• Newsletter Issue #875

    September 5th, 2016

    THIS WEEK’S TECH NIGHT OWL RADIO UPDATE

    The big question is not what Apple plans to unleash this coming week, but how may people out there will spring for a decent iPhone upgrade, or an Apple Watch 2 f it’s introduced. I’m making no new predictions about expected new features, though there are many as we move towards the Apple event with the assumption that some neat stuff will be added.

    Decisions about whether to upgrade to the latest and greatest aren’t so easy anymore, because wireless carriers have unbundled the phone from the service. So if you opt for one of those lease/purchase programs, such as AT&T Next, you’ll see an additional sum added to your monthly bill that reflects that product; that is, if you check the details. It can be $20-$30 per month, usually, and sometimes more, depending on the model you select. When you pay it off, usually after two years, your price decreases by that amount, unless you commit to ongoing upgrades every year or so, in which case you keep paying forever. This is a more honest payment scheme than the one where you make an upfront payment (unless it’s the entry-level “free” phone), commit to a two-year deal, but continue to pay the same amount after that deal expires.

    Knowing how that purchase impacts your bill may give you pause. If your current smartphone continues to function well, it may take an awful lot to persuade you to upgrade. There are hundreds of millions of people in a similar boat, and Apple needs to reach a hefty portion of them to make a success of the next iPhone. Can they do it?

    Right now, industry expectations are that sales of the presumed iPhone 7 will be lower than the iPhone 6s regardless of what Apple does. Let’s see how it flies.

    So on this weekend’s episode of  The Tech Night Owl LIVE, we presented tech journalist Sean Aune, director of operations for TechnoBuffalo, an online blog and gadget review site. He focused mainly on what’s expected from Apple during the September 7th media event in San Francisco. The predictions mainly covered an iPhone 7, but Sean also discussed the possibilities for introducing an Apple Watch 2, and Apple’s skirmish with the European Commission over a $14.5 billion tax bill.

    You also heard from security expert and ethical hacker Dr. Timothy Summers, President of Summers & Company, a cyber strategy and organizational design consulting firm, who talked about the latest hacks impacting the Democratic National Committee and other Democratic facilities. Are the hackers strictly focusing on one political party? And what about those recent security fixes from Apple? I’ll have more to say about the security issue in the next article.

    The final half of the show featured John Martellaro, Senior Editor, Analysis & Reviews for The Mac Observer. His bill of fare included such topics as “Blood in the Macintosh Water,” why “There Ain’t No Such Thing as Free TV,” “Is There Anything Apple Can’t Do? That’s Now a Problem,” and how “Autonomous Vehicles Might Develop Superior Judgement.” Gene wondered whether the day might come in the next few years where he will have to give up the keys to his car and surrender to a self-driving vehicle.

    On this week’s episode of our other radio show, The Paracast:  Gene and guest co-host Goggs Mackay present Dr. Robert Davis, author of “The UFO Phenomenon: Should I Believe?” Robert Davis is an internationally recognized scientist in his field, and served as a professor at the State University of New York for over 30 years. He is a member of the Dr. Edgar Mitchell Foundation for Research into Extraterrestrial Encounters (FREE),” composed of many leading researchers from various disciplines.  The FREE website includes their initiatives, scholarly articles written by members of FREE, and the results of their ongoing research results obtained from over 2,500 individuals who report conscious recall of contact with UFOs and non-human intelligent beings. During this episode, Dr. Davis will address the outcomes of their preliminary research results and associated theories and implications for future research.

    APPLE AND FIXING CRITICAL SECURITY PROBLEMS

    At one time, it was thought that Apple paid little more than lip service to security problems on Macs and iOS gear. True, each maintenance update usually included a set of security fixes, but what if something occurred between those releases? Would Apple act quickly to keep customers safe?

    You may have wondered about that in 2011, when hundreds of thousands of Macs were allegedly infected by the Flashback Trojan. Now those numbers all depended on believing one security company’s estimate. Some suggested that estimate was provided to help sell more product as much as to protect you from something nasty. But Flashback wasn’t due to any flaw in OS X. Instead, it was due to a flaw in Java, the cross-platform development scheme owned by Oracle that was bundled with OS X. Specifically it was the Java browser plugin, often used for online chat rooms and other services.

    Apple seemed to take its sweet time devising a solution. Oracle did its part with a revised Java, and Apple finally made the browser plugin optional, and stopped providing Java to Mac users. The version you use now comes from Oracle, and it’s that company’s responsibility to maintain it.

    Now the promise of Java was to make it easier for developers to write one version of an app, a Java version, and have it run on multiple platforms. In practice, Java-based Mac apps sort of look Mac like, but as if they were alien shapeshifters unsuccessfully struggling to appear human. Performance might also be inferior to the native app.

    Meantime, Oracle has been embroiled in ongoing litigation with Google over the use of some Java resources in Android. So far, Google has been the victor in courtroom skirmishes, but Oracle hasn’t completely given up.

    In any case, it was clear that Apple could not continue to allow Mac security flaws — whether their fault or someone else’s — to persist for long periods of time. While most aren’t exploited, it only takes one to create havoc. Fortunately, the Macs affected by Flashback didn’t actually do much of anything strange. Security software apps were updated to remove it, and Apple provided their own tools to accomplish the task. So you didn’t have to suddenly spring for antivirus software to be safe. Regardless, there are free Mac security apps if you want the extra ounce of protection.

    Now it’s not that Apple has provided no protection. Since 2009, OS X has included XProtect, a feature that can quarantine a possibly infected file. Apple silently updates the malware definitions from time to time. If an app is caught, it doesn’t launch. Otherwise, if you download an app from the Mac App Store, it runs normally. If you download an app from the Internet that contains a valid Apple security certificate, you’ll be notified on first launch, and still have the option to open it or not. But if you download an app that doesn’t contain the Apple certificate, it won’t run without using the Option key to bypass the built-in protection.

    That’s the normal setting. You can configure the handling of apps in the Security & Privacy preference pane. You can limit it strictly to software that you download from the App Store, or you can opt to open everything with the Anywhere option. I wouldn’t recommend the last choice unless you are fully aware of the consequences and are extremely careful about what you download and install.

    Remember, this protection is limited to the first launch of an app. Once it passes the initial test, the app will continue to run normally even if it is later infected through some security mishap.

    Clearly Apple no longer waits for a regular maintenance updates to fix a security problem. In the past week, Apple released an emergency security patch to eliminate three vulnerabilities that could allow someone to attack your Mac and do nasty stuff. The fixes were the same as those provided in the iOS 9.3.5 update the previous week. This was clearly an emergency move that fixed two OS kernel bugs, and one that impacted Safari.

    Published reports from security researchers at Lookout and the Citizen Lab at the University of Toronto indicate that these bugs could be exploited to allow someone to use an Apple device for illegal surveillance.

    Clearly Apple understood the seriousness and released these patches fairly quickly. Some might wonder why OS X and iOS weren’t patched the very same day, but any fix of this sort requires time to develop and test. It’s also important to make sure that the patch doesn’t cause other problems as a result. Without knowing what Apple had to do, and the resources they had to accomplish the task, I won’t attempt to guess at whether it could have been done faster and more efficiently.

    But it’s important to look at the competition. Google might be notified about or uncover a similar problem with Android, but actually deploying the needed patches to customers may be difficult or impossible. Unless you’re using a pure Nexus device, such an update has to be sent to the manufacturer of the mobile gear. If it’s a smartphone, the manufacturer’s fix has to be sent to the wireless carrier to deploy. It can take weeks to accomplish, and it may never happen. There are ongoing reports of unfixed security flaws impacting hundreds of millions of Android users.

    Remember, too, that the majority of Android devices out there run operating systems that are two or more years old. Even if you buy new gear, you’re not always assured that it’s running the latest version of Android.

    While there may be reasons why some of you favor Android over iOS, the inability to get timely OS updates, especially critical security patches, is the deal breaker for me. The discussion ends there.

    THE FINAL WORD

    The Tech Night Owl Newsletter is a weekly information service of Making The Impossible, Inc.

    Publisher/Editor: Gene Steinberg
    Managing Editor: Grayson Steinberg
    Marketing and Public Relations: Barbara Kaplan
    Sales and Marketing: Andy Schopick
    Worldwide Licensing: Sharon Jarvis



    Share
    | Print This Issue Print This Issue

    Leave Your Comment