NetWitness found a botnet with control of 74,126 Windows systems spread around 196 countries. These systems are found at medical companies, insurance companies, educational institutions, energy firms, financial companies, Internet providers, and government agencies.
Prevx came upon a cache with logon credentials for 74,000 FTP accounts. These accounts were for companies such as NASA, Cisco, Kaspersky, McAfee, Symantec, Amazon, Bank of America, Oracle, ABC, BusinessWeek, Bloomberg, Disney, Monster, and the Queensland government.
You know, you start to become jaded concerning the security of the most popular OS on planet Earth.
The OS that 90% of the people viewing this blog use.
The OS that your company runs on.
The OS that your government runs on.
The OS your school, college or university runs on.
The OS that your bank probably uses.
The OS that despite being quite clearly not fit for use, somehow continues to be used, because so many people’s lives dependent on it.
What people? Well you, me, the IT department that won’t even let you change your desktop pattern wallpaper at work, your parents, your friends, the guy you overheard talking in the bus queue this morning about how his computer has become unusable again, or the other guy he was talking to who said that all he had to do was:
a) pay for more security software
b) visit this site that tells you how to solve your latest Windows problem in 38 easy steps
c) buy a new computer
d) don’t do anything on your computer to do with online banking or payments of any kind.
And, yes that last group of people who benefit from the crap that Gates & Ballmer peddle every day – the criminals and ne’r-do-wells that use the money they generate from hacking your computer to buy & supply drugs to your kids, fund terrorism, and various other nasties.
Lots of fun for all concerned.
Thank you Mr Gates and Mr Ballmer for all this, and thank you Apple for allowing me to write this blog on a computer that is not affected by any of this.
Sorry for being so jaded, but I don’t see anyone, anytime soon kicking Windows technology out of the door.
In the end the solution was very simple, however the way in which I found out it was simple, was not simple.
Firstly, let me remind you the mac in question is a production machine, therefore I can’t afford to do anything wrong. So I had a plan.
I have a spare G5 (lucky me) so I decided to Carbon Copy Cloner the spare Mac (Mac 1) to a disk image on an external. I’d do the same to the Mac with the MobileMe problem (Mac 2).
It would then be a simple case of installing Mac 2’s disk image to Mac 1. I could then troubleshoot this Mac as much as I needed until the problem was solved.
Well this bit sounds simple but the cloning took ages; a day and a bit later I was set.
So I ran Onyx to clear all caches. After a restart – problem remained.
So I reinstalled the 10.4.11 update – and this solved the problem.
A short while later the production Mac is MobileMe’ing happily.
Why did MobileMe die? – Who knows?
Am I now happy? – Not really. When something goes wrong with a Mac I expect the answer to be a logical progression of testing and narrowing down the problem.
In this case, nothing made sense. The problem didn’t seem to have a logical solution, and the only thing that worked was overwriting some files with a combo updater.
This isn’t very Mac-like – and it’s that aspect of this that worries me a great deal.
So let me get this straight, a flaw in Safari, could allow a malicious attacker to download files (1, 2 or thousands) to your Windows desktop without your perrmission.
But the flaw doesn’t allow execution.
Because Apple’s not that stupid.
You know, to allow just ‘any’ file to just execute without permission.
So what’s the problem? Other than it being a ‘design’ flaw? It’s certainly not a security flaw is it? the files cannot be executed and therefore cause untold damage can they?
Ah, right but those files can…
By a flaw in Windows.
Not Safari, then.
So it’s Microsoft’s problem then is it?
That’s right it is.
And when will Microsoft fix this flaw?
No word on that. Yet.
I’m sure they’ll get round to fixing it asap, once they’ve blamed Apple for drawing attention to their SECURITY flaw, by a DESIGN flaw that Apple, quite rightly, didn’t really think would cause too much of a problem, because no company is stupid to allow files to execute by themselves.
Except Microsoft. Again.
Currently I have a PC in my studio that is connected to a USB printer, and this printer in Windows is being shared to the network.
I also have a couple of Mac’s that access this shared printer, and occasionally use it if the main workhorse A3 laser printer is busy.
This has worked fine on the Mac side, but occasionally, about once a month, the Mac’s connection to the printer doesn’t work.
The standard way to fix this is:
Test the PC to see if it still prints, 100% of the time it doesn’t, so we call in our in-house Windows IT spods to recreate the printer and share it again.
The Mac’s then work normally again, with no reconfiguration at all, they simply pick up the new printer and they’re good to go.
The mantra is, “If the PC prints, then the Mac will print also. Automatically.” This is why I use the Mac, it just works.
However, last week this wasn’t the case. The Mantra didn’t work.
As usual the Mac stopped printing to the shared USB printer. However this time, the PC printed fine.
So I asked the Windows IT spods to recreate the printer anyway. They did, it still didn’t work.
So I recreated the shared printer on the Mac and this is where we got to the bottom of the problem.
When you connect to a shared Windos printer on the Mac, it asks you for the login information for the PC. We knew this info, and we put this info in correctly, however the PC wasn’t accepting it, giving a ‘NT ACCESS DENIED” error, whatever that is.
So we thought the problem was with the Mac, and after half an hour trying different things, I gave up, telling the Mac-user to print to the A3 printer instead in the meantime.
I thought that was that, except next day the Windows PC wouldn’t log in to it’s desktop at all. The same log in info now wasn’t working on the PC either.
The spods came in, took it away, seemingly recreating the user with a new account & login.
Guess what, when I tried recreating the shared PC printer on the Mac – it worked fine.
So the problem was the PC simply deciding that it had had enough with that account and the only solution was to create a new one, which in turn solved our printer problem.
One day, Windows simply decides it’s not going to work anymore and needs massaging back to workability, and a whole career has been created around this concept.
I can see now why WIndows IT people are needed – and why they are scared sh*tless of the Mac.
I’ve long thought that the complexities of the Windows world were, in part, exaggerated by Apple users and their media (I’ve even been guilty of it myself), but I’m here to tell you now, it’s worse than everyone’s ever thought.
I’m now in charge of the company’s website. I relaunched it in the middle of last year and when faced with the complete rewrite that was needed, I decided that the best approach was a Content Management System (CMS) for the website so that anyone with a basic grasp of computers could update it. I certainly don’t have time to administer the website using Dreamweaver, so the plan was to buy in a CMS so that the less web-ware members of my staff could update the site in my absence.
The journey through this has been a difficult one with various problems too numerous to mention, except one. One that has shown me that the complexities of the Windows world are not exaggerated.
At the heart of the website is a registration system that allows a web-user to fill in a standard html form, upload a couple of graphics and then submit this to a choice of a dozen or so destinations. In the background this submission is then uploaded to a centrally stored database, and then automatically emailed to 1 of 10 users of the system. Once received, these users then contact the web-user and process their registration.
Except it doesn’t work. In fact in the 10 months or so since the website launched, it’s never worked.Of course, actually finding this out was an arduous task in itself.
Suffice to say after tracking the problem it appears it boils down to this: The web-users form is received centrally, perfectly. It’s when this form is emailed through my company’s webserver, we have a problem. It just never gets there. Doesn’t even register as spam, it just doesn’t arrive.
Changing the destination to a ‘@googlemail.com’ domain – it works fine.
It’s something to do with the website’s backend software communicating to our email server, they just don’t get along. Of course the one set of Windows users (who run the back-end website software for us), blame the other set of Windows users (who run our email server). I have the envious task of arranging a meeting between these 2 groups to hammer out a solution.
In the meantime, I, a lowly Mac-user, not versed in the intricate voodoo of email systems, has come up with a solution. All submissions from the website go to a ‘@googlemail.com’ email address, I set up for this purpose. They then come through to Apple Mail, where a Apple Mail set of rules, then examines the email, determines which destination it’s meant for and then forwards it on. This works fine.
But why doesn’t it one Windows based email system, work with another? It seems to me that these ‘experts’ haven’t a clue, at a low-level, how Windows actually works, and that is a scary thought, and it has taken a single G5 Mac and Apple Mail, to sort out the problem (at least in the short term).
I’ve had a real problem recently, something has had me cursing, gnashing, and basically screaming at a certain application from Apple. This application is Mail (or Mail.app, or Apple Mail or whatever).
It all started with upgrading a test iBook to Tiger shortly after the second or third maintenance upgrade was released.
As always, I test any major release with a non-work critical system before rolling the release out to the 4 or 5 other Mac’s in the studio.
This time my testing was not thorough enough. All apps seem to work ok, such as Adobe Creative Suite, Suitcase etc, but it wasn’t until I installed Tiger on the main work Mac that I came across the ‘Mail’ problem.
Something was wrong with Mail. It wasn’t that it was as slow as molasses, (it’s never been a speed demon), it didn’t seem to be downloading attachements, or emails with HTML correctly.
Instead, what I got was the ‘Mime gibberish’ that denotes that the way in which Mail was seeing attachments was completely screwed.
Upon testing, this seemed to be for all incoming and all outgoing messages. Mail was unusable.
Upon testing, I found that it was IMAP accounts that Mail could not handle. POP accounts seemed ok, and IMAP accounts connected to other servers worked fine. Mine did not. There is something about my unique situation, (I am part of a larger PC-based company and access my mail through a PC server), that Mail did not like.
One of Tiger’s biggest selling points was spotlight, and I was looking forward to being able to search through my mail with ease. I have a huge local mailbox, and I communicate with China on a regular basis on various projects, so having a reliable mail client, and especially one with which I could search my archived mail as easily as I could search through the files and folders of my system was a major draw.
Unfortunately this wasn’t to be. So I stopped the roll out to other Mac’s until an update hopefully fixed the problem, and started looking around for another mail client.
I used to use Entourage. Indeed I have tried to use Entourage in the past, and did for several months, but having struggled to make Entourage, Projects, Notes etc work for me, I found that I needed to change the way in which I worked, in order to use it. Something that I wasn’t prepared to do.
So I tried every (EVERY) mail client, freeware, shareware and commercial on the market, but none seemed to give me what I want, and in the end I settled for Thunderbird.
At first I was a little dubious, but eventually I found connecting to my email via IMAP, using Thunderbird was overall an excellent and pain free experience. The only clouds were the lack of Address Book integration, and poor search capabilities, but I decided to live with that until the next Apple updater.
Except the next Apple updater did not solve the problem, nor the next.
I had to look at this from another angle, so I decided to see whether I could connect to my email via POP, rather than IMAP. I have a personal POP account on my iBook, which works OK, and with a little persuasion from IT to give me the correct IP addresses, I tried the POP connection, but I wasn’t holding out much hope.
But it worked. It worked great, in fact it’s fast, flawless (apart from the odd dropped connection) and I am now using Mail, and have rolled out the full Tiger install to my studio.
But IMAP still doesn’t work, and although I can get around this, it’s still a major bug that needs fixing. I’ve posted to the Apple discussion forums, and apparently Apple are aware of the problem (it’s a problem with a ‘Groupwise’ connection), but as yet, there is no fix.
We may have to wait until Leopard.
But I don’t think that this is good enough. With Apple’s recent advertising campaign, touting the ‘it just works’ aspect of the Mac, I find that the advert and my experience are miles apart. I keep saying this about Apple, but you must do better.
One of my favourite authors is the late, great Douglas Adams. His humourous insights into any topic that caught his eye made him an immensely enjoyable read. The book (or books) he is most famous for of course are the Hitch-hiker books and one of his observations is pertinent to a situation that has recently rocked the tech world.
Now, bear with me, ‘cos if you haven’t read the books, this isn’t going to make much sense. Arthur Dent and Ford Prefect have just ridden on the back of a Perfectly Normal Beast and have gone through some sort of hyperspace rift into a new world, one that is populated by (amongst other things) a transport café, which they visit in order to gain some refreshments, and to see The King (yes THE King). There’s some REALLY funny bits about a credit card, restaurant write-ups and nibbling fingers, but I digress.
Once entering, the author remarks on the customers of this café. The establishment is a dark and moody place, full of dingy corners and shadowy, nasty ne’er-do-wells, such as drug dealers, murderers, assassins and record company executives.
This small observation, made in jest perfectly sums up the people we are dealing with here in connection with the Sony rootkit scenario.
The problem here is one of control. The record companies know that at some point in the future (not to far away either), all media will at some point in it’s journey from producer to consumer, pass through a computer.
Now the consumer sees this as an opportunity to transform & manipulate that media into whatever they want, in order to transfer it anywhere for their convenience. After all, they bought the media and they should have the right to do whatever they want with their property, correct?
The producer (in this case it is not the musician, it is the record company), sees this opportunity in a completely different light. Previous forms of media transportation (such as cassette, LP), had little in the way of copy protection because you could never make a perfect recording, the same applies to VHS. The record companies were not too bothered by this, and there was little they could do about it anyway, the technology didn’t exist that would have allowed them to stop it, so they grudingly lived with the situation.
CD’s took them by surprise. From what I can see, record companies are run by people who have little understanding of technology. They failed to see the upcoming danger of personal computers and ripping CD’s to MP3, and are now playing catch up.
This ‘catching up’ basically consists of making up for all the (apparent) lost revenue they saw since VHS Video cassettes first came onto the market. In their eyes, when you buy a CD or DVD, you are not buying the contents of that media. What you are buying is a licence (details of which varies from country to country), to experience that media under the conditions of that licence, and to a certain extent, they are right.
Now the conditions of that licence have changed little over the years, but what is different now, is the Record Companies see that with the potential use of technology (Black Hat Rootkits), they can enforce that licence in a way they have never been able to do before, and even change the conditions of that licence when they see fit. They see this as their last chance to enforce something they’ve wanted all along, potentially make a pot load of cash in the process and they are not going to let go of it easily.
There are a number of problems with this viewpoint, they do not see them, but we do:
1) A pirate is not a potential customer, and never will be. The record companies think that every pirated copy of a song is a lost sale. This is obviously incorrect and ignores a basic understanding of how consumers operate. Bill Gates once said in connection to piracy rates of his software in China, (and I’m paraphrasing here), “If they’re going to pirate software, let’s make sure it’s ours. We’ll figure out a way to collect later.”
2) Fair use. Now this little loophole in the licensing conditions differs from country to country. Where the law applies, you can make a back-up of the CD’s you have bought for your own usage. Some countrys are less than flexible (such as the UK), and other laws state that you cannot broadcast the songs you have bought to other people. The law regarding fair use is badly thought out and confusing. Consumers need a simple, fair system that takes into account their listenting & watching habits, plus takes into account the use of new technology. Until this happens, consumers will feel it is their right to treat their music in any way they want.
3) Respect for the consumer. What the record companys don’t understand, is that by tighteneing the grip on the listening conditions of their media, they will squeeze all the life out of it, and kill it stone dead. The consumer will not agree to (for instance), buying another copy of their music CD to give to their friend. They will simply copy it using iTunes, as they did before with LP’s and cassettes. The record companies have not lost a sale, because their friend would not have bought it anyway. The tenuous relationship that exists in this licence is the best they are going to get. If they push too hard, sales will go DOWN, not up.
What they should be doing is introducing fair DRM, like iTunes, on their CD’s. (Apple – a chance to licence FairPlay here please?). How about lowering their prices, and giving better value for money with these CD’s in terms of discounted tickets for live events, fan clubs & merchandise? This would give added value to the physical CD, and is something that is impossible to pirate.
Record companies, and all media companies have a problem with piracy, but this is not a new phenomenon. Their business model is totally reliant on a flexible approach to usage rights and if they try to alter this approach to the detriment of their customers, these customers will simply walk away, (probably in the direction of BitTorrent). The best way to fight it is by treating this threat as a competitor for your customers, not by treating your customers as criminals.
If you haven’t read the passage in Hitch-hikers as described above, the following won’t make any sense either, but a statement in this book sums up the attitude that media companies should have towards us:
“You should never bite the hand that feeds you. Nibble it occasionally, even suck on it really hard sometimes, but not actually bite it.”
This fly in Apple’s ointment has been brewing for the best part of a year now but I did not experience it until about 6 months ago.
The studio that I run is part of a larger PC-based company that is expanding rapidly and various internal developments necessitated a purchase of another Mac for the studio.
In the end I decided upon the single processor G5 (1.8ghz), and upon delivery everything seemed fine. I transferred over the user’s account from his old Mac (an 800mhz G4 which is now used as a print server), installed an extra 160gb internal hard drive for the user’s work and off he went into G5 heaven, extremely pleased that he cold now use InDesign at an acceptable speed.
After a few days several odd things began to happen. Occasionally and without warning the spinning beachball would occur, usually in Illustrator or the Finder.
So I did what I would normally do in this situation, I tried to force quit these applications – but they wouldn’t force quit. I tried quitting all other applications first and then trying to force quit the Finder – still no dice.
I then tried force quitting from the Activity Monitor and then the command-line – still nothing. I couldn’t even shut the Mac down – I had to press and hold the power button to restart the Mac.
Now, I did not know about the G5 freezing problem back then so I approached the problem in much the same way as any other, repairing permissions & running disk utility from the CD, all to no avail.
After this happened numerous times I tried to find out exactly what the user was doing in each occurrence and what I narrowed it down to was when the user was saving something to the extra internal hard drive. Taking the hard drive out completely, and moving the work folder to the boot drive seemed to make the problem go away.
I then ran tests on the hard drive but it was fine. It was at this point that I happened to listen to the MacCast and a chance article advertising a web-site (www.G5freeze.com), alerted me to the fact that I wasn’t alone in this problem. I registered my complaint with them and we all waited with baited-breath, waiting for Apple to notice us.
And, 6 months later Apple seemed to have noticed. The G5 System Firmware update has just been released. I have yet to install and test this update, I’m going to wait few days yet as this is a production machine and I do not want to risk anything, but initial feedback from the Apple forums seems to point to everything being okay.
However, this has been a troubling affair for all those people who have had working hours lost because of this anomaly. Apparently a lot of the early complaints were ignored, and some users were accused of lying about their problems. Many G5’s have been returned several times, and eventually were replaced with a dual G5.
This does not bode well for Apple’s crowning glories, i.e. the Mac’s reliability and great customer support, those crowns now need a lot of polishing. These kinds of problems should not affect Mac’s, and the fact that they do, point to a few problems in quality control at Apple.
Somebody is to blame for this, and I hope that lessons have been learnt. I also hope that this does not give us an insight to any future problems with the Mactel’s because once we’re all on the same hardware, and speed is no longer an issue, reliability and customer service will be the only thing Apple has left in hardware terms to differentiate themselves from the competition.