Mac Virus writing contest

Hot on the heels of my last post, MacDailyNews reports on the Mac OS X Virus Prize:

Contest goal: To lay to rest, once and for all, the myths surrounding the lack of spreading computer virii on the Macintosh OS X operating system.

Today, DVForge, Inc. announced the Mac OS X Virus Prize 2005, where the company is openly challenging all of the computer coders of the world to go after the $25,000 cash prize that they are offering to the first person to successfully create and deploy an "in the wild" active virus for the Mac OS X operating system.

For the contest, a 'virus' is defined as executable code that attaches itself to a program or file so that it can spread from one computer to another, leaving infections as it travels between computers.

For the contest, an 'in the wild' virus is defined as one that is able to spread as a result of normal day-to-day usage onto two or more randomly selected computers that are connected only via the internet.

Let the games begin!

Update: And end. Looks like the folks at DVForge got a bit of a spanking for this one:

"During the first several hours after making the public announcement, I was contacted by a large number of Mac users and Mac software professionals who shared their thinking with me about the contest. A few of these people are extremely well-regarded experts in the field of Mac OS X security. So, I have taken their advice very seriously, and have made the difficult decision to cancel our contest. I have been convinced that the risk of a virus on the OS X platform is not zero, although it is remarkably close to zero. More importantly, I have been convinced that there may be legality issues stemming from such a contest, beyond those determined by our own legal counsel, prior to announcing the contest. So, despite my personal distaste for what some companies have done to take advantage of virus fears among the Mac community, and my own inclination to make a bold statement in response to those fears, I have no responsible choice but to retract the contest, effective immediately."

Mac fanatics: right or wrong?

Recently I read an article about a Symantec report suggesting that OS X will be prone to more attacks from malware authors in the future. "No big news there", I thought. At least I thought that until I read the follow-up article that suggested some Mac fans were personally incensed by this suggestion. "Strange that", thought I.

So over on my personal blog (forgive me this indulgence) I wrote this musing on this issue annd was going to leave it at that but then I realized that a) I don't allow comments on my blog so no one would be able to refute me, b) I was truly curious what other Mac users really think about this, outside the confines of a reporter's selective quoting and c) FA OSX is the perfect place for just such a discussion.

My original post in full:

Anyone who knows me knows I love the Mac. Hell, I own six of them. So it pains me when the truly rabid Mac fanatics knee-jerkingly attack anyone who claims the Mac is anything but the second coming of absolute technological perfection. And it's happening again in response to Symantec's assertion that the Mac's growing popularity as a consumer platform will make it an increased target for hackers and malware (OSX 'at risk from attack'):

In its seventh bi-annual Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system. According to Symantec, as Apple increases its market share — with new low cost products such as the Mac mini — its userbase is likely to come under increasing attack.

"Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code," Symantec said. "Out of the public eye for some time, it is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems," the report said.

Evidently this position is bringing them heaps of scorn and abuse (Security Outrage at Symantec's OS X claims) as Mac users leap to "protect" their platform with a veritable onslaugh of no-facts:

"What a load of FUD," said one anonymous IT manager. "Anyone with the smallest sense of knowledge about any of these operating systems knows that the biggest issue with Windows security is the basic design flaws that it keeps dragging on from its past eras, to ensure compatibility."

True, and absolutely of no relevance to the Mac. Mac security does not enjoy an inverse relationship to Windows security but I like the deftness with which this poster managed to slip into the Windows bashing.

But any idiot can see that an OS which requires [a] root password before installing any software is inherently going to stop more viruses than an OS like Windows which doesn't. Grow up and quit whining."

Actually this idiot (me) doesn't see that since the default install for OS X gives the initial user Admin privs and plenty can be done to compromise the system with those, including turning it into an open mail relay or ftp server. Granted it's nigh impossible to exploit the OS in this this way automatically but tricking people into installing software is pretty damned trivial.

Extra points for slipping in the unconnected Windows bashing at the end, and a personal insult towards the original article's author.

Here's my take: OS X lacks the inherent design flaws that make Windows so dead easy to compromise, it's true. So does Linux. So what? As the Mac grows in popularity the same script-kiddie tricks that work against Windows won't be usable against the Mac but that doesn't mean that jackasses won't pioneer new and better ways.

This head-in-the-sand superiority isn't protection and doesn't make the platform any safer. To those Mac users who continue to spout it I have two words for you: Maginot Line.

We Mac users are an opinionated and intelligent bunch so please weigh in. What do you think the future of Mac security holds?

Graphing Calculator on NPR

Just a quick heads up that the untold story of Graphing Calculator was featured in this past week's episode of This American Life on NPR. I just heard it this evening. I don't know what the non-geeks in the listening audience thought, but I felt it came across wonderfully.

Meanwhile, in Apple legal news...

FA: OS X is primarily about OS X itself, how people are using it, how people new to the platform can adjust faster, etc... But do not dismiss the legal issues surrounding Apple as something for "the laywers" to worry about, for these issues will have an impact on the very software you are using right now. So lets see what is in the dock (har har) today.

First up, Apple v. Does. EFF starts off with a press release titled "Court Crushes Online Journalists' Rights". Daring Fireball has another analysis and is graciously hosting a cleaner PDF of the case. Having been the webmaster at EFF, I know that you post what you get first, even if you have to scan a crappy fax, and then when you have time to clean things up (which is hardly ever) you repost something nicer. There are many more articles out there, but these were the ones that I was interested in.

Next, iTunes! DVD Jon continue to love his Mac. He loves it so much he wrote his own interface (not a direct link, Jon's site is of course being beaten to a pulp right now) to the iTunes Music Service. For some reason, he left out the part where it wraps the music you buy with DRM. Go figure... Anyone know the Vegas line on when Apple will unleash the legal DMCA hounds?

These issues are helping to define Apple and thus OS X. If you don't like what you see you must let Apple know. Write a letter, drop a phone call, or even try to figure out which feedback webform to use.

Apple
1 Infinite Loop
Cupertino, CA 95014
408.996.1010

Ruby on Rails on OS X

Another bandwagon, Pat? Perhaps... But for those of you doing web development you should give Ruby on Rails a serious look, if for no other reason than to have another hammer in your toolbox, because not every nail is the same. For getting your OS X system setup, see this nice Hive Logic walkthough.

As always, del.icio.us has a tasty batch of ruby+rails bookmarks.

Super OS X Menu Items

A collection of things to put in your menu bar.

http://menu.jeweledplatypus.org/

enjoy.

No iTunes streaming for you...

...you've got too many friends! BoingBoing is reporting that the new iTunes Terms of Service (TOS) limit the number of different people you're allowed to stream your iTunes music to in any given 24 hr period:

But once you install the new iTunes 4.7.1 "update" (more accurate to call it a "downgrade") you lose that ability. Without telling anyone, Apple has stolen some of the rights you paid for when you bought your iTunes music, by adding limits to the number of people you can stream your music to in a 24 hour period. Imagine if your boom-box refused to switch itself on if too many people were in the room -- the 21st Century equivalent of gathering in one room to listen to music is gathering on one network to do so, and Apple has just appointed itself the absolute, tyrannical ruler of the size of the social group that you're allowed to stream iTunes music to.

This is very disappointing, as iTunes streaming started out as one of the sweetest implementations available and has been continually eroded over time.

Fun with your firewall

Peter Hickman has written an excellent introduction to the guts of OS X's firewall over at MacDevCenter.com. Well worth the fifteen minute read, if only to understand just how simple and effective your built-in firewall is (and why you really should have it turned on).

httpflow via tcpflow

More crunchy command-line goodness: Brent Simmons describes how to use tcpflow to see raw http traffic in httpflow: how to view raw traffic. Get tcpflow from packaging guru Marc Liyanage. Good stuff.

All the Quickies

A great collection of command line tricks for OS X: All the Quickies.

Abiword

Since I last re-installed my system I've made a conscious effort to not use MS software, mostly to see how easily it could be done. The answer: very. There's Adium X for chatting, Safari and Firefox for browsing, Mail for mailing, and Mesa for spreadsheeting.

Yesterday morning I noticed that Abiword 2.2.5 is available for OS X and it is very impressive indeed. A lot of noise has been resonating through the Mac community lately about the veritable demise of OpenOffice for OS X (aka 'glacial development') which makes me sad since it held great promise but I'm happy that Abiword is looking like an excellent Word replacement indeed.

A request: If you're using NeoOffice or know of an OS X equivalent for Visio then please, by all means, post to the comments. I'd like to know.

Growl

Last fall I made a post agitating for a standardized notification framework for OS X. I recently discovered that others had been thinking similar thoughts around the same time and earlier. Since then, I've adopted Growl as my notification framework of choice. Version 0.6 (now at 0.6.1 actually) was released a few days ago, with a number of nice improvements. I've been using it for a while and heartily recommend it. (For the devoted, it's not hard to track the development version if you have Xcode and a Subversion client.)