Amongst Microsoft’s many, many accomplishments, is this lovely little gem:
There are bugs that Microsoft patch pretty quickly, there are bugs that take a little more testing and take longer, there are bugs that they take ages to patch for some reason.
And now, from your trustworthy business OS supplier comes a first in long history of innovation – a bug that cannot be patched.
It can’t be fixed.
Why this isn’t more widely reported is beyond me. Microsoft’s solution is to run IE8 in a restricted mode which seems a band-aid solution to me.
Sure, Vista solves this little hiccup, but just about every Windows box that I can see from my happy little Mac studio, is still running XP.
What galls me the most is that this little feature has been present in every version of Windows up until Vista, they’ve only just discovered it as far as I can tell.
A few years from now, will there be another ‘unpatchable’ flaw in Vista, Windows 7, 8, 9 etc that they discover?
Why do people not question them? Why do they just accept this? Why is the news full of Apple releasing another device that everyone fails to understand, because it just happens to do something different, and not full of Microsoft’s unbelievable, amateurish and downright dangerous coding?
No other web browser on the Windows platform is affected. Does that not say something about this company?
Upon thinking about Microsoft entry into the retail space, a few thoughts occur.
Microsoft have a really deep seated envy of everything that Apple does. Now, they’ve always had this from the very first meeting about Windows 1.0, and in the past they could get away with it.
After all, despite all Apple’s efforts, they were not a mainstream company. Microsoft and their partners dominated and no-one outside Apple’s niche had ever heard of them.
All the great unwashed saw was ever greater ‘innovation’ coming from Redmond. They did not know that this innovation was a photocopied, me-too agenda based upon what Apple did.
This approach works fine, as long as Apple remains a niche.
Can you really say that Apple Inc. is at this current moment ‘a niche player’?
Group together everything that Apple does, the Mac, iPod, iPhone etc, and their approaching 10% market share (and even greater mind-share), I think not.
Why does this make a difference? Well, Microsoft can keep up the pretense of being an ‘innovator’ as long as no-one (or at least the majority) knows that Apple exists.
This is all the more difficult, and one very good reason this is getting harder, is because of those pesky Apple Retail Stores.
People used to listen to their ‘geeky friend’ on what computer to purchase, which was usually, if not always Windows.
That’s not the case now, they see an Apple Store, go in, and more often than not, purchase. I don’t know what their footfall conversion rate is (the % of customer who enter a store and either do or do not purchase something), but according to Apple 50% of those purchases are to Windows users.
So what is Microsoft to do? Well there’s only one thing to do, fight fire with fire.
But Microsoft has a problem, and it’s a problem that cannot be got around. The PC model is proprietary OS on open hardware. Apple’s model is open OS (sort, parts of etc), on proprietary hardware.
Now I don’t care what people say, Apple’s model gives us more reliable computers, Microsoft’s model gives problems – lot of them, with more chances to go wrong.
Apple’s model is naturally fits the retail environment. People enter Apple Stores for an experience. Yes, they take their computers in to be fixed, and Apple manages that quite well, as their model keeps those fixes down to an acceptable level.
Microsoft? Their model invites problems, how the hell are they going to manage all those PC users with viruses, spam, malware and faulty hardware because their ‘geeky friend’ made their computer?
This should be interesting to watch…
This is going to be fun to watch…
Imagine the scene: Microsoft opens it’s store, hoping that people will walk through the door and fully grasp that Microsoft software can help their digital life and will be wowed by everything they have to offer and they won’t go to that funny fruit store down the street.
However what will happen is that Joe Sixpack will walk through the door walk up to the counter and say, “Ug! Computer not work, you fix!” (Along with the 20 people behind them with similar complaints).
The patient (and butt-ugly) Microsoft genius with say, “I’m very sorry sir, but your issue is a hardware issue and I’m afraid Microsoft only deal with software, I can give you the number of the Dell support-line?”
Mr Sixpack will then say, “Ug! Dellman say your software got virus, you fix!”
The Genius eyes will then light up and say, “Aaaah, yes sir then we can help you, we sell virus killing software starting at $59.95 per month for our basic package.” He then hands him a leaflet.
Mr Sixpack numbly hands over his credit card, “just make computer work – me want pr0n!”
At the end of the month Microsoft will say that their software stores are a great success, having sold millions of software packages that help their customer get more from their computer purchase.
If anything, this will force more consumers into Apple stores because for the first time, Microsoft will meet the great-unwashed PC buying public – and their problems. I really don’t think Microsoft realise that aspect at all – they really are that arrogant and full of themselves.
The will not be able to cope – it will be a PR disaster. All Apple needs to do is air a well-timed Mac vs PC add that targets this sh*t storm, and watch them come through the doors.
Microsoft, please, please, please – carry on.
So let me get this straight, a flaw in Safari, could allow a malicious attacker to download files (1, 2 or thousands) to your Windows desktop without your perrmission.
But the flaw doesn’t allow execution.
Because Apple’s not that stupid.
You know, to allow just ‘any’ file to just execute without permission.
So what’s the problem? Other than it being a ‘design’ flaw? It’s certainly not a security flaw is it? the files cannot be executed and therefore cause untold damage can they?
Ah, right but those files can…
By a flaw in Windows.
Not Safari, then.
So it’s Microsoft’s problem then is it?
That’s right it is.
And when will Microsoft fix this flaw?
No word on that. Yet.
I’m sure they’ll get round to fixing it asap, once they’ve blamed Apple for drawing attention to their SECURITY flaw, by a DESIGN flaw that Apple, quite rightly, didn’t really think would cause too much of a problem, because no company is stupid to allow files to execute by themselves.
Except Microsoft. Again.
So here we go…
The likes of ‘Pwn to own’ is a vital tool in the arsenal of the computer bug-fighting community, boldly going into the fray, fighting those bugs so you don’t have to. Bringing to light otherwise unknown security issues into the viewpoint of the public, and using their carefully honed skills to keep your computing life safe.
For the good of the community.
Not for any other reason.
Not so they can stub (another) lit cigarette out in our eyes, maybe.
No, definitely for the good of the community.
OK, back to reality. As you can see I’m not at all enamoured by this stunt. But before you (quite rightly) state that I am a Mac fanboy, let me just put across what I’m on about.
Yes Safari has a bug, quite a serious one and one that needs addressing. A carefully crafted website can give, once visited, root access. This is a biggie, a serious one and I’m in no doubt that Apple is currently fixing this ASAP.
However the bug isn’t the issue here. What is the issue is the way in which this bug has been demonstrated and ‘launched’ into the public arena.
This whole exercise is not about safeguarding the computing public, this is about sad Windows users getting maximum exposure for a bug they have discovered in Safari.
The whole ‘pwn to own’ is a packaging exercise, a PR stunt, to get the largest exposure possible for the discovery of a flaw in Safari’s webkit, I work in marketing and PR, and I know a PR stunt packaged as ‘reality’ when I see one.
Think about it.
1) The MacBook Air. Why the MacBook Air? Why not a Mac Mini?, or an iMac? Because it’s Apple’s flagship product, they’ve pumped millions into its advertising, so any flaw discovered would taint Apple’s top product – and give maximum exposure to the ‘event’.
2) Hacked in 2 minutes? Right. I think you mean 2 weeks and 2 minutes. The website they visited to take advantage of the flaw had been previously created by them. It took them 2 weeks to figure it out.
So a competition was set up just at the same time as they just happened to have finished constructing a website that demonstrated the flaw?
No, what happened was that they discovered the flaw, and were about to announce it when it occurred to them that simply just announcing the flaw wouldn’t be enough.
It’s been done before and it’s old news. Everyone would simply say, “A flaw? Oh, right a bad one. Hmm that’s not very good. But I expect Apple will fix it soon. Next news item please…”
So they held onto their discovery until a suitable PR event occurred, or maybe (and more controversially), a phony competition was packaged around the bug, for maximum media exposure.
Either way, they got that exposure, well done everyone.
When you look at this whole incident from this viewpoint, you have to ask yourself, Windows users are seriously in need of some therapy.
Oh, and the excuse that they won the MacBook Air and are Apple users? Of course they are, how else do you expect they know so much about hacking a Mac?
I started writing this blog to outline some of my personal experiences of the Apple experience, in the hope that I may shine a light on the reasons why people such as myself choose Apple whenever they can.
I rarely comment on wider Apple-related tech issues, because they are usually well documented already, on blogs and Mac-tech sites far more eloquently than I could manage.
But this time I feel that I’d like to air my views on a small group of people who have made the Apple-headlines recently.
I’ll briefly go into some history (as you probably, as a Mac-user, know the details of this extensively already).
Last year a group of security experts highlighted a potential security threat with Mac’s and their wireless capabilities. They showed a Mac being hacked over a wireless network.
Now, this is about as bad as it gets in terms of security, and the entire Mac web rose up in alarm.
But then cracks started to appear. They started with the fact that the hack did not occur with the built in wireless card, but a third party one. Now, most Mac-users clearly pointed out that you would not install any third party hardware as a perfectly good wireless card was already installed by default.
Okay, said the protagonists, but you can hack the Apple-card as well, we just won’t show you that bit.
Hmmm. Coupled with a remark that they would like to stub a lit cigarette out in Mac-users eyes, most of the Mac-web (and even the more neutral sites), brushed off this ‘threat’ as minor at best.
Fast forward to late last year, and these same ‘security experts’ proposed a media event entitled, “The Month Of Apple Bugs”, to highlight one Apple bug per day, thus proving that all Mac-users live in a dream world and they are just the people to shatter that dream.
It’s now approaching the end of that month and what has been the result? Well, a little mixed. Some of the bugs are serious (Quicktime & Disk Image bugs), some pointless (cause the application to crash), and some bizarre, (using third party applications with no connection to Apple).
I have no problem with them highlighting these bugs at all. I think the work they are doing is valid and needed.
I would argue that their precept (that all Mac-users think that the Mac is bulletproof), is deluded and is created by anti-Mac press trying to give us enough rope to hang ourselves with, but that’s really not my point.
My point, or points are:
1) The motivation to highlight these bugs in the first place is suspect, and
2) The execution in highlighting these bugs is downright dangerous and childish.
Their reasons for doing this work has never been sufficiently explained. It seems to me to be born out of a frustration with Mac-users. They seem to think that we are somehow deluded in our choice of Apple, and that the software that Apple writes is just as full of security holes as Windows (which is arguable). I think they’ve spent far too much time on digg and slashdot personally, and have an axe to grind.
Whatever their reasons, their execution is, as I’ve said, is dangerous and childish.
The way it usually works is this: you find a security vulnerability and you inform the manufacturer first, before releasing it to the public. You can add a time limit on to this if you want, but it’s good manners to give the manufacturer a little breathing space. Once the manufacturer has released a fix, you get a mention in the release notes – kudos to you.
That’s it. That’s all you get and that’s all you should want – public praise for your effort, which will increase your standing in the tech community. You shouldn’t want any more praise, because hey, this is all about helping and safeguarding users by informing the manufacturer of bugs and strengthening the OS isn’t it?
It’s not about your ego, is it?
The person that uncovers a previously unknown bug isn’t the bad guy, are they?
And here is where their execution stinks. Their execution, by not informing Apple before releasing the bug into the wild actually hurts the users, damages Apple, and only gives them more ammunition for their egos.
This is all about a childish attempt by a pissed off Windows user to get back at Apple users because for some reason, the fact that there are a few stupid Mac-users on Slashdot who keep on saying that the Mac is bulletproof, he feels it is his duty to stub a lit cigarette out in our eyes (metaphorically speaking).
I’ve said it before and I’ll say it again – Windows users are really screwed up people.