well; http://www.macworld.com/news/2006/03/07/hacked/index.php?lsrc=mwrss.  Except that he followed some basic sensibility rules:

The difference in this case was that he set up his Mac mini like a typical user and gave away no accounts.

The test went on for a while, until it was abruptly cancelled, not because the Mac was hacked, but because the university he was at said he couldn’t continue the challenge any more. (I think he forgot to ask for permission to clutter up the University’s bandwidth.) In any case, the Mac mini was hit a number of times during the trial period.

According to one article, http://www.techweb.com/wire/security/181501999;

“The Mac had two local accounts, and Schroeder left both SHH and HTTP open. The mini garnered attention and lots of traffic, said Schroeder, who logged 4,000 attempts. The machine weathered two DoS attacks, various Web exploit scripts, SSH dictionary attacks, and untold probes by scanning tools, he added.”

Actually this Mac mini was never compromised in the 38 hours it was open to attacks. What does this tell us? Well it seems to me that we can safely say that Mac OS X is secure. While it probably is not invulnerable, it definitely requires much more effort to break into a Mac then it does to break into a Windows-based machine. Which means, at the moment, Mac users won't need to pay the Window’s virus tax.

My policy on this is to keep alert to what is going on, install all of the security updates that Apple provides, and to stay alert to how I use my Mac. Recently a number of “Concept” viruses have popped up for Mac OS X. The one thing that is common with every one of them is that the user has to do something to give the malware permission to do its deeds. Everyone makes mistakes, but when your computer asks you for permission to do something, try to understand what it is asking. If you aren’t sure what it is, say “No”, and ask someone who might know the answer. If you say no and later discover whatever it was, was not a bad thing. You can always go back and continue. If you say “Yes”, it might cause a lot of work to recover your computer! Remember, only you can prevent SUS (Stupid User Syndrome)!

Can’t get that virus to run on Mac OS X? Install Windows and it will work like a champ! - We all expected that once Apple began sticking Intel chips into their Macs that it would only be a matter of time before someone figured out how to run some variety of Windows on it. I don’t think these people are masochists. Just simply people who for some reason, need to run an application that doesn’t have a Mac OS X version.

You might have heard that a contest was created to foment a workable solution. One of the major hurtles was the fact that the Intel-Mac uses EFI rather than BIOS technology to provide hardware interfacing. If you want to run some variety of Windows on a MacIntel natively you need to account for this major difference. (A major incompatibility. Apparently Microsoft’s new OS named Vista was going to use the EFI technology as well. (Although, I did hear that they were rethinking this.)

Some enterprising person decided to get people working on the problem by creating a contest. The prize would go to the first person who successfully booted Windows XP on an Intel Mac! Since there was money riding on making it work, it didn’t take very long for someone to claim the prize.

If you are interested in how it is done, there are many sites that host the instructions. MacWorld has a long article on the process (including some suggestions on how to recover if things go wrong) at http://www.macworld.com/2006/03/firstlooks/xpmini/index.php. Another site has a video on how to do it! http://features.uneasysilence.com/mactel/

The bottom line is that you need a little utility program (provided for free by the hacker), a working copy of Windows, and the time to bring it all together. Now that all the hard work is done, I expect people will refine the process and make it easier and easier to do.

Meanwhile, in France - French lawmakers are not happy with Apple’s DRM, or at least with how it remains closed. The problem is this, Apple’s DRM can only be used by Apple, and, most importantly, can only be played on Apple branded digital music players (that is, any variety of the iPod). This means if you want to buy music or video from the ITMS, you must use an Apple product to make use of it. (There are ways around this.) It also means that I cannot start a company to sell audio and apply Apple’s DRM to it. If I want something to be protected and have it work on an iPod, I have to go through Apple.

What the French Law wants is that companies like Sony and Apple to share their DRM techniques, so that anyone can use them and anyone can make a player to play the protected files. Sounds like a fair deal for the consumer and not the best deal for the Corporation. However, I imagine, like Microsoft, Apple could license the DRM technology to those interested in using it. And like Microsoft, they could be selective who they license it to. http://biz.yahoo.com/ap/060321/france_itunes_challenge.html?.v=3

However, the law might be really asking for DRM to be removed from these files altogether, or disabled in some other fashion. This would not be a good thing. All copy protection techniques keep honest people honest and make it a bit more difficult for people to pirate the music. If the French law requires the removal of DRM, then they are going to create a lot of issues. Some US politicians are concerned with this as well and are working with Apple against the French law. http://www.physorg.com/news12082.html

Apple says that opening the DRM will create State-sanctioned piracy of music. http://today.reuters.com/news/newsarticle.aspx?type=internetNews&storyid=2006-03-22T015826Z_01_N21354430_RTRUKOC_0_US-APPLE-FRANCE.xml&rpc=22

Apple’s closed DRM means that some materials won’t become available for the iPod. (Read my previous rants about audio book lending programs in the US.) It also makes the DRM a lot harder to break, which reduces piracy. If the DRM is opened, it would be inherently easier for people to break it. I don’t know what will ultimately come from this law.

Happy 30th birthday Apple - As I write this last note, it is only a few days before April 1st, which will be Apple Corporation’s 30th anniversary. Realizing that the founders of Apple specifically choose April Fool’s Day to officially begin business, gives you a perspective of the people who founded Apple and the company itself.

When the 20th anniversary came around, Apple release a really cool looking computer, which turned out to be an extremely early foreshadow of what was to come. Today, really cool looking computers are the standard from Apple. So what will Apple bring us on this anniversary?

Will it be a new and exciting computer form factor? Will it be the iPod pico, an iPod so small it fits into your ear, holds your entire library and plays what you want to hear? Or will it be something totally new to Apple? Then perhaps the people at Cupertino will just sit back and relax for a day. Who really knows? I can’t wait to see!


















Contact Us | ©1996-2007 MPN LLC.

Who links to macCompanion.com?