Weekly interest and loan rates | Home values Northwest stock contest 2004 | Consumer affairs

Practical Mac / Glenn Fleishman
Sharing, not secrecy, builds stronger systems

E-mail this article Print this article Search archive

Reports surfaced two weeks ago that a Mac OS X exploit had finally appeared — its first. A software company that makes excellent anti-virus and firewall software released the news to the press and trumpeted the fact that its software could already defend against it.

An exploit is a way of fooling a program or operating system into carrying out a task that allows an attacker to control the machine, erase files, or cause other unwanted behavior.

In this case, the offending exploit was more precisely a Trojan horse: a file or program that hides inside another file and activates in certain circumstances to launch a virus or to spread to other programs and machines as a worm.

But it wasn't released into the wild. It was just a proof of concept, harmless in itself, that a programmer created to highlight a particular danger in how Mac OS X identifies programs and files to its users.

In the event of a real virus or even a proof of concept, the company should have updated its software while sharing what it knew privately through existing channels to reach Apple Company, other companies that develop anti-virus software, and federal and international authorities that monitor computer hacker activity and programs.

The goal isn't to keep the news secret. Rather, unless a virus is already rampant, this method allows companies to repair a problem quietly and push it out to users to prevent a mass outbreak. Once the news is made public about the methodology of a given hack, the genie is out of the bottle.

Apple has always made security patches available for Mac OS X's included software, even when Apple had already avoided the problem by disabling a given feature or program for a user who hadn't modified their system.

In this case, the programmer who revealed the proof of concept was showing that a file that looks on the desktop like an MP3 music file could hide an application that, when double-clicked, was capable of a variety of unpleasant activities.

These types of Trojan horses must be transferred intact over the Internet as a Mac file, meaning that they're encoded in a special MacBinary format, or compressed using StuffIt or DropStuff. An ordinary MP3 or similar file can't carry this kind of payload.
 
This should remind Mac users that the basic lessons of Internet hygiene apply: Don't open files from people you don't know and don't download arbitrary files from untrusted locations.

One way to defang this particular approach before Apple patches it — the company is looking into how to eliminate the risk — is to open files from within programs rather than double-clicking them on the desktop.

Apple refreshes laptops: Apple's aluminum PowerBook G4 lineup has been brushed and polished this week with improvements in speed, included options and price. Its iBooks also received a speed boost.

The PowerBook G4 comes in 12-, 15-, and 17-inch models. New processor speeds are 1.33 and 1.5 GHz with all models featuring a larger processor cache, which helps immensely with programs that eat processor cycles, such as realistic games or Photoshop.

Also for gamers and creative professionals, Apple has upgraded the video-display circuitry to include 64 MB of video RAM on all models, with a 128 MB option for 1.5 GHz 15-inch and 17-inch PowerBooks.

The CD/DVD-burning SuperDrive has had its speed doubled on models that include it; the new drive can write 4.7 GB to a DVD in as little as 15 minutes.

All PowerBooks now include both Mac wireless options: Bluetooth, which was added as a standard option last September, and AirPort Extreme, Apple's name for Wi-Fi's 54 Mbps 802.11g flavor. This was a $99 add-on for certain PowerBook models, and included in others.

Apple kept the price the same for entry-level machines, starting at $1,599, but lowered the cost of its top-of-the-line 15-inch PowerBook by $100 and 17-inch model by $200.

The G4 iBooks received significant speed improvements by an increase in processor cache and a boost to CPU speed. The starter 12-inch and slower 14-inch model now have 1 GHz processors; there's a 1.2 GHz option for the larger 14-inch model. Apple claims up to 32 percent speed improvements over the previous generation.

Apple also doubled the maximum allowable memory in all iBooks to 1.25 GB — a more appropriate limit for those who want to use an iBook for design and publishing.

AirPort flies anew: Apple also pushed out revisions to AirPort Extreme. A new base station costing $250 is designed for schools and companies that want to stick the unit out of sight.

This new model handles Power over Ethernet, in which you avoid an AC adapter and power the unit entirely through its networking cable. It also has the appropriate building code rating to be placed within walls and ceilings.

Apple released a software update and related packages that provide better control of several base stations through a single interface and performance monitoring. AirPort Software 3.4, which requires Mac OS X 10.3, is available through the automatic software updater.

You can download the separate AirPort Management Tools 1.0 from the Support section of Apple's site, www.apple.com. These tools let you monitor the signal strength of an AirPort-equipped Mac and of Macs connected to an AirPort base station.

Glenn Fleishman writes the Practical Mac column for Personal Technology and about technology in general for The Seattle Times and other publications. Send questions to gfleishman@seattletimes.com. More columns at www.seattletimes.com/columnists

Copyright © 2004 The Seattle Times Company