Tuesday 1 June 2010

Macs and Spyware

When I got home this evening I decided to catch up on the latest Apple news and I found out about this security "bulletin" from a company called Intego. They provide security software for Mac OSX. At first I was thinking of complaining about their original blog post which is written to maximise fear. The announcement is here. They say the risk is High, they describe several really scary effects and they say it is attached to software available from reputable download site such as MacUpdate. They gave no indication of what applications they found it attached to, but they have since fixed that here. Based on this I would say the "risk" is low because the app/screensaver seem quite specialist.

So what am I pissed enough to blog about. The discussion on macrumors. This is why I don't read discussions on sites like this. They just make my blood boil. I'll admit to being a bit of an Apple fanboi (I have an iPhone, 2 macs and an iPad), but the superior condescending crap that gets pushed out is terrible. There is a lot in the thread I'm going to ignore, but I feel like commenting on some posts. Most of these things I'm going to highlight are expressed by multiple people, but I just chose one at random to highlight.
  1. It isn't Apple's fault the user is stupid.
    So I'm not going to claim it is Apple's fault, but to claim that this kind of problem is the users fault and that you can't do anything to cope with a "stupid" user is both wrong and insulting to most computer users. It isn't that they are stupid, but that they have a specific goal in mind. Also as is observed in a few other posts there is no evidence that the user is told the spyware is being installed, certainly on windows you usually don't know, it just gets put on there by the installer of the app you want to use. At the end of the day Operating Systems need to take some effort to ensure the user does not hang themselves, just throwing your hands up and saying "the user is too dumb" leads to badly designed and insecure systems. In essence yes people are stupid, but you need to take that into account and minimise the amount of rope you give them.
  2. Don't ever install free software.
    Well this is almost too dumb a question to respond to. I agree you need to be careful with what you install, but you can get this kind of crap from paid for software, and ignoring free means you'll miss out on great applications like eclipse, emacs, apache https server, MSN Messanger, Google Chrome, Firefox. I could go on and on and on, but we need a sense of perspective. It isn't free software that is the issue, but software whose supporting business model relies on duplicity. If it is free you should always ask how and research it. 
  3. Who knows what an installer does?
    This was a rare ray of light he is spot on. When you install (on windows or Mac) and application that asks for root access once you've given it root access you don't know what it is doing. This comes down to trust. You give an app installer root access you are trusting them and they can break the trust. These apps are not ones I would trust, but how do you tell? In my view the best way to solve this is if all mac apps were installed as app bundles. Then you can choose to install them by putting them in Applications (which will mean giving Finder admin access).
So Rant over for now, at least until the next time I read the comments on a "news" website like this.


No comments: