- The Tech Night Owl Newsletter — Cutting-Edge Tech Commentary - https://www.technightowl.com/newsletter -

Newsletter Issue #435

THIS WEEK’S TECH NIGHT OWL LIVE RADIO UPDATE

Have the browser wars returned? Well, at one time, Apple had Safari and Microsoft had Internet Explorer, and that wasn’t so long ago. The arrival of Firefox changed the odds considerably, and it now commands close to 18% of the world market. Today’s Internet Explorer does no better than just shy of 75%, and Safari stands above 5% — and that’s before Safari’s windows version was finalized.

In light of these developments, it’s clear that the browser wars are back in earnest. To observe that occasion, on this week’s episode of The Tech Night Owl LIVE, The Night Owl explored the subject with Adam Engst, Editor/Publisher of TidBITS. You also heard his views about Apple’s latest version of Safari.

On a similar front, author Steven Sande, author of “Take Control of iWeb: iLife “˜08 Edition,” described the unexpected power of this simple Web design application. He also acquainted you with a surprising use for the under-appreciated Mac mini. So if you really think the mini is suited for nothing more than low-end use, such as Internet access, email and word processing? Well, think again. During this fascinating session, Steve explained how he’d been using a bank of Mac minis as Web servers, with surprisingly compelling performance.

In another segment, Alan Oppenheimer of Open Door Networks gave us a Mac security update. Is it time to get virus software for your Mac “” or not? I’ll cover this subject in more detail in the next article.

And Ross Rubin, director of analysis at market research firm NPD Group, discussed the continuing spike in Mac sales and how Apple’s products compare in the marketplace with the competition.

On The Paracast this week, we present UFO trace researcher Ted Phillips, Director of The Center for Physical Research, who speaks about his ongoing investigations of physical trace evidence in the wake of reported UFO landings.

Coming April 6: Steve Bassett returns to The Paracast to discuss UFO disclosure and the forthcoming X-Conference 2008.

THE NIGHT OWL EXAMINES THE GREAT MAC SECURITY FRAUD

If you take those published reports at face value, the vaunted security of the Mac OS is just an illusion. During the annual Pwn2Own hacking contest this past week, someone easily exploited a supposedly unknown vulnerability in Apple’s Safari on a MacBook Air within a mere two minutes, earning a ten thousand dollar paycheck for his efforts.

Now, because of a nondisclosure agreement, we don’t know just what vulnerability was present in Safari that was handled so easily, but it sounds to me like a put up job. If you believe the claim, the security flaw was so blatant that it was easily discovered, and that’s extremely unlikely.

Consider that, on the first day of the contest, nobody could attack any of the test computers, running the Mac OS, Windows Vista, and Ubuntu Linux, remotely. Thus the original $20,000 prize went unclaimed. On day number two, the terms were relaxed, so the participants could actually work directly on the computers to locate and exploit possible vulnerabilities.

Now that severely lessens the seriousness of the flaws, because it means that you are granted direct access to the computer you’re going to infect. That severely lessens the danger. No direct access, no exploit, at least under the terms of this contest.

Although he’s not talking, I really doubt that security researcher Charlie Miller had a sudden flash of inspiration from upon high to access a hostile site in Safari and win his ten grand. No way could that possibly happen in a mere two minutes except by a divine or paranormal event. Instead, it’s clear to me that he had previously investigated possible flaws in Mac OS X and had discovered a security leak he could exploit on the spot when the time arrived.

So call it a good sense of timing.

This Academy Award winning performance certainly got the world’s attention. Apple can no longer tell us in their Mac versus PC spots that they can offer superior security to Windows boxes. Not when someone can attack a Mac in just 120 seconds.

Or can they?

Certainly, you can bet the companies that want to sell you Mac security software are going to extoll the virtues of the protection they’re offering you. So is it time to install malware protection? Are we ready for the scourge of computer viruses that used to be largely concentrated on the Windows platform?

I don’t think so.

You see, this contest and the winning exploit were nothing more than stunts! Sure, Charlie Miller is to be congratulated for his winning performance. More to the point, the information on that Safari security flaw has already been transmitted to Apple, and you can bet that they’ll fix it before long.

What this means is that it’s highly unlikely anyone of you is in danger of being infected. Consider what you have to do. First, you have to receive a link to a malicious Web site that contains the offending code. How is that to come? In an email alerting you to a problem with your bank account, a letter from the IRS, the promise of enriching yourself with a new work-at-home scheme — Internet porn? What?

Once you learn of this link, you have to be foolish enough to click on it to visit the offending site. One unlikely event is compounded by a second to transport you to this online den of inequity. So much for Macs being easy to exploit.

In Miller’s case, he knew where he was going, because he planned the whole thing in advance.

But what about computer viruses? Now that Apple is selling more Macs than ever — more than two million each quarter and growing — won’t Internet criminals decide it’s high time to move from the Windows platform and take control of your Mac?

It sounds like a convincing theory, particularly when a security software company tells you about a new “proof of concept” virus discovered in a laboratory. They release a patch to their virus definition strings, but it makes no difference. Nobody is ever infected by the virus; it never spreads into the wild.

This is not to say that Mac OS X is immune. Clearly it isn’t, witness the regular security updates that Apple releases. But those security shortcomings are at best theoretical. They exist, and the next Charlie Miller will no doubt exploit one at a subsequent contest. But that means little in the real world.

How many of you have encountered a genuine, 100% pure Mac OS X virus since the operating system debuted as a public beta in 2000 and as an actual release in 2001? Precious few, and then only for a certain low-threat virus that impacted iChat a while back.

However, that doesn’t make for a compelling headline laced with fear, uncertainty and doubt. You won’t read a story telling you that Macs really are quite safe, and that if you practice safe computing, such as not clicking on links that take you to the unknown, you should do fine.

Some day there may be a genuine, extremely threatening Mac virus for which you’ll need powerful protection. Certainly those who publish the software that provides such protection hope it’ll come sooner rather than later.

But I wouldn’t lose any sleep over it.

EXPLORING APPLE’S TIME CAPSULE

I am a preacher in one respect, and not in the same fashion as a certain controversial minister you’ve read about lately. You see, I am absolutely a devoted follower of the backup religion, and I practice it with great dedication.

Let me explain what I mean: Every single evening, Shirt Pocket’s SuperDuper! performs a clone backup on a second drive on my Mac Pro. Both the Mac Pro and MacBook Pro get regular Time Machine backups, and I’ll get to the latest mechanism to accomplish that purpose momentarily.

As for my Web sites, some time after midnight, the files are backed up to a secondary drive on the Web server. In addition, there is yet another backup later in the morning to another server in another state. So if the datacenter were to vanish in a sudden blaze of lightning and thunder one night, I’d still be able to lease another server and restore the files within an hour or so in order to get back online.

As to Time Machine, back when Apple first promoted Leopard’s feature set, they promised you wireless backups to the latest and greatest AirPort Extreme. Well, that promise fell by the wayside, and then it returned in the form of Time Capsule, which went on sale in February of this year. Time Capsule is, in the flesh, a somewhat thicker version of the 802.11n AirPort Extreme. Inside are the same basic components, plus what Apple calls a “server grade” hard drive with either 500GB or 1TB capacity.

My test unit, the $499 terabyte edition, arrived Thursday afternoon and was promptly deployed into service as the replacement for an AirPort Extreme. Typical of Apple’s wireless products, setup is far easier than the pathetic equivalents from most every other company I know about. In fact, once it was attached to my cable modem and wired network and powered on, the Setup Assistant appeared on my Mac Pro.

Within a couple of minutes, I named the router, then the network and established secure WPA2 encryption passwords. I configured the Time Capsule to backup files from my desktop and note-book Macs, and let it do its thing.

One cautionary note: The initial backup, which meant nearly 330GB of data from my computers, is going to be slow, and it should be done over a wired connection for maximum performance. The published reviews of Time Capsule tell you to let it run overnight without interruption, and you can take that to the bank.

Indeed, it took just shy of 12 hours for the initial backups to complete. After that, Time Capsule performs in the same fashion as any other Time Machine backup. Your latest files are copied over every hour for the first day, every 24 hours thereafter until a week has passed, and then weekly until the drive is full.

In my case, it’ll take a long time for the drive’s full capacity to be reached.

To be sure, Time Capsule’s drive may not be the fastest on the planet. Certainly Wi-Fi backups even at the speedier 802.11n standard, can be poky. But you’ll never have to worry about when and how to backup your stuff ever again. What’s more, Time Machine’s science fiction-style interface will make it easy to recover the files you’ve deleted by mistake, or have become damaged.

I do wish Apple would make it possible for Time Machine to provide a standard clone backup, and perhaps an easy method to restore your files. Right now, it requires rebooting with your original Leopard installation DVD.

But power users aside, it’s a sad fact that only a fraction of Mac users backup their files. The reliable and seamless combination of Time Machine and Time Capsule are definitely going to improve those percentages, and the higher the better.

THE FINAL WORD

The Tech Night Owl Newsletter is a weekly information service of Making The Impossible, Inc.

Publisher/Editor: Gene Steinberg
Managing Editor: Grayson Steinberg
Marketing and Public Relations: Barbara Kaplan
Worldwide Licensing and Marketing: Sharon Jarvis