Practical Mac / Glenn Fleishman
OS X users could face Web-browsing ambushes

E-mail this article Print this article Search archive Most e-mailed articles

The first widespread security exploit that has a high probability of hurting Mac OS X users has been documented, but not yet found in the wild.

The vulnerability gained widespread attention this week, and by yesterday Apple Computer had released patches for it.

Unlike the recent Trojan horses, which require downloading and opening unknown files, this exploit takes advantage of a flaw in the help system built into OS X.

A ne'er-do-well could create a Web page that would cause any Macintosh Web browser, including Safari, Internet Explorer and Mozilla, to execute a script using the built-in AppleScript software.

The exploit uses a method of loading documentation or help files into a browser. A properly constructed evil URL can carry out such behavior as launching the Terminal command-line program and executing arbitrary commands, like removing your entire home directory without warning.

This exploit works only if you visit a Web-site page that has been configured to carry out this malevolent activity. No pages of this kind have yet been found that aren't designed as explanations of the problem.

The patches Apple released yesterday to fix Mac OS X 10.2.8 and 10.3.3 are downloadable through Software Update in System Preferences or by visiting www.apple.com/support. They seem to repair the flaw that crackers are exploiting. I recommend installing these updates immediately. If you haven't yet upgraded to 10.2.8 or 10.3.3, now's the time.

By installing the downloads, you should be protected against the currently known forms of this security problem.

Tiger tales: Several dozen readers wrote in with their suggestions for Apple's next operating system release, dubbed "Tiger" by Apple and scheduled for a preview next month at the company's developers conference.

Apple might rest easy about what vocal users want: Most e-mail focused on a few areas of improvement, and few suggested fundamental missing pieces or dramatic overhauls.
 
The primary complaints and requests for new features focus on the Finder and Desktop. Apple's greatest recurring flaws in interface design and optimization have occurred in the Finder from System 7 to present, and it's no surprise readers have litanies of complaints in that area.

A typical comment comes from Jason Morris, who wrote, "the Finder (the GUI), is the weakest link; it needs a complete rewrite; the most mundane but useful operations are buggy and slow."

The Dock was consistently cited as a feature that needs more options. Some readers suggested that multiple swappable Docks could be useful — this can be simulated in part with DragThing (www.dragthing.com/).

Kirk McElhearn, a colleague of mine who lives in France, asked for "minimized Finder windows that don't go into the Dock." He'd like to be able to minimize these windows into an icon that can sit on the Desktop instead of being forced to squeeze into the Dock.

Interestingly, a few dozen readers clamored for multiple desktops, a common feature in Unix and Linux systems. Each desktop contains its own set of open files while sharing all the other attributes of a user account, like which programs are running. Swapping between desktops lets you keep more organized track of separate tasks instead of overlapping or hiding them all in one space. (CodeTek, at www.codetek.com/, offers this feature through VirtualDesktop and VirtualDesktop Pro.)

The second-most requested improvements are in printer and print-job management, something I strongly echo. My wife and I both have laptops at home running identical versions of Panther. She can't print using our AirPort Extreme Base Station's printer sharing; I can. She was able to in the past. The troubleshooting Apple offers through its tools is below lackluster.

Robert Rosenberg summed up the problem by noting that the Print Center doesn't actually tell you about the overall status of all print jobs, but only lets you view the status of jobs (with limited information) for each printer. A user with multiple printers or who wants more feedback for errors or progress is out of luck.

Finally, many readers want better Windows support. Mac OS X 10.2 and 10.3 have progressively provided better tools for working with Windows file servers and printers, but as I and many readers know, it's still a tweaky, underbuilt part of the operating system.

One reader hoped for the restoration of Users & Groups, a Mac OS 9 feature that let you build workgroups to control file access. In OS X 10.3, groups are a problem even for experienced Unix users. (SharePoints, www.hornware.com/sharepoints/, solves this problem by offering a complex but complete tool.)

Tiger is still an unknown, but readers seem to share my enthusiasm for perfecting Panther instead of inventing an entirely new cat.

Glenn Fleishman writes the Practical Mac column for Personal Technology and about technology in general for The Seattle Times and other publications. Send questions to gfleishman@seattletimes.com. More columns at www.seattletimes.com/columnists