Macs aren’t immune from malware attacks.

After conducting an e-mail interview with Charlie Miller, who has gained notoriety in the Mac community by compromising the Safari Web browser on a Mac laptop to win the PWN2OWN contest two years running, I’m now convinced Macs could easily fall prey to malicious exploits.

I know the notion of Mac vulnerability is unpopular, but Miller makes convincing arguments (see the full interview below). And unlike vendors of anti-virus software, Miller and the company he works for – Baltimore-based Independent Security Evaluators – have nothing to gain (ISE is a consulting firm that analyzes applications for security holes).

Miller has an impressive background: He worked five years for the National Security Agency before becoming a principal analyst at ISE. He’s written two books, one of which is “The Mac Hackers Handbook.”

Furthermore, Miller likes Macs; he prefers them, in fact. His primary computer is a 1.83 GHz MacBook. Although he’s won both a MacBook Air and a MacBook Pro at the PWN2OWN contests, he prefers his trusty old MacBook.

Mac susceptibility to malware is not as black and white as many people believe. Apple haters celebrated Miller’s feat; Safari was the first browser to fall in last week’s contest. (Internet Explorer 8 and Firefox also were breached, but Google’s Chrome was not.)

Meanwhile, the Mac community mostly jeered, noting Miller had prepared his exploit in the weeks before the contest. Although true, it doesn’t change the fact he discovered a valid hole in Safari’s code. Mac users should be less critical and more concerned.

And frankly so should Apple. Imagine the PR disaster that would ensue should an exploit for the Mac become widespread. It would punch a huge hole in one of Apple’s major selling points for the Mac – as a safe alternative to malware-plagued Windows PCs.

Now, the interview:

Q: I've been reading the fallout your, er, exploits have caused: cheering from the anti-Apple crowd, defensiveness from the Mac users.

A: Yes, I mostly notice the defensiveness of the Mac fan boys. I've had them say I cheat, that it’s only in the open source components (which
it isn't this year), that I'm out to ruin Apple, etc. Some people 
can't face the reality when it’s staring them in the face. I probably 
haven't made a lot of friends with my new book "The Mac Hackers 
Handbook" co-authored with Dino Dai Zovi, the guy who won Pwn2Own three years ago.

Q: Should Mac users be worried?

A: They should definitely be a little worried. Any security expert knows 
that Mac OS X is less secure than Windows. The question is which is SAFER. Because Mac OS X is still relatively rare, it is actually a
little safer. But it has nothing to do with it being more secure, but 
rather, that bad guys are entirely focused on Windows at the moment 
due to the overwhelming market share Windows has. At this time, I 
still don't recommend anti-virus for Mac OS X users, because there 
simply isn't much malware for that platform. However, if Mac OS X 
market share ever goes up, there will be a landslide of exploits and 
malware.

Q: When you say "landslide of 
 exploits," does that include self-replicating viruses such as those that plague Windows and spread around the globe within hours? That's not supposed to be possible on OS X, so they say. Could someone get control of my Mac at home, which is behind a router with a firewall 
(but sans commercial AV software)?

A: Yes, it is built upon UNIX. However, there is a ton of Apple 
developed software running in Mac OS X, so that is mostly irrelevant. 
Being based on BSD, there probably isn't a remote root in the TCP 
stack, but it doesn't affect whether there is a bug in Safari of Mail 
or how exploitation would fail. So yes, a BSD box is very secure. A 
BSD box with Safari, Mail, mDNSResponder, iChat, etc is as likely to have bugs as any other operating system.

As for a worm, I could imagine a bug in Mail being wormable, as an exploit could mail itself to all the people who have sent you mail, etc. You are protected from server side attacks from your router, but
then again, so is your Windows PC.

Q: I understand one common objective is to 
take control of a PC to use it as a spam-sending zombie. Is that the kind of thing that could happen to Macs?

A: Yes, everything you could do on a Windows machine: turn it into a 
"bot,” send spam, perform DDOS [distributed denial of service], etc. can be done from a compromised Mac.

Q: Has Apple been remiss in leaving so many holes in Safari?

A: All software has bugs, so I can't really blame them for that. Safari
may seem to have more bugs because it tries to do more. It tries to make the user experience nice by handling hundreds of different file 
formats and URL handlers. With more code come more bugs. (For 
example, Safari comes default with Flash and Java installed, Windows 
doesn't. I personally like this but it does increase the attack 
surface).

Q: If it is indeed so easy to hack OS X, shouldn't we have seen at least a few examples of malware in the wild by now? The Mac's share has been growing in the past two years, especially among the
group least likely to protect themselves: consumers.

A: I think the reason is economics. Hackers don't do things for fame 
anymore; it’s a business. It simply isn't profitable to try to make a 
botnet of Mac OS X machines when there are so many more Windows 
machines. I like to say that if 90% of computers are Windows 
machines, bad guys will spend 100% of their time on Windows, not 90%.

Q: Is Windows, at its core, more secure than Mac OS X? And why is the iPhone less vulnerable?

A: Yes. It’s not about the bugs, but rather the technologies which make it difficult to go from a bug/vulnerability to a bad guy running code
on your system. Windows has it, OS X doesn't. The two technologies 
that Windows has that Mac OS X lacks, specifically, are Address Space 
Layout Randomization (ASLR) and a non-executable heap. These two 
things make it very hard to write exploits (the code that gains 
control of your computer) in Windows.

IPhone is more secure than OS X because it has a smaller attack 
surface (Mobile Safari doesn't try to do everything in the world) and
it has some anti-exploitation technologies built into it (specifically 
a non-executable heap).

Q: Do Mac users need to do anything now to protect themselves, or is it safe to wait until the exploits appear?

A: If you are paranoid, there are some steps you can take, the most basic 
being anti-virus. However, at this time, I don't think its necessary
 considering the expense and potential slow-down versus any benefit
 gained.

Q: Could Apple make some easy changes to OS X to make it less vulnerable? Or are the problems so deeply rooted in the OS that major code revision would be needed?

A: Most of the changes are pretty major and will have to wait for Snow 
Leopard at least. I heard a rumor that Snow Leopard will have ASLR 
for example, although I don't know if this is the case.

Q: Do you think Apple has been too cavalier toward security in Safari and the Mac OS? Does Apple need a Bill Gates-like initiative to start
closing the most obvious holes before it’s embarrassed by a wave of malware?

A: I think Apple has stepped it up in the last couple of years but could definitely improve. It boils down to economics. Apple is in business
to sell computers. Frankly, that is all they care about, as any
company should. Consumers feel Macs are more secure than Windows 
(even though they are wrong). Where is the economic incentive for 
Apple to spend money on security in light of this fact?

I have been 
talking about this issue for a while because I don't want it to come 
to some large worm or other security issue to force Apple into action,
although I'm afraid that is what it will probably take. I want to see 
Apple become more secure. Until the bottom line is affected, I don't 
see major changes coming from them. Ironically, Microsoft spends a 
ton on security, is more secure, but is perceived as less secure!



For further reading, Tom’s Hardware conducted a much more technical interview with Charlie Miller earlier this week.

Posted by David Zeiler at 5:27 AM in Mac OS X | Permalink | Comments (20)
                       

3/26/09 UPDATE: Today Apple finally announced the dates for WWDC 2009: June 8-12. More information can be found on Apple's WWDC Web page. That matches my original assumptions. I still think it likely Snow Leopard will debut June 8.

This all started with two co-workers who sought my advice this past week on when to buy a new MacBook.

I thoughtfully advised them to wait until Snow Leopard came out so they would be sure to get all the promised speed benefits of the latest and greatest version of Mac OS X. Unfortunately, they both asked when that would happen.

It’s widely expected that Apple will unveil Snow Leopard at this year’s Worldwide Developers Conference, but Apple has not yet announced the dates. At last year’s WWDC keynote, CEO Steve Jobs said Snow Leopard would ship in about a year.

Since WWDC usually is held in June, I told my colleagues to wait until June – and then crossed my fingers events would validate my recommendation.

But with the issue now brought to my attention, I wanted to know myself when exactly to expect Snow Leopard. I went on a sleuthing mission and discovered enough clues that I’m now willing to predict June 8 as the Snow Leopard launch day.

Here’s how I reached this conclusion:

First of all, I’m assuming Snow Leopard’s release will coincide with WWDC. The event’s dates are not set in stone (some years back it was held regularly in May and in 2006 was pushed back to August), although it usually falls in the second week of June.

An item on MacDailyNews the other day suggested WWDC might be held May 27-May 28 based on an item listed on the Moscone Center schedule posted online. The generic description says simply “Corporate meeting,” but is listed as taking place in Moscone West, the wing of the complex where WWDC takes place every year.

But that’s almost certainly not when WWDC will happen, not just because it’s a bit too early, but because WWDC always runs over five or six days.

However, as I looked at the schedule, I noticed another generic “Corporate meeting” scheduled for Moscone West -- for June 6-June12. That’s the second week of June, the correct number of days, and ends on a Friday (WWDC nearly always ends on a Friday).

Yes, June 6 is a Saturday, but last year a similar generic listing on the Moscone Web site had the event starting on Sunday June 8 when the official start date was actually June 9. That means WWDC’s official start date this year probably will be June 7, a Sunday – unusual but not unprecedented. Back in 2005 WWDC’s official first day was a Sunday.

I deduced that we’d see Snow Leopard on June 8 because the keynote typically is delivered on a Monday, and that’s the moment at WWDC when Apple would announce a new operating system.

Still, though tantalizing, all that information needed something more to corroborate it. So I turned to Amazon.com.

By doing a search for “Snow Leopard Mac OS X” I discovered numerous Snow Leopard-specific books available for preorder, all scheduled for release from mid-June though July. The earliest, “Learn Mac OS X Snow Leopard,” is scheduled for June 15, just one week after my predicted date.

Why is this significant? Well, when Apple released Leopard on October 26, 2007, the first Leopard book to appear (again, searching on Amazon) was “Mac OS X Leopard for Dummies” on Oct. 31, less than a week later. It was followed by at least a half dozen other books on Leopard released throughout November.

Obviously it’s no accident the publishers timed their books to arrive immediately after the operating system. And remember, Leopard had been delayed from a June release that year. The publishers definitely are in the loop.

On the other hand, last November Engadget had post describing a leaked presentation slide by Jordan Hubbard, Director of Apple's Unix Technology Group, showing Snow Leopard as appearing in Q1 2009. That means we’d see it by the end of this month.

If so, I’d happily be wrong. I can’t wait to load Snow Leopard on my Mac Pro!

Posted by David Zeiler at 3:43 AM | Permalink | Comments (18)
                       

Losing personal data stored on a PC – your music, your photos, your financial records – is one of the worst nightmares that can befall a computer user.

Though for years experts have repeated the mantra of backing up PC data frequently, few users did so. When hard drives fail – an unpredictable eventuality – they take all your data with them to their digital grave.

That’s why Apple developed the automated backup feature Time Machine, introduced with Mac OS X Leopard. In concept Mac users need only attach a spare hard drive, switch on Time Machine and never worry about losing important data again.

But a spate of bugs with Time Machine has me wondering whether I can fully trust it. If nothing else, backup software must be absolutely reliable.

The bug that caught my attention affects my Mac Pro. Since installing the incremental 10.5.3 Leopard update (released May 28), Time Machine occasionally craps out in the middle of one of its hourly backups.

It presents the following message: “Unable to complete backup. An error occurred while copying files to the backup volume.”

Not exactly reassuring, eh?

I always click on the “OK” button and have noticed the next hour’s backup usually goes without a hitch.

Still, it makes me wonder if all my data is getting backed up properly. Has some of it become corrupted? How would I find out? Ferreting out the problem files would be no trivial task – I have over 400 gigabytes of data on my backup volume.

As this issue discussed on blogs and in forums since the 10.5.3 update appeared, it clearly affects a fair number of Mac Pro owners. Some advise deleting the partial backup file from the backup volume, but others say that’s only a temporary fix.

Some have expressed hope the 10.5.4 update – rumored to be coming in mid-July – will resolve the issue.

I realize that no software is perfect, but Apple needs to be particularly careful with Time Machine. Users have reported an assortment of bugs with the feature since Leopard’s introduction last fall.

In fact, the very 10.5.3 update that appears to be causing the current problem with Mac Pro models included no less than seven fixes directed at Time Machine issues. The most ominous: “Addresses reliability issues when performing a full restore from a Time Machine backup.”

Few things breed misgivings over backup software like “reliability issues.” And while Apple almost always fixes such problems eventually, the company’s habitual refusal to acknowledge whether it’s aware of an issue and whether its engineers are working on it leaves users frustrated and confused.

At this point, I plan to continue using Time Machine on my Mac Pro while crossing my fingers my data is safe. But just in case I’m also going to dust off my copy of Super Duper! to run a second backup to my external network drive.

Wasn’t Time Machine supposed to make performing backups easier?

Posted by David Zeiler at 8:05 AM | Permalink | Comments (21)
                       

More malware surfaced for the Mac last week, but it’s the usual bad news, good news scenario.

The bad news is that at least a few of the black hats of cyberspace consider Mac users worth their trouble, an unwanted side effect of the Mac’s ever-growing user base.

The good news is that none of the exploits is a virus that can propagate itself in the wild, something common in the Windows world. The new Mac malware threats consist of a coulple of Trojans – something the user must download and execute – and a phishing scheme.

Thus simply exercising caution and common sense should keep the typical Mac user safe from harm.

Of the threats reported by security firms Intego and SecureMac last week, the most pernicious is OSX.Trojan.PokerStealer. Once downloaded, “PokerGame” looks like an application, but launching it brings up a dialog box reporting a “corrupt preference file.” The dialog requests the user’s administrator password ostensibly to enable repair of the corrupt file.

But instead, Intego says, the Trojan sends the user name, password and IP address to a remote server, which could enable someone to take control of the Mac remotely and damage the system, including the deletion of files.

Intego also reported a vulnerability in the ARDAgent of Mac OS X’s Remote Management software. Few home users bother with this, as its primary use is for IT departments to manage Macs in an office setting. However, because the feature is built in to OS X, the issue affects all users.

Ironically enough, the best defense against this threat is to turn on Remote Management in the Sharing Preference Pane -- having the feature enabled thwarts an attack. (Intego says OS X 10.5 Leopard’s similar but unrelated Screen Sharing feature “has no effect on this vulnerability.”)

Like the PokerGame Trojan, the ARDAgent vulnerability requires significant user cooperation. Since this exploit depends on ARDAgent’s ability to run AppleScripts, the user must download an application booby-trapped with an AppleScript that contains certain shell commands.

When executed those shell commands give the application root privileges over the system. Root privileges in OS X essentially grant the power to change or delete anything in the system. That’s a bad thing, particularly when malware’s involved.

SecureMac warned of a specific exploit based in the ARDAgent vulnerability, AppleScript.THT. The company claimed a hacker Web site has put this Trojan script in the wild with the intention to propagate it via iChat and the file-sharing application Limewire.

In addition to gaining access to a Mac system as root, Secure Mac said AppleScript.THT “can log keystrokes, take pictures with the built-in iSight camera, take screenshots and turn on file sharing.”

Once again, however, the AppleScript must be downloaded and executed by the user – it doesn’t spread by itself. It may appear either as a compiled 60-kilobyte AppleScript called Asthtv05 or as a 3.1-megabyte application bundle called AStht_v06.

SecureMac further warns that once launched the AppleScript.THT “will move itself into the /Library/Caches/ folder, and add itself to the System Login Items.”

Finally, I’d like to add a Mac-specific phishing scheme I recently received in my e-mail. Targeted at .Mac subscribers, the e-mail cites a “billing problem” and provides a link for the victim to verify billing information.

The link is fraudulent of course, its purpose to bamboozle unsuspecting Mac users out of their credit card information.

Some cynics last week dismissed the new malware threats as attempts on the part of the Intego and SecureMac to sell unneeded security software to Mac users.

I agree to a point but nevertheless advise vigilance against falling into the traps set by the bad guys. I don’t necessarily think Mac users need to rush out and buy security software, but the more popular the Mac gets, the more of this stuff we’re going to see.

Forewarned is forearmed.

Posted by David Zeiler at 12:39 PM in Mac OS X | Permalink | Comments (2)
                       

It turned out Apple previewed the next version of the Mac operating system, OS X 10.6 Snow Leopard, at WWDC after all and validated the most improbable of last week’s rumors – that it will focus on system speed and stability while offering no snazzy new features.

Apple’s history could make Snow Leopard a tough sell, regardless of its advantages. Apple has conditioned us to expect lots of features with each iteration of Mac OS X. According to Apple’s own count, OS X 10.4 Tiger had 200 new features. Leopard boasted 300.

Yet the promise of fewer upgrade headaches and better performance on existing hardware combined with some deft marketing could have many of the Mac faithful opening their wallets in “about a year” when Snow Leopard arrives.

The ultimate issue may be the price. Some think Apple should give it away for free, but I don’t see that happening. Even without new features, OS X 10.6 will require the full attention of many Apple engineers over the next year. Apple will charge for it.

But even the most devoted Mac users likely will balk at paying Apple’s customary $129 upgrade tax. A generous Apple might charge $20 or $30, but I think $50 is probable – and fair.

We might even see tiered pricing, with current Leopard 10.5 users paying $50 and those upgrading from earlier versions paying the full $129.

Among those most resistant to paying anything more than a token upgrade fee will be Mac users who have labeled Leopard “unstable” and buggy. Such people say a “maintenance release” is just what OS X needs.

No doubt, Leopard has had its share of problems, but I don’t think its bugs are significantly worse than those of previous OS X versions.

Presumably Apple will weed out some nagging OS X issues in 10.6, but the overriding goal will be to optimize it for Intel Macs and create a foundation for features we’ll see in OS X 10.7 and beyond.

Some other thoughts on Snow Leopard and what has surfaced this week:

Why not in the keynote? One would think that a WWDC keynote would be the perfect time to publicly announce the next version of OS X. Yet Jobs and other Apple officials only spoke of 10.6 after the keynote.

Did Jobs feel Snow Leopard’s less flashy ambitions not worth mentioning? Or did he just want to keep the spotlight firmly focused on the iPhone?
Whatever the reason, it was darn weird. I’d bet most of the developers in the audience gladly would have sacrificed one of those tedious iPhone app demos for a brief overview of Snow Leopard.

No PPC support The HardMac Web site had a screenshot from the Developer Preview yesterday showing “an Intel processor” as one of the system requirements. As rumored, Mac OS X 10.6 will not run on PowerPC-based Macs.

While a few will decry the dropped support for PPC Macs -- less than three years after Apple switched to Intel chips -- it’s the right move. In fact, it appears Snow Leopard will shed most or all of the PPC code that keeps the OS more bloated than necessary.

From the Snow Leopard page on Apple’s Web site: “Snow Leopard dramatically reduces the footprint of Mac OS X, making it even more efficient for users, and giving back valuable hard drive space for their music and photos.”

Grand Central Snow Leopard’s speed enhancements will derive primarily from “Grand Central” a new technology that will better harness the power of the multiple CPU cores present in all Macs. My 8-core Mac Pro is salivating over this one.

Open CL Another performance booster, OpenCL will exploit the largely unused computing power of graphics processors. No one has spelled this out, but I’m guessing Macs with dedicated graphics cards (MacBook Pro, Mac Pro, iMac) will benefit from this far more than those that use one of Intel’s integrated graphics chipsets (MacBook, MacBook Air, Mac Mini).

QuickTime X Apple’s multimedia QuickTime framework will get an overhaul in OS X 10.6 as well. Dubbed QuickTime X, it will feature “optimized support for modern codecs and more efficient media playback,” according to Apple’s Snow Leopard page.

64-bit support Apple plans to extend 64-bit support in OS X 10.6 to permit the use of up to 16 terabytes of memory. That’s 16,000 gigabytes of RAM, folks. Few home users today need more than 3 or 4 GB of memory, and fewer still could afford whatever terabyte RAM modules might cost. Scientists with access to federal grant money can get excited, though.

Exchange support In a move apparently aimed at enterprise customers, Snow Leopard will include support for Microsoft Exchange 2007, building it in to such apps as Mail, Address Book and iCal.

Posted by David Zeiler at 8:46 AM | Permalink | Comments (18)
                       

With another Steve Jobs keynote looming Monday, rumors are flying about a preview of Mac OS X 10.6, a retooled and renamed .Mac service, and the possibility of a totally new multi-touch product, perhaps the long-anticipated iTablet.

Although the alleged purpose of Apple’s annual Worldwide Developers Conference is to engage professional software makers who write programs for Mac OS X, WWDC gradually has evolved into more of a Macworld-type event -- particularly since the demise of the summer East Coast Macworld show a few years ago.

Let’s have a look at the rumors and expectations for the keynote, which Jobs is scheduled to deliver at San Francisco’s Moscone West 10 a.m. Monday:

The iPhone: The one thing everyone agrees will appear Monday, from the Wall Street analysts to the most obscure Mac blogger, is a new iPhone. So Jobs better have one in his pocket when he steps onstage.

Apart from 3G network capabilities, few agree on what other features the new iPhone will have. Some possibilities: built-in GPS and a slimmer case available in several colors.

Most also expect Apple to keep selling the current 2.5G iPhone models at much lower prices, since many of the 70-odd countries where Apple plans to launch the iPhone this year still use the older technology. (Personally I would love to see one iPhone that incorporates all three technologies -- EDGE, 3G and Wi-Fi – and unlocked to boot, but that’s just a fantasy.).

I suspect we’ll also see a high-end version with at least 32 gigabytes of flash memory (up from the current 16 GB), possibly even 64 GB. The top iPod Touch model has had 32 GB since February, so a 32 GB iPhone would seem inevitable.

Since this is WWDC after all, Jobs definitely will speak of the joys of the iPhone 2.0 software that enable developers to write apps for the iPhone, as well as the App Store where Apple will sell them (while taking a 30 percent cut for itself). Many of the five-day conference’s developer sessions focus on the iPhone.

Mac OS 10.6: A few days ago The Unofficial Apple Weblog claimed Apple would distribute a developer release of the next version of the Mac operating system at WWDC. The site further claimed this version would be a “minor” release focused on stability and speed improvements with no significant new features.

Well-respected tech site Ars Technica said it had a source that confirmed most of this while adding the moniker “Snow Leopard.”

Both sites claimed this new version of OS X, purportedly due in January 2009 (way too soon in my opinion), would drop support for Power PC Macs, running only on Intel-based machines. Many Mac users commenced griping immediately.

True enough, Jobs often has made significant Mac OS announcements at WWDC (remember the funeral for Mac OS 9?), so I figure a preview of Mac OS X 10.6 is a strong possibility.

But as for the rumors – that’s all they are, rumors. I’m reluctant to comment further on any aspects of OS X 10.6 until Apple gives us some concrete details.

.Mac makeover: Apple’s often-criticized .Mac $99-per-year Web service could be reborn as MobileMe with enhanced features such as the ability to sync with Windows, Exchange-like over-the-air syncing and push e-mail.

Many of these features would be most useful to iPhone owners, which would dovetail nicely with this year’s iPhone-dominated conference. This rumor feels right. If it pans out, cheers will fill the auditorium when Steve announces it.

iTablet: Like the iPhone rumor before it, the iTablet rumor has been around for a years. This device would be about twice the size of the iPhone but would feature the same multi-touch screen and wireless connectivity.

I do not foresee an iTablet in the keynote. Even if Apple has such a gizmo in the works, as a totally new product it would probably get its own separate special event later this year.

For that matter, I’m not even sure what niche an iTablet would fill. But then Apple does have a way of re-inventing product categories to add those “gotta-have-it” qualities.

New MacBooks: If they’re coming, we won’t see them until after WWDC. Jobs won’t want any competition for the iPhone stuff. And Jobs generally goes light on hardware announcements at WWDC anyway.

Posted by David Zeiler at 12:45 PM | Permalink | Comments (4)
                       

Have you ever had an auto mechanic you didn’t quite trust tell you that your car needed a repair “just to be on the safe side”?

The latest alarm bell from U.K.-based security software firm Sophos reminds me of just such a circumstance.

Last week Sophos announced results of a self-admittedly unscientific poll conducted on the company’s Web site. Of the 350 people who responded, 93 percent said they believed the Mac will be targeted more in the future, up from 79 percent two years ago.

This follows January’s annual “Security Threat Report” from Sophos that devoted an entire page to the “rise of malware for Apple Mac computers.” The discussion centers on the OSX/RSPlug Trojan that emerged last November.

Some of you may recall that Trojan – only a series of poor user decisions (starting with visiting the porn sites where the Trojan was found) can result in a compromised Mac. It does not exploit any vulnerability in the Mac operating system or software.

The OSX/RSPlug does not destroy data on a Mac, nor can it spread from Mac to Mac as a virus would. Instead it changes some network settings to redirect the user’s Web browser to fraudulent sites designed to fool users into punching in such personal information as credit card or bank account numbers (otherwise known as “phishing”).

Sophos was one of the companies to make a big deal out of OSX/RSPlug when it was first detected, trumpeting how Mac users of its security software were protected.

That’s right, Sophos makes Mac versions of its security software, so it’s no shock the company would have strategies to, uh, encourage sales.

Not that the folks at Sophos are lying. The OSX/RSplug Trojan is real, and some Mac users doubtless have fallen victim to it. But that malware relied upon user gullibility, not the sort of OS vulnerabilities that require dedicated security software.

Now Sophos offers a “poll” indicating rising fear among Mac users that the platform is increasingly likely to be targeted by hackers. Hmmm … I wonder who’s been contributing to that?

If nothing else, the Sophos poll shows the drumbeat of shrill warnings from Sophos and other vendors of security software have sunk in. Growing numbers of Mac users – and in particular switchers moving over from the malware-plagued Windows platform – have begun to consider the necessity of purchasing security software.

It’s like the auto mechanic telling you to replace your air filter because it’s better for the health of your engine, you’ll get better mileage, yadda, yadda, yadda. All true. But if your air filter isn’t dirty and isn’t due for replacement for another six months, maybe that auto mechanic is stretching the truth a bit to play on your concerns. So you replace the air filter.

No harm done exactly, but then again you didn’t really need it -- not yet, anyway. That’s how I feel about security software for the Mac. I have yet to see any hard evidence that Mac users truly need anti-malware protection.

I know that vulnerabilities in the Mac OS, Safari and QuickTime are discovered all the time, and that there have been numerous “proof-of-concept” exploits. Nevertheless, we have yet to see a single example of Mac malware that can spread in the wild.

In its annual report, Sophos predicts (as have others over the past few years) that the Mac’s rising market share will attract more attention from “financially motivated hackers.” I believe Sophos will be proven correct. But until we see malware that exploits a weakness in the software rather than the user, I’m not going to lose any sleep over it.

As long as Mac users let Software Update download Apple’s periodic security updates, use the Mac’s built-in firewall and -- most importantly -- exercise vigilance and common sense, they should remain safe.

If someday a particularly gifted hacker succeeds in creating a self-perpetrating bit of OS X malware, I will be among the first to buy and install security software on my Macs.

But not until.

Posted by David Zeiler at 12:40 PM in Mac OS X | Permalink | Comments (6)
                       

Incremental updates to Mac OS X traditionally have consisted primarily of bug fixes. Significant changes to existing features are saved for the major updates (Panther, Tiger, Leopard).

So when Apple let loose the much-anticipated 10.5.2 update to Mac OS X Leopard Monday, changes to two features introduced with the release of Leopard last October pleasantly surprised many veteran Mac users.

One change is the addition of an option in the Desktop System Preference Pane to turn off the translucent menu bar at the top of the screen. Some Mac users detested this new feature because the patterns of desktop images could make menu items hard to read. Personally it didn’t bother me all that much, but it’s nice to have the option to make the menu bar opaque again.

Apple also tweaked the Stacks feature, which allows users to click on special folders in the Dock and see the icons of its contents fan out across the desktop. Some users didn’t like how the folder looked like a pile of icons with only the topmost icon identifiable. Not only that, but they disliked how the icons fanned out from the Dock. The more items, the harder the feature was to use.

Apple has addressed these complaints by offering users choices. Control clicking on a Stack reveals several new options, such as making the Dock icon appear as a folder and setting the folder’s contents to appear as a list. This works much better for folders with numerous items.

It’s very un-Apple-like to alter fresh features in a version of OS X not six months old. Could it be that Apple has decided to listen to its users?

Of course most of the 10.5.2 update consists of an assortment of fixes and system improvements (you can read Apple’s official list here.)

Other observations:

Mac Pro’s Reboot on Wake From Sleep: Incremental updates sometimes fix other issues not noted in Apple’s documentation. As have most other owners of the new Mac Pro, I had hoped the 10.5.2 update would fix the dreadful “reboot on wake from sleep” problem.

After a day and a half and more than half a dozen wake from sleeps, I have not yet had an unexpected reboot. However, reports on Mac forums indicate that other Mac Pro owners still are experiencing the issue even after upgrading to 10.5.2. Others owners also report unresolved problems with their graphics (which I thankfully have not had.) Apple needs to fix this soon. Its Mac Pro customers – those who have bought Apple’s priciest hardware -- deserve better. (UPDATE: I had a new twist on this issue occur; my Mac Pro rebooted while I was sleeping. When I went to wake it I faced the login screen. Zoinks!)

Improved performance: One point of speculation that dates back to before the Mac Pros were announced was that the 10.5.2 update would contain optimizations designed to extract even better performance out of the new models.

I have run both the Geekbench and XBench benchmarking software on my Mac Pro since upgrading to 10.5.2. Given the variable scores I tend to get from these programs, it doesn’t look like this update has boosted performance.

But the Leopard Graphics Update, which users only can install after installing 10.5.2, did improve my graphics scores noticeably in XBench’s Quartz Graphics Test, which leapt from averaging in the low 200s to averaging in the mid-250s, a 25 percent increase.

To upgrade to 10.5.2: If you’re running Leopard and haven’t yet updated to 10.5.2, simply click on the Apple Menu and select “Software Update.” After the Mac reboots, go back to the Apple Menu and repeat the process to obtain the Leopard Graphics Update. A word of warning: the 10.5.2 update weighs in at a bulky 343 megabytes, so a fast broadband connection will come in handy.

Posted by David Zeiler at 4:21 AM | Permalink | Comments (7)
                       

Reading through the transcript of Apple’s conference call with analysts yesterday, I ran across several intriguing nuggets of information. Such as:

iPod Touch: On several occasions, Apple Chief Financial Officer Peter Oppenheimer referred to the iPod Touch as “an entirely new type of iPod.” From his opening remarks: “This new iPod had the potential to grow the iPod from being just a music and video player into being the first mainstream WiFi mobile platform running all kinds of mobile applications.”

Many pundits (and Touch owners) have declared the iPod Touch the ultimate PDA, but I don’t recall Apple having been this emphatic about it before. This could be a sign that Apple plans a lot of future enhancements to the iPod Touch, both in the software and the hardware. Evolving the iPod line in the direction of a pocket computer is logical as well as a good business move. Despite its recent successes, Apple recognizes that it can’t stand still.

Apple Retail Stores: Apple opened six new stores in the quarter, and now has 204. The company expects to add 35 to 40 locations in 2008, including more outside he United States. The average revenue per store was $8.5 million, up sharply from $6.6 million in the year-ago quarter. Traffic increased by 10 million visitors from last year, to 38.4 million, which translates to 14,700 visitors per store per week. No wonder it always seems like the Apple Stores are packed.

On a similar note, Oppenheimer said Apple plans to expand its presence in Best Buy stores from 286 to 600 over the next six months. The total number of “storefronts” carrying the Mac has increased to 9,500 from 7,700 a year ago. “We have done that because of the momentum we see in the Macintosh business,” explained Apple Chief Operating Officer Timothy Cook.

MacBook Air: When asked where the MacBook Air fits in Apple’s product roadmap, Oppenheimer uncharacteristically responded with a general description of the target customer: “We think that the MacBook Air will appeal to travelers, to professors, to all different kinds of people who want to access the computer very quickly wherever they are.”

He added that pre-orders for the laptop have been “very strong.” The super-slim MacBook Air has been lambasted by critics who say it omits too many features to suit the needs of most customers. Steve Jobs and his deputies obviously believe otherwise.

Leopard: Sales of the latest version of Mac OS X have far outpaced that of its predecessor, Tiger. Leopard revenue was $170 million in the quarter compared to Tiger’s $100 million in its first quarter. Oppenheimer attributed the growth to both a larger installed base of Mac users and that Leopard comes pre-installed on every new Mac, which sold in record numbers (2.3 million) in the December quarter.

One more thing: In a separate announcement yesterday, Apple added a new color to the iPod Nano line, pink. Available now, it’s perfect for people “searching for a special Valentine’s Day gift,” according to Apple Vice President of Worldwide Marketing Greg Joswiak. Other than the color, the particulars are the same as the other Nanos: 8 gigabytes of storage for $199. Too bad I already bought my Significant Other a Nano for Christmas. Ahh, she hates pink anyway.

Posted by David Zeiler at 12:00 PM in Mac OS X, iMac, iPod | Permalink | Comments (2)
                       

In the process of reviewing Leopard for today’s editions of The Sun, I conducted an iChat video interview with Chris Bourdon, senior product line manager for Mac OS X. After going over Leopard’s key new features, I asked him about a few issues that have arisen since the product’s release.

On security: Many security experts have accused Apple of making security worse in Leopard, primarily by going with a new firewall and perplexingly turning that firewall off by default. (This Computerworld article provides more specifics.) The old firewall is still there, but deactivated.

“You do need to activate it,” Bourdon said, explaining why it’s turned off by default. “We think that’s what people want. Firewalls can be intrusive for the average user.”

Bourdon said Apple’s firewall is better because it’s application based. Rather than allowing all applications to access an open port, as does the current firewall, Bourdon said the new one restricts access just to the application that requires it. The user can create a list of applications in the Security Preference Pane and designate for each app whether it should allow or deny incoming connections. “It’s much better, it’s easier to configure and it’s more powerful,” he said.

Bourdon also referred me to a Knowledge Base article in Apple’s online Support area.

I expect security experts will continue to attack Leopard as vulnerable, but that’s nothing new. It is possible -- though unlikely -- that Apple expended resources to create a new firewall only to botch it so badly that it’s worse than what it replaced. I reserve the right to change my mind if any of my Leopard Macs are exploited.

On the expiration of the Boot Camp beta: When Apple released the Boot camp software, it said it would expire upon Leopard’s release. (Boot Camp is included in Leopard.) Some who have been using the beta under Tiger have worried their Windows partitions will no longer boot now that Leopard is here. Not so, Bourdon said. Users will not be able to create new Windows partitions, he said, but existing ones will continue to function. If you want to make any changes, though, you will need to pony up for Leopard.

On the many cosmetic changes: It’s hard not to notice all the new icons and how the iTunes interface has propagated across numerous Apple applications in Leopard, particularly the Finder. Bourdon said the reason for so many design changes in Leopard was partly to refine and improve them, but also to achieve “consistency across all applications.”

Posted by David Zeiler at 6:05 AM in Mac OS X | Permalink
                       

If we can glean any meaning from the buying habits of the tech-savvy population of Japan, it would be that Mac users are far more likely to buy an OS upgrade for their computers than Windows users.

Although largely caused by the spike in sales generated by Leopard’s launch, the new version of Mac OS X beat Microsoft’s Vista in the packaged operating system category (that is, they bought the OS in a box rather than pre-installed on a computer) in Japan for the month of October.

Leopard snapped up 53.9 percent of the market according to BCN, a Japanese language consumer electronics news and data services company. Although Vista is not as fresh, having been on sale since the beginning of the year, Leopard had only the last six days of the month to accomplish its feat.

It gets better. Combined with sales of Tiger (people are still buying Tiger?) Apple took 60.7 percent of the market. That’s a huge leap from September, when Apple had only a 15.5 percent share.

So far in November, Leopard is beating its nearest competitor 40.2 percent to 10.5 percent. And that competitor is not Windows Vista – it’s the three-year-old Windows XP SP2 Home Edition.

Posted by David Zeiler at 11:05 PM in Mac OS X | Permalink
                       

One month ago I wrote a post speculating on whether installing Mac OS X 10.5 Leopard on an older Power PC-based Mac – particularly one on the edge of the minimum system requirements – would result in a less responsive machine compared to that same Mac running its predecessors.

A few days ago I installed Leopard on my 2001 G4 Quicksilver tower with an 867 MHz Power PC processor – the oldest Mac model that Leopard officially supports.

And it rocks.

My previous concerns were based on a report that Apple had raised the minimum requirements just a few weeks before Leopard’s release. AppleInsider said Apple engineers had determined Leopard ran too slowly on Macs with less than an 867 MHz processor.

Based on my experience so far, I’d say those engineers – if in fact that actually happened (AppleInsider is a rumor site, after all, though a very good one) -- were overcautious.

Subjectively speaking, I think Leopard is slightly more responsive on my Quicksilver than Mac Os X 10.4 Tiger was. The fancy new eye candy such as QuickLook Cover Flow in the Finder work fairly smoothly. Not quite as well as they do on my 2006 MacBook, but certainly well enough.

Now I do need to point out that I did a fresh install of Leopard on a secondary internal hard drive rather than upgrade over my existing system. So it could be the new snappiness is attributable to a clean system that lacks the hundreds of legacy font files and oddball system hacks gumming up my Tiger volume.

Nevertheless, I’m keeping Tiger as my primary OS X version on the Quicksilver for three reasons: 1) Leopard consumes several gigabytes more space than Tiger, and I can’t spare the room on the hard drive; 2) I need to run Classic mode because my daughter still plays a lot of old Mac OS 9 games; and 3) I’m planning to replace the Quicksilver as my primary Mac with a Mac Pro the day the new models are announced, which could be as soon as next week (let me dream, OK?)

Aside from the loss of Classic mode and the unpredictable glitches one might encounter as an early adopter, performance-wise Leopard should purr on any Mac that meets the minimum requirements.

Vista, eat your heart out.

Posted by David Zeiler at 9:19 AM in Mac OS X | Permalink | Comments (11)
                       

Regular readers of this blog (all six of you) may have noticed I’ve been a bit light on the posts this week. That’s because I’ve been installing Leopard on my Macs and ran into a self-inflicted problem during the Leopardification of my MacBook. Here’s a lesson on how trying to skirt past an alert message can buy you a heap of trouble.

After you get past the initial option screens, the Leopard installer checks the integrity of the DVD before continuing. Just a few minutes into this process, I got an error message explaining that Leopard could not be installed because of a problem with the disk. The message advised me to clean the disk and try again.

Since I had just then removed the DVD from its package, I could hardly see how it got scratched or dirty. But I obliged the message, cleaned the disk and ran the installer again. Same message.

Impatient to get Leopard on my MacBook, I convinced myself that the disk checking mechanism was wrong and decided on my next attempt to bypass it by clicking the “skip” button. Not a good idea.

At first it looked like I had fooled the installer; the progress bar slowly moved across the screen. But about halfway through it stopped and presented this heart-stopping message in large letters: “Installation failed.” A smaller message informed me that one of the language packages could not be opened. The disk-checking mechanism had been right after all.

Because the installation was partly completed, I no longer had either a complete Tiger or Panther system on my MacBook. The internal drive was unbootable.

I didn’t panic because I had the full contents of the MacBook stored as a disk image on a network hard drive (thanks to the marvelous shareware backup tool SuperDuper!). But I still needed to bring the MacBook back to life.

After some time toying with Target Disk mode and consulting with an tech expert provided to me by Apple, I hit upon an idea. I booted off the Leopard DVD but this time deselected all the language packages in the options window. I still needed to click “skip” on the disk check, but by then I had nothing to lose.

Leopard finally installed on the MacBook. All my old user files were moved to a “Previous System” folder because I did an Archive and Install on the botched first attempt. So I didn’t lose any data, but it was a scary experience. As a veteran user I should know better, but I succumbed to Leopard fever. Learn from my mistake.

My review of Leopard will appear in The Sun’s Plugged In section Thursday, Nov. 15, as well as here on baltimoresun.com.

Posted by David Zeiler at 4:25 AM in Mac OS X, MacBook | Permalink | Comments (2)
                       

A new Trojan horse directed at porn-viewing Mac users has touched off the usual barrage of “now those smug Mac owners will get their come-uppance” articles. The exaggerated tone – particularly in some of the headlines – is completely out of proportion with the threat.

A few examples:

“New Apple Trojan Means Mac Hunting Season Is Open" – Wired
"Fortress Mac Is Gone: Malware breaches the Mac moat" – eWeek
“Porn Trojan ushers in new era for Mac security” – ZDNet UK
“Macs seized by porn Trojan” – The Register (UK)

Representatives of security software firms have jumped on reports of the Trojan as evidence Macs are really no safer than Windows PCs, a not-so-subtle suggestion that Mac users need to buy their anti-virus software.

I’m not saying the Trojan, called OSX.RSPlug.A, poses no threat. It’s real and it’s out there. But it’s not spreading like wildfire. A Mac user needs to do a lot of dumb things to get infected.

First, the Trojan is embedded in porn sites, so if you’re not using your Mac for porn you should be safe. If you do enjoy porn on your Mac (I’m not judging you, but you’re the target here), it still requires some effort to get infected.

Here’s how it works: When you click on a booby-trapped porn video, a window pops up telling you that you lack a certain video plug-in and then asks if you’d like to download it. If you click OK, your Mac will download a disk image that contains the Trojan. You then need to mount the disk image by double-clicking on it (this step could be done automatically by your browser depending on how you have set your preferences).

If you double-click on the installer that appears in the disk image window, the Mac will ask you for your administrator password before proceeding. This is a security measure built in to Mac OS X designed to prevent malware like this Trojan from installing itself in the background. If you ignore this red flag, type in your password and click OK, the software finally will install the Trojan on your Mac.

Once on your Mac, the Trojan changes some network settings to redirect your Web browser to fraudulent sites set up to trick users into surrendering personal information such as credit card or bank account numbers. Technically known as “phishing” scams they turn up even more frequently in scam e-mails designed to look as if they were sent from a legitimate business, such as PayPal or a large bank.

A Trojan for the Mac is a bad thing, but it relies on the user’s ignorance for success. You can’t get infected just by browsing the Internet or even just by visiting particular porn sites. With a lot of Windows malware, the user gets infected quietly in the background, without any of the user interaction the new Mac Trojan requires.

This does not mean, as some articles have implied, that Macs are now just as likely to be infected by malware as Windows PCs. There are still hundreds of thousands of viruses, worms and Trojans in the wild that target only Windows. Despite the appearance of this Mac-specific Trojan, there are no Windows-like worms or viruses that can spread from Mac to Mac without the knowledge of the user.

That said, no system can be made immune to malware that employs “social engineering” – that is, user gullibility -- to do its dirty work. That’s as true of Macs as any computing platform. A new Trojan targeted at OS X is an incremental increase in the malware threat to the Mac, but nothing to panic over.

Mac OS X may not be invulnerable, but the hackers have not yet shown it’s so easy to crack that ordinary users need live in fear.

Posted by David Zeiler at 6:24 PM in Mac OS X | Permalink | Comments (11)
                       

Today Apple announced it sold more than 2 million copies of Mac OS X 10.5 Leopard in its first weekend. “Early indications are that Leopard will be a huge hit with customers,” said CEO Steve Jobs in the press release, though he might be just a teensy bit biased.

I’m guessing Apple is seizing this opportunity to gloat because demand for Leopard – like the iPhone -- will never be so high as on its first weekend.

But whether 2 million is a big number depends on how you look at it. For example, Leopard’s achievement compares very well to its predecessor, Mac OS X 10.4 Tiger, which took 5 weeks to sell 2 million copies.

Comparing Leopard to Vista, the latest incarnation of Microsoft’s Windows, shows the value of holding more than 90 percent of the operating system market. Though widely criticized, Vista sold 20 million copies in its first two months – nearly the same number as every Leopard-capable Mac in existence. (Apple Chief Operating Officer Timothy Cook estimated during the company’s recent earnings conference call that currently about 21 million Macs are Leopard capable – an impressive number considering the large number of older Macs that do not meet Leopard’s minimum specs.) Windows XP sold 17 million copies in its first two months back in 2001.

During Microsoft’s recent earnings conference call, the company reported that 85 million licenses for Vista had been sold this year. True, most of those were pre-installed on Windows PCs sold by the likes of Dell and Hewlett-Packard, but still. It’s a daunting number from the Mac perspective (not to mention the even smaller number of fans of the Linux OS).

Then again, Leopard already has been hacked to run on ordinary Windows PCs. Apple surely won’t be happy about it, but what if it catches on? We might well hear Apple report at their January earnings conference call that hundreds of thousands of copies of Leopard were “purchased with the intent of being run on non-Apple hardware.” How crazy would that be?

Posted by David Zeiler at 3:49 PM in Mac OS X, Mac market share | Permalink | Comments (2)
                       

As expected, thousands and thousands of eager Mac users rushed out to buy and install the new version of Mac OS X, Leopard, over the weekend. And for some it did not go well.

The most common Leopard install problem, in all its cruel irony, is a Windows-like Blue Screen of Death as the Mac nears the end of the install process. Affected users report a system hang with a blank blue screen. Ugh.

The finger of blame has pointed mainly to third-party software from Unsanity, specifically its Application Enhancer system hack that enables several of the company’s utilities to alter parts of the Mac operating system (they’re actually called “haxies”). As a long-time fan of Unsanity’s FruitMenu, which creates a fully customizable Apple Menu, I have had APE installed on my Macs for years. It’s unfortunate, if not surprising, that such software would create problems with a new version of the Mac OS.

Unsanity says the problem could be caused by incarnations of APE earlier than version 2.0 that users still may be running on PowerPC-based Macs. Previous versions of APE won’t run on Intel-based Macs, so these newer Macs appear to be immune to the problem.

Some affected Mac users who found a way to delete the APE components were able to install Leopard successfully. An easier option for less technically adventurous users afflicted with the dreaded blue screen is to reboot the Mac with the Leopard DVD and re-install using the “Archive and Install” option (instead of the default “Upgrade” option). This should remove the offending components and allow Leopard to install properly.

To make matters worse, some users have reported unusually long install times apart from the APE issue. Apparently the installer does a full hardware check before rebooting the system. Some who called Apple’s support line said they were told this process could take up to three hours. Because the APE issue causes a permanent hang at the same point in the installation, many users can’t be sure how long to wait before giving up and attempting a re-install.

My advice: Use “Archive and Install” and be patient, no matter how much the wait kills you.

Posted by David Zeiler at 1:56 PM in Mac OS X | Permalink | Comments (7)
                       

As all loyal Macolytes know, Apple's latest revision of its operating system, Mac OS X 10.5 Leopard, goes on sale at 6 p.m. this evening. But for those yearning to upgrade this weekend, I offer these few words of caution:

Know your specs: Leopard should be a great upgrade for any Intel-based Mac. Likewise, any PowerPC G5-based Mac should do fine. Many G4 Macs qualify, but the CPU speed must be 867 MHz or higher. That means the dual 800 MHz Quicksilver, for instance, doesn’t make the cut. And no G3 Mac qualifies. (Concerns that older Macs that barely qualified might suffer a performance hit by upgrading to Leopard appear to have been negated.)

No more Classic: This is not an issue if you already have an Intel-based Mac; Classic doesn’t work on those anyway. But Leopard will nix Classic on PowerPC Macs that ran that the Mac OS 9 emulator under Tiger just fine. If you have a PowerPC Mac that otherwise qualifies for Leopard but you still use Classic for anything important, Leopard may not be for you. Unless your Mac can boot directly into OS 9 (and even that can be a pain), you’d be stuck.

No wireless Time Machine: One of Leopard’s most highly touted features, the automated backup system Apple calls Time Machine has an Achilles Heel. It can’t back up wirelessly to a networked hard drive. One must have a hard drive attached physically to the Mac via USB or FireWire (or I would assume, a spare drive bay in a Mac Pro). Time Machine can back up over a network to a server or another Mac running Leopard, but that isn't a practical solution for most home users. A lot of Mac users are upset over this, as Apple’s Time Machine features page on its Web site formerly said specifically that the feature would be able to back up wirelessly to hard drives connected to an Airport Extreme Base Station. Laptop owners will find this drawback particularly inconvenient. So far Apple has offered no explanation for dropping this once-promised capability.

The usual warnings: Although Leopard is the sixth version of Mac OS X, it has changed significantly and could break software – particularly utilities – that people depend on. Wise Mac users will wait for the early adopters to suffer through the early days of finding out which things break while the companies that make the software scramble to get out patches to fix the problems. Usually all such issues get straightened out within a few months of the release of a new version of OS X. Trust me, your patience will be rewarded.

I realize all this advice will fall on deaf ears among those can’t resist the pull of having the new OS on their Mac right now. Just remember: tempting as it is, upgrading an operating system always entails some degree of risk.

I will be sharing my thoughts on Leopard’s features as soon as I can get a copy on my Macs and spend some quality time playing with it.

Posted by David Zeiler at 4:40 PM in Mac OS X | Permalink | Comments (6)
                       

Confirming rumors that have circulated for several weeks, Apple this morning finally issued a press release announcing that Mac OS X Leopard will indeed go on sale Friday, Oct. 26 at 6 p.m. and that Apple’s online store now is accepting pre-orders (though Amazon.com has been accepting pre-orders since June.)

Also confirmed is Leopard’s minimum CPU of an 867 MHz G4 or better, which includes all G5 Macs and all the newer Intel-based Macs, but excludes a lot of iMacs and PowerBooks from a few years ago. See Apple’s system requirements page for more specifics.

In addition to reiterating all of Leopard’s previously announced features, such as Stacks and Time machine, the release throws in a quote from Steve Jobs that includes a swipe at Windows Vista’s multiple versions and pricing levels: “Leopard, the sixth major release of Mac OS X, is the best upgrade we’ve ever released. And everyone gets the ‘Ultimate’ version, packed with all the new innovative features, for just $129.”

The Family Pack, which allows users to install Leopard on up to five Macs in one household, is $199, the same as Tiger before it.

But what about people who just bought a new Mac last week? Here’s the deal, straight from the press release: “The standard Mac OS Up-To-Date upgrade package is available to all customers who purchased a qualifying new Mac system from Apple or an Apple Authorized Reseller on or after October 1, 2007 for a shipping and handling fee of $9.95 (US).”

That means if you bought a shiny new Mac on Sept. 30, tough bananas. You get to pay $129 like everyone else. This actually is a slight improvement over previous OS upgrades -- only people who bought after the official announcement were eligible for the Up-To-Date discount. I still think Apple should extend the program to customers who bought new Macs 60 or even 90 days before a new version of OS X is announced, but I suppose we should applaud the extra two weeks this time around as progress.

The only other question remaining now is the one I asked in a post last week: how well will Leopard run on older PowerPC-based Macs? Reader responses to that post, including several from folks running developer releases of Leopard, indicated that older PowerPC Macs like my 867 Quicksilver run Leopard about as well as Tiger. Apparently the key is not the CPU but the GPU, the graphics card. Because successive versions of Mac OS X have pushed more and more of the eye candy to the graphics card, that plays a greater role than the CPU in how well Leopard will run on your Mac.

We’ll find out for certain on Oct. 26.

Posted by David Zeiler at 1:27 PM in Mac OS X | Permalink | Comments (2)
                       

When Apple releases Leopard later this month (we hope), owners of older PowerPC-based Macs will have a tougher-than-usual decision to make.

Unlike new versions of Microsoft’s Windows operating system, which invariably require much more robust hardware to run acceptably than the previous version, every successive version of Mac OS X has actually run faster on existing hardware. Not only did Mac users get whatever cool new features Apple had cooked up, they got a faster Mac too.

Because of this, I have always advised Mac users to run the latest supported version of OS X on their Mac. But Leopard promises to be a cat of a different stripe. In addition to dropping support for certain older Macs, this operating system upgrade might not offer much of a performance improvement for PowerPC-based Macs. In fact, it’s likely such Macs will suffer a performance hit.

Apple has yet to announce Leopard’s system requirements, but the word at AppleInsider is that Macs with CPUs slower than an 867 MHz G4 will not make the cut. That includes not only every G3-based system, but also quite a few G4-based systems. My own 867 MHz 2001 Quicksilver Mac just barely qualifies.

According to AppleInsider, Apple engineers determined that Macs beneath the 867 MHz threshold ran “too slow” with Leopard. Red flag!

I strongly suspect Leopard will run more slowly than Tiger on all PowerPC systems, even supported ones. I say this because common sense dictates that Apple has spent the past two years concentrating on the optimization of OS X for Intel-based systems, since that’s the present and future of the Mac platform.

That’s good news for my Intel-based MacBook, which definitely will be getting the Leopard treatment. But I’m hesitant to put Leopard on the Quicksilver if it’s going to degrade performance in any way and eat up more space on its already overstuffed hard drive. That leaves the dilemma of passing up Apple’s latest and greatest to ensure a Mac that’s running at peak efficiency. Ugh.

From a pragmatic perspective, Apple has no incentive to expend OS development resources on PowerPC Macs, which despite a large installed base are destined to join Mac OS 9 as part of the company’s fondly remembered past. In fact, the AppleInsider piece notes “people familiar with Apple development cycles speculate that Mac OS X 10.6 will exclude support for PowerPC-based Macs entirely.”

This isn’t a crisis, but the arrival of Leopard does represent something of a watershed moment in Apple’s transition to Intel chips. Owners of PowerPC Macs certainly can keep on using Tiger or Panther until they’re ready to upgrade to an Intel Mac. But even if your Mac runs much better under Tiger, it will be awfully tough to avoid those feelings of Leopard envy.

Do you plan to upgrade a G4 Mac that meets Leopard’s requirements? Or will you stick with Tiger until you replace that Mac with an Intel-based machine?

Posted by David Zeiler at 3:55 PM in Mac OS X | Permalink | Comments (27)
                       

Windows users are refusing to “upgrade” to Vista.

The latest evidence that Vista has fallen flat on its pretty Aero face has arrived in an announcement from Microsoft that it will continue selling Windows XP due to customer demand for the older OS. Microsoft had planned to stop selling XP as of January 31, but now will sell it until the end of June.

Earlier this year some PC manufacturers, most notably Dell, started offering XP as an option on many of its new PCs, also because of customer demand. That so many people would prefer a six-year-old operating system over Microsoft’s latest and greatest speaks volumes about how badly the folks at Redmond botched Vista. It’s a far cry from the overwhelmingly enthusiastic reaction that greeted Windows 95 a dozen years ago.

At this time last year most industry analysts were predicting that the years-delayed release of Vista (which finally went on sale Jan. 30 of this year) would hurt Mac sales. As it turned out, the opposite happened. The first two quarters of 2007 saw Macs selling at a record pace, with year-over year increases of 30 percent.

Over the past week analysts who follow Apple have been predicting another record-breaking quarter for the Mac when the company reports its earnings for the quarter ending this week. Most expect Mac sales to exceed 2 million units, far exceeding last quarter’s record 1.76 million units.

Instead of stimulating demand for PCs as have previous versions of Windows, Vista has inspired consumers to seek alternatives, and many are looking hard at the Mac. Apple’s adoption of Intel chips in 2006, coupled with the wildly successful iPod and the endless hype over the iPhone (keeping the Apple brand at the forefront of consumers’ minds) have created ideal conditions for large-scale switching.

Even some well-known long-time advocates of Windows such as Chris Pirillo have bailed on Vista. Not only has Pirillo reverted to XP on his PC, he’s been toying with Mac OS X for months. Here’s what he had to say on his Web site just today:

Do I recommend Windows Vista? Not a snowball’s chance in………..I’m waiting on Apple to release Mac OS X Leopard. As far as I’m concerned at this point, Microsoft is taking a huge hit. The future of Windows, in my opinion, is inside a Virtual Machine or Bootcamp on a Mac.

With Mac OS X 10.5 Leopard due out next month, the public stature of the Mac stands to benefit tremendously from the inevitable Vista vs. Leopard comparisons. Combine that with the height of Christmas shopping season, and we could easily see Mac sales set yet another record next quarter.

Who said the OS wars were over?

Posted by David Zeiler at 4:04 PM in Mac OS X, Taunting Microsoft | Permalink | Comments (5)
                       

A giant Mac-eating worm is in the loose! Run for your lives!

The worm’s creator, an anonymous security researcher, posted a statement Sunday night that he had made a worm for the Mac OS X operating system that exploits a vulnerability in its Bonjour code. Bonjour is Apple’s name for a technology that allows devices on a network to “discover” each other automatically, with no effort on the user’s part. The anonymous researcher told Computerworld that his worm is “a fully weaponised exploit and fully automated.” He also says he will notify Apple of the code vulnerability “eventually.”

Over the past few days the usual accusations and denials have been tossed about on various tech Web sites. Those gloating are saying this proves the Mac is just as insecure as Windows (a serious accusation, considering the tens of thousands viruses and worms that can infect a Windows PC), Mac users are too smug about their invulnerability, Apple is terrible at patching holes in its code. The Mac defenders think the anonymous hacker is full of baloney, pointing out that no OS X malware has ever spread in the wild to infect home users.

We’ve seen this happen every time some hacker announces a Mac OS X vulnerability. Despite all the heated rhetoric, some truth dwells in what both sides say.

• Every OS has holes -- Because of the complexity of modern operating systems and all the services they must provide, such as networking and multimedia capabilities, exploitable holes in code are unavoidable. Mac OS X has them, too.

• Mac users are exploit-free -- This is true, but the debate has always focused on why. Some argue the Mac OS is more secure than Windows because its default settings are more secure – ports that are closed, user passwords required for software installations (although Vista is better in this regard than XP was). Some say OS X has had no significant malware attacks because of its relatively small market share – still only about 5 percent. Some claim OS X is more resistant to attack because of its Unix code base, which has been fine-tuned over decades of use. Over the years, I’ve come to think the Mac’s excellent safety record is combination of all three.

• Apple does patch holes -- It may not always act as quickly as it should, but Apple does issue periodic security fixes that users can download automatically via OS X’s Software Update feature. In situations like the current one, Apple always reiterates its commitment to security. However, I’ve read a lot of posts in tech forums that strongly disagree. I’m not geeky enough to analyze code vulnerabilities so I can’t confirm who’s right, but as a Mac user it appears that Apple makes a good faith effort to protect its customers.

Though Mac OS X has remained virus-free since it was introduced in March 2001 – that’s six years, my friends –a widespread exploit is not impossible. The Mac’s market share has been growing for the past year or so, particularly among home users. If the Mac achieves penetration of the home user market in the 10 to 15 percent range (some claim it already has), it will weaken the “security through obscurity” leg of protection. That means OS X’s Unix foundation and Apple’s built-in security will need to stand up to more direct attacks as the Mac grows in popularity.

Apple’s adoption of Intel chips could also make Macs more vulnerable to malware (there are some chip-specific exploits), but the greater danger will come from users running Windows (via Bootcamp) on their Intel-based Macs. Windows on a Mac is just as insecure as Windows on a regular PC.

At some point Mac OS X could require virus protection software as does Windows, but we'll need to see a tangible threat or threats (Macs getting infected in large numbers by a worm or virus) before that happens.

Posted by David Zeiler at 1:57 PM in Mac OS X | Permalink | Comments (4)
                       

As usual, Mac fans are disappointed with a Steve Jobs keynote. The reaction to Jobs’ Monday address at the Worldwide Developers Conference has tended mostly toward “no new Mac hardware” with a generous helping of “we’ve seen most of this Leopard stuff before.” Even Wall Street gave it a thumbs down, shaving $4.30 off Apple’s stock price.

While people shouldn’t fault Apple for failing to produce new hardware at a developer’s conference (it’s a bonus if it happens), the dissatisfaction with Jobs lengthy Leopard presentation is his own fault. Leopard, the next major version of Mac OS X slated for October release, dominated the keynote. At last year’s WWDC, after demonstrating many of the same elements he showed Monday, Jobs teased that he could not reveal some “top secret” features for fear of tipping off rival Microsoft. The gang up at Redmond, still desperately trying to finish up the long-delayed Windows Vista operating system, had no prayer of cribbing anything from Jobs’ August presentation. In fact, Microsoft was forced to bail on numerous features it had promised years earlier just to get the darn thing out the door.

My theory is that Jobs was concerned some of Leopard’s features might not be ready in time for its release. Learning from Microsoft’s mistakes, he labeled Leopard’s less certain features “top secret” and let the Mac rumor sites speculate on what marvels were to come, generating hype Apple could not hope to fulfill.

I watched the keynote on the streaming QuickTime feed the other night. As Jobs ran through his 10 Leopard features, I noted that only the first three – the new Desktop, the new Finder and Quick Look – had not already been previewed at last year’s WWDC. Fine features they are, but not quite deserving of the label “top secret.”

Don’t get me wrong. I can’t wait to use Leopard on my Macs, regardless of how often Jobs pre-announces its features. But after waiting more than nine months, we get only three cool-but-not-terribly-enthralling user interface enhancements? This warranted secrecy?

When you raise expectations the way Jobs did, people assume they’re going to be blown away. You have to wonder if Jobs simply exaggerated last August to fuel continued interest or if there are in fact more “top secret” features yet to be revealed. We won’t know until October, I suppose.

More thoughts on Jobs’ WWDC keynote:

Leopard looks great -- Unmet expectations aside, Jobs highlighted several things Monday that will significantly improve Mac OS X. I’m looking forward to Stacks, a way to put folders full of related things to which you’d like quick access in the Dock. Clicking on the Stack causes icons of its contents to spread out in an arc (or in a grid, if you prefer) so you can find and select the file you need. I also liked the way the Sidebar will now automatically include the icons of any Macs on your network (and thus easy access to anything on them) – no browsing or logging in required. And I’m sure I’ll heavily use the Quick Look feature, which lets you view any file – a photo, presentation, text document, video, anything -- without actually opening it.

Games – Both EA and id Software made major Mac-related announcements. EA plans to start offering Mac versions of major titles simultaneously with its releases for other platforms, such as Windows and Sony’s PlayStation. John Carmack of id Software showed off a new game engine that is compatible with OS X, meaning they, too, will be offering Mac versions of new games concurrent with those of other platforms. This redresses a grievance Mac gamers have had for many years. Mac versions of major games historically have arrived many months after their PC counterparts, if they arrived at all. While gaming has never been central to the Mac, the increased attention from game developers will make a significant segment of the Mac community very happy and offers further proof of the health and viability of the platform.

Safari for Windows – Regarding my comments on why Apple would release a Windows version of its free Web browser, it appears I was only partly right. I surmised that Apple was using Safari as bait to lure more Windows users to switch to the Mac. A post by an astute reader pointed out that John Gruber noted on his Daring Fireball Web site that browsers do indeed generate income via the search window in the toolbar. Gruber also suggested several other compelling reasons for Apple’s surprising move; his site is recommended reading for fans of the Mac.

Posted by David Zeiler at 3:51 AM in Mac OS X, Macworld & WWDC | Permalink | Comments (2)