Widget's can make operating system calls through the system extension. Of course they can only do things that the user has security to do.
Let us imagine there is a privilege execution problem in a low level command. This is a traditional way to gain control of a Unix box at a level higher than you are entitled to.
Or easier still, let us imagine a widget that prompts the user to enter their admin account/password to authorise something that sounds realistic ('install new version').
Let's also consider that widget's are mostly written in JavaScript which has a far higher development audience than Objective-C, and that most people think widgets are fun things that can't do any harm.
At the simplest level someone could write a widget that just did an rm * on your iTunes and iMovies collection. It would be your fault for trusting and running it, and it would not last long before word go around, but most end users expectation is that a widget wouldn't do that sort of thing. Psychology is the biggest thing hackers exploit.
Given all that, perhaps Apple wanted to put in a way to block / kill bad widgets, without actually announcing a new security tool for Dashboard. (CNET Headline 'Apple Dashboard Security Flaw' - a proof of concept Trojan widget has been created by a security researcher).
Widget's can make operating system calls through the system extension. Of course they can only do things that the user has security to do.
Let us imagine there is a privilege execution problem in a low level command. This is a traditional way to gain control of a Unix box at a level higher than you are entitled to.
Or easier still, let us imagine a widget that prompts the user to enter their admin account/password to authorise something that sounds realistic ('install new version').
Let's also consider that widget's are mostly written in JavaScript which has a far higher development audience than Objective-C, and that most people think widgets are fun things that can't do any harm.
At the simplest level someone could write a widget that just did an rm * on your iTunes and iMovies collection. It would be your fault for trusting and running it, and it would not last long before word go around, but most end users expectation is that a widget wouldn't do that sort of thing. Psychology is the biggest thing hackers exploit.
Given all that, perhaps Apple wanted to put in a way to block / kill bad widgets, without actually announcing a new security tool for Dashboard. (CNET Headline 'Apple Dashboard Security Flaw' - a proof of concept Trojan widget has been created by a security researcher).
That would only apply to someone who had a .Mac account since the sync pref isn't otherwise available. And it is not the case that Apple's widget probe only applies to people with .Mac accounts. I don't think it is a big issue, but it is another example of Apple treating customers like adolescents.
So when Apple does this stuff, it's "simple user error" but when Microsoft does it, it's spyware. How interesting a little perspective is.
nicmart's right. It's Apple treating their customers like children, which is where the real "not news" is. Apple is control, always have been, always will be.
That would only apply to someone who had a .Mac account since the sync pref isn't otherwise available. And it is not the case that Apple's widget probe only applies to people with .Mac accounts. I don't think it is a big issue, but it is another example of Apple treating customers like adolescents.
So when Apple does this stuff, it's "simple user error" but when Microsoft does it, it's spyware. How interesting a little perspective is.
nicmart's right. It's Apple treating their customers like children, which is where the real "not news" is. Apple is control, always have been, always will be.
One would think companies would figure it out by now
users are suspicious of any software phoning home. They could avoid a lot of trouble, rumors (like the kill switch rumor for MS WGA), and bad press by being responsible and acting in good faith by disclosing these sort of features up front and not hiding it in EULA or not mentioning it at all.
One would think companies would figure it out by now
users are suspicious of any software phoning home. They could avoid a lot of trouble, rumors (like the kill switch rumor for MS WGA), and bad press by being responsible and acting in good faith by disclosing these sort of features up front and not hiding it in EULA or not mentioning it at all.
This feature of 10.4.7 - UNLIKE WGA - only checks on the validity of third party widgets on your dashboard.
It does not "snoop" on your operating system, record your keystrokes, or do any other tinfoil hat wearing stupid post which i'm sure will make its way to this comments section soon enough.
But hey, don't let that stop you from your 15 minutes of ranting fame.
WGA does not 'snoop'. Very clearly, as stated from the beginning, it checks to see if you are running a legit copy of Windows. Totally above board. Also, the only reason WGA picked up the phone every reboot was to read a control file off the MS servers, not send info like keystrokes; so your ignorance is set in stone for all to see. Just like WGA, however, Apple did not fully or clearly detail what it is you were downloading, nor the fact it would dial out on a regular basis, nor what it was sending. You Apple apologist truly know no bounds. Almost any action if vilified or ignored, simply because of who is doing it.
As a Mac user I see no reason for my Mac to check back in with anyone for any reason. I would also prefer to know before hand and having the option of not participating in such checks. Your complacency is certainly not indicative of most competent Mac owners I know.
This feature of 10.4.7 - UNLIKE WGA - only checks on the validity of third party widgets on your dashboard.
It does not "snoop" on your operating system, record your keystrokes, or do any other tinfoil hat wearing stupid post which i'm sure will make its way to this comments section soon enough.
But hey, don't let that stop you from your 15 minutes of ranting fame.
WGA does not 'snoop'. Very clearly, as stated from the beginning, it checks to see if you are running a legit copy of Windows. Totally above board. Also, the only reason WGA picked up the phone every reboot was to read a control file off the MS servers, not send info like keystrokes; so your ignorance is set in stone for all to see. Just like WGA, however, Apple did not fully or clearly detail what it is you were downloading, nor the fact it would dial out on a regular basis, nor what it was sending. You Apple apologist truly know no bounds. Almost any action if vilified or ignored, simply because of who is doing it.
As a Mac user I see no reason for my Mac to check back in with anyone for any reason. I would also prefer to know before hand and having the option of not participating in such checks. Your complacency is certainly not indicative of most competent Mac owners I know.
Sad, for it shows no one has learned a thing!, from the SONY BMG phone home rootkit illegal virus saga of last year!
It does amply demonstrate, the age of the user's absolute control of his or her computer as an independent entity!, is rapidly coming to an end though!, should either Apple or the monolith like Microsoft gain the upperhand!
It will always remain about free choices and fair use!
Sad, for it shows no one has learned a thing!, from the SONY BMG phone home rootkit illegal virus saga of last year!
It does amply demonstrate, the age of the user's absolute control of his or her computer as an independent entity!, is rapidly coming to an end though!, should either Apple or the monolith like Microsoft gain the upperhand!
It will always remain about free choices and fair use!
What next? Blue screens of death added to next version of Mac OS X? <a class="jive-link-external" href="http://www.techknowcafe.com/content/view/551/43/" target="_newWindow">http://www.techknowcafe.com/content/view/551/43/</a>
No, but the is a reason CNET's banner is yellow...
Yellow journalism?!
This is a check for updates. The sort of check almost every piece of modern software has a feature.
It can be disabled, it doesn't report information to the company, and there is no reason to have it as such as prominent headline, except that CNET knows the "controversy" will draw page views.
Whatever. That's the business model of the blog: spread FUD and get clicks.
No, but there is a reason CNET's banner is yellow...
Yellow journalism?!
This is a check for updates. The sort of check almost every piece of modern software has a feature.
It can be disabled, it doesn't report information to the company, and there is no reason to have it as such as prominent headline, except that CNET knows the "controversy" will draw page views.
Whatever. That's the business model of the blog: spread FUD and get clicks.
What next? Blue screens of death added to next version of Mac OS X? <a class="jive-link-external" href="http://www.techknowcafe.com/content/view/551/43/" target="_newWindow">http://www.techknowcafe.com/content/view/551/43/</a>
No, but the is a reason CNET's banner is yellow...
Yellow journalism?!
This is a check for updates. The sort of check almost every piece of modern software has a feature.
It can be disabled, it doesn't report information to the company, and there is no reason to have it as such as prominent headline, except that CNET knows the "controversy" will draw page views.
Whatever. That's the business model of the blog: spread FUD and get clicks.
No, but there is a reason CNET's banner is yellow...
Yellow journalism?!
This is a check for updates. The sort of check almost every piece of modern software has a feature.
It can be disabled, it doesn't report information to the company, and there is no reason to have it as such as prominent headline, except that CNET knows the "controversy" will draw page views.
Whatever. That's the business model of the blog: spread FUD and get clicks.
Privacy entails that I can *choose* with whom I - and by extension my computer - want to communicate with. Apple did not offer a choice, but failed to mention that there is a 'phoning home' feature in OS 10.4.7. If they would have let everybody know about it, and would have provided their customers with an option to turn it off, nobody would feel violated. As it stands, there are going to be an awful lot of unhappy Mac users... very soon.
Privacy entails that I can *choose* with whom I - and by extension my computer - want to communicate with. Apple did not offer a choice, but failed to mention that there is a 'phoning home' feature in OS 10.4.7. If they would have let everybody know about it, and would have provided their customers with an option to turn it off, nobody would feel violated. As it stands, there are going to be an awful lot of unhappy Mac users... very soon.
Microsoft invented it first, Apple just copied it (LOL)
Wouldn't you know, of all things to steal from microsoft, it would be this? How ironic! After reading the story, I'm still sitting here shaking my head wondering, "How many operating systems does it take to screw in a bad idea (light bulb blinking over the head)?"
Microsoft invented it first, Apple just copied it (LOL)
Wouldn't you know, of all things to steal from microsoft, it would be this? How ironic! After reading the story, I'm still sitting here shaking my head wondering, "How many operating systems does it take to screw in a bad idea (light bulb blinking over the head)?"
If we're going to start "verifying" now that widgets are authentic, then why stop there? Why not "verify" all the other programs on your computer? From there it's a slippery slope, with Apple deciding what programs are worthy of verification, and who is allowed to create "official" programs for the Mac -- and maybe even eventually going the way of Nintendo and Sony, requiring all Mac software to be licensed and shutting out hobbyists, shutting out shareware, shutting out emulators or any other programs they object to.
If we're going to start "verifying" now that widgets are authentic, then why stop there? Why not "verify" all the other programs on your computer? From there it's a slippery slope, with Apple deciding what programs are worthy of verification, and who is allowed to create "official" programs for the Mac -- and maybe even eventually going the way of Nintendo and Sony, requiring all Mac software to be licensed and shutting out hobbyists, shutting out shareware, shutting out emulators or any other programs they object to.
OSX already requires you to put in personal information including name, address and telephone number when you start up a new Mac or reinstall your OS. It will not let you leave this info blank. That info gets transmitted back to Apple. At least MS doesn't <i>require</i> you to register.
I have *NEVER* put in that info. When you get to that section, hit Apple-Q (or Command-Q according to some people -- it's the same key anyway). It will then ask you if you want to decline registration at that time. Say yes, and there you go!
the Mac OS doesn't require one to enter license keys.
Asking for registration is really quite modest. I really don't have a problem with Apple wanting to find out who their customers are.
As the other poster said, you can bypass the process by quitting (which is not as hidden as you describe since, I think, Quit is available as a menu choice -- besides command-Q is hardly undocumented; it's been the way to quit any Mac program since 1984). Or, you can supply phony contact information if it really bothers you.
OSX already requires you to put in personal information including name, address and telephone number when you start up a new Mac or reinstall your OS. It will not let you leave this info blank. That info gets transmitted back to Apple. At least MS doesn't <i>require</i> you to register.
I have *NEVER* put in that info. When you get to that section, hit Apple-Q (or Command-Q according to some people -- it's the same key anyway). It will then ask you if you want to decline registration at that time. Say yes, and there you go!
the Mac OS doesn't require one to enter license keys.
Asking for registration is really quite modest. I really don't have a problem with Apple wanting to find out who their customers are.
As the other poster said, you can bypass the process by quitting (which is not as hidden as you describe since, I think, Quit is available as a menu choice -- besides command-Q is hardly undocumented; it's been the way to quit any Mac program since 1984). Or, you can supply phony contact information if it really bothers you.
Grab a copy of the utility "Little Snitch" and the problem is solved. It will tell you when ANY software is trying to connect to the net and allow you to disable it.
Galendw posted a link above that details exactly how to turn this off. In case people are paranoid about clicking links (I am when using a winblows box), the instructions are as follows:
Not so bad. Ever go through removing that WGD (Winblows Genuine DISadvantage) trash from your system before? I have, let's just say it's not quite so easy.
Since we're comparing this to WGD, would someone mind telling me how Apple could use this to disable your system? That's what ticked me off about WGD - I couldn't use my own computer for a few days until I called M$ and read them a bunch of useless numbers, then entered another bunch of useless numbers. And for those who figure I'm a nefarious type, no my XP license isn't in question (it's perfectly legal) and no I haven't upgraded anything on my box in years (same processor, memory, motherboard, HD, etc). WGD literally locked up my computer because my firewall prevented it from phoning home upon installation (it can be argued that's my fault, since I blocked it). I seriously doubt Apple could do the same with this.
That said, this wasn't a good move for Apple to say the least. I wish these companies would learn to come clean about stuff like this, it wouldn't bother people as much as discovering it this way does.
Grab a copy of the utility "Little Snitch" and the problem is solved. It will tell you when ANY software is trying to connect to the net and allow you to disable it.
Galendw posted a link above that details exactly how to turn this off. In case people are paranoid about clicking links (I am when using a winblows box), the instructions are as follows:
Not so bad. Ever go through removing that WGD (Winblows Genuine DISadvantage) trash from your system before? I have, let's just say it's not quite so easy.
Since we're comparing this to WGD, would someone mind telling me how Apple could use this to disable your system? That's what ticked me off about WGD - I couldn't use my own computer for a few days until I called M$ and read them a bunch of useless numbers, then entered another bunch of useless numbers. And for those who figure I'm a nefarious type, no my XP license isn't in question (it's perfectly legal) and no I haven't upgraded anything on my box in years (same processor, memory, motherboard, HD, etc). WGD literally locked up my computer because my firewall prevented it from phoning home upon installation (it can be argued that's my fault, since I blocked it). I seriously doubt Apple could do the same with this.
That said, this wasn't a good move for Apple to say the least. I wish these companies would learn to come clean about stuff like this, it wouldn't bother people as much as discovering it this way does.
There is a vast difference between an app that checks to see if an installed widget came from where it says it had come from (and if not is actually helpful in detecting trojans), and a program that screams back to MSFT whenever it thinks you're not legit in your CD key or whatever.
Of course, that won't stop ignorant folks from spreading the usual FUD...
There is NO difference between an app that checks to see if an installed OS came from where it says it had come from (and if not is actually helpful in detecting trojans), and a program that screams back to Apple whenever it thinks your wiget is not legit or whatever.
Of course, that won't stop ignorant folks from spreading the usual FUD...
Manage updates with the Download App
hours.
Widget's can make operating system calls through the system
extension. Of course they can only do things that the user has
security to do.
Let us imagine there is a privilege execution problem in a low
level command. This is a traditional way to gain control of a Unix
box at a level higher than you are entitled to.
Or easier still, let us imagine a widget that prompts the user to
enter their admin account/password to authorise something that
sounds realistic ('install new version').
Let's also consider that widget's are mostly written in JavaScript
which has a far higher development audience than Objective-C,
and that most people think widgets are fun things that can't do
any harm.
At the simplest level someone could write a widget that just did
an rm * on your iTunes and iMovies collection. It would be your
fault for trusting and running it, and it would not last long
before word go around, but most end users expectation is that a
widget wouldn't do that sort of thing. Psychology is the biggest
thing hackers exploit.
Given all that, perhaps Apple wanted to put in a way to block /
kill bad widgets, without actually announcing a new security tool
for Dashboard. (CNET Headline 'Apple Dashboard Security Flaw'
- a proof of concept Trojan widget has been created by a
security researcher).
hours.
Widget's can make operating system calls through the system
extension. Of course they can only do things that the user has
security to do.
Let us imagine there is a privilege execution problem in a low
level command. This is a traditional way to gain control of a Unix
box at a level higher than you are entitled to.
Or easier still, let us imagine a widget that prompts the user to
enter their admin account/password to authorise something that
sounds realistic ('install new version').
Let's also consider that widget's are mostly written in JavaScript
which has a far higher development audience than Objective-C,
and that most people think widgets are fun things that can't do
any harm.
At the simplest level someone could write a widget that just did
an rm * on your iTunes and iMovies collection. It would be your
fault for trusting and running it, and it would not last long
before word go around, but most end users expectation is that a
widget wouldn't do that sort of thing. Psychology is the biggest
thing hackers exploit.
Given all that, perhaps Apple wanted to put in a way to block /
kill bad widgets, without actually announcing a new security tool
for Dashboard. (CNET Headline 'Apple Dashboard Security Flaw'
- a proof of concept Trojan widget has been created by a
security researcher).
This is a simple user error, nothing else.
No news here people, move along...
the sync pref isn't otherwise available. And it is not the case that
Apple's widget probe only applies to people with .Mac accounts. I
don't think it is a big issue, but it is another example of Apple
treating customers like adolescents.
nicmart's right. It's Apple treating their customers like children, which is where the real "not news" is. Apple is control, always have been, always will be.
This is a simple user error, nothing else.
No news here people, move along...
the sync pref isn't otherwise available. And it is not the case that
Apple's widget probe only applies to people with .Mac accounts. I
don't think it is a big issue, but it is another example of Apple
treating customers like adolescents.
nicmart's right. It's Apple treating their customers like children, which is where the real "not news" is. Apple is control, always have been, always will be.
This feature of 10.4.7 - UNLIKE WGA - only checks on the
validity of third party widgets on your dashboard.
It does not "snoop" on your operating system, record your
keystrokes, or do any other tinfoil hat wearing stupid post which
i'm sure will make its way to this comments section soon
enough.
But hey, don't let that stop you from your 15 minutes of ranting
fame.
Just like WGA, however, Apple did not fully or clearly detail what it is you were downloading, nor the fact it would dial out on a regular basis, nor what it was sending.
You Apple apologist truly know no bounds. Almost any action if vilified or ignored, simply because of who is doing it.
This feature of 10.4.7 - UNLIKE WGA - only checks on the
validity of third party widgets on your dashboard.
It does not "snoop" on your operating system, record your
keystrokes, or do any other tinfoil hat wearing stupid post which
i'm sure will make its way to this comments section soon
enough.
But hey, don't let that stop you from your 15 minutes of ranting
fame.
Just like WGA, however, Apple did not fully or clearly detail what it is you were downloading, nor the fact it would dial out on a regular basis, nor what it was sending.
You Apple apologist truly know no bounds. Almost any action if vilified or ignored, simply because of who is doing it.
<a class="jive-link-external" href="http://blog.wired.com/cultofmac/index.blog?entry_id=1515043" target="_newWindow">http://blog.wired.com/cultofmac/index.blog?entry_id=1515043</a>
<a class="jive-link-external" href="http://blog.wired.com/cultofmac/index.blog?entry_id=1515043" target="_newWindow">http://blog.wired.com/cultofmac/index.blog?entry_id=1515043</a>
It does amply demonstrate, the age of the user's absolute control of his or her computer as an independent entity!, is rapidly coming to an end though!, should either Apple or the monolith like Microsoft gain the upperhand!
It will always remain about free choices and fair use!
It does amply demonstrate, the age of the user's absolute control of his or her computer as an independent entity!, is rapidly coming to an end though!, should either Apple or the monolith like Microsoft gain the upperhand!
It will always remain about free choices and fair use!
<a class="jive-link-external" href="http://www.techknowcafe.com/content/view/551/43/" target="_newWindow">http://www.techknowcafe.com/content/view/551/43/</a>
This is a check for updates. The sort of check almost every
piece of modern software has a feature.
It can be disabled, it doesn't report information to the company,
and there is no reason to have it as such as prominent headline,
except that CNET knows the "controversy" will draw page views.
Whatever. That's the business model of the blog: spread FUD
and get clicks.
This is a check for updates. The sort of check almost every
piece of modern software has a feature.
It can be disabled, it doesn't report information to the company,
and there is no reason to have it as such as prominent headline,
except that CNET knows the "controversy" will draw page views.
Whatever. That's the business model of the blog: spread FUD
and get clicks.
<a class="jive-link-external" href="http://www.techknowcafe.com/content/view/551/43/" target="_newWindow">http://www.techknowcafe.com/content/view/551/43/</a>
This is a check for updates. The sort of check almost every
piece of modern software has a feature.
It can be disabled, it doesn't report information to the company,
and there is no reason to have it as such as prominent headline,
except that CNET knows the "controversy" will draw page views.
Whatever. That's the business model of the blog: spread FUD
and get clicks.
This is a check for updates. The sort of check almost every
piece of modern software has a feature.
It can be disabled, it doesn't report information to the company,
and there is no reason to have it as such as prominent headline,
except that CNET knows the "controversy" will draw page views.
Whatever. That's the business model of the blog: spread FUD
and get clicks.
extension my computer - want to communicate with. Apple did
not offer a choice, but failed to mention that there is a 'phoning
home' feature in OS 10.4.7. If they would have let everybody
know about it, and would have provided their customers with an
option to turn it off, nobody would feel violated. As it stands,
there are going to be an awful lot of unhappy Mac users... very
soon.
extension my computer - want to communicate with. Apple did
not offer a choice, but failed to mention that there is a 'phoning
home' feature in OS 10.4.7. If they would have let everybody
know about it, and would have provided their customers with an
option to turn it off, nobody would feel violated. As it stands,
there are going to be an awful lot of unhappy Mac users... very
soon.
then why stop there? Why not "verify" all the other programs on
your computer? From there it's a slippery slope, with Apple
deciding what programs are worthy of verification, and who is
allowed to create "official" programs for the Mac -- and maybe
even eventually going the way of Nintendo and Sony, requiring
all Mac software to be licensed and shutting out hobbyists,
shutting out shareware, shutting out emulators or any other
programs they object to.
then why stop there? Why not "verify" all the other programs on
your computer? From there it's a slippery slope, with Apple
deciding what programs are worthy of verification, and who is
allowed to create "official" programs for the Mac -- and maybe
even eventually going the way of Nintendo and Sony, requiring
all Mac software to be licensed and shutting out hobbyists,
shutting out shareware, shutting out emulators or any other
programs they object to.
Asking for registration is really quite modest. I really don't have
a problem with Apple wanting to find out who their customers
are.
As the other poster said, you can bypass the process by quitting
(which is not as hidden as you describe since, I think, Quit is
available as a menu choice -- besides command-Q is hardly
undocumented; it's been the way to quit any Mac program since
1984). Or, you can supply phony contact information if it really
bothers you.
Asking for registration is really quite modest. I really don't have
a problem with Apple wanting to find out who their customers
are.
As the other poster said, you can bypass the process by quitting
(which is not as hidden as you describe since, I think, Quit is
available as a menu choice -- besides command-Q is hardly
undocumented; it's been the way to quit any Mac program since
1984). Or, you can supply phony contact information if it really
bothers you.
off. In case people are paranoid about clicking links (I am when
using a winblows box), the instructions are as follows:
1. Open Terminal.
2. sudo mv /etc/mach_init.d/dashboardadvisoryd.plist /etc
mach_init.d/ dashboardadvisoryd.plist.disabled
3. Reboot.
Not so bad. Ever go through removing that WGD (Winblows
Genuine DISadvantage) trash from your system before? I have,
let's just say it's not quite so easy.
Since we're comparing this to WGD, would someone mind telling
me how Apple could use this to disable your system? That's what
ticked me off about WGD - I couldn't use my own computer for a
few days until I called M$ and read them a bunch of useless
numbers, then entered another bunch of useless numbers. And
for those who figure I'm a nefarious type, no my XP license isn't
in question (it's perfectly legal) and no I haven't upgraded
anything on my box in years (same processor, memory,
motherboard, HD, etc). WGD literally locked up my computer
because my firewall prevented it from phoning home upon
installation (it can be argued that's my fault, since I blocked it). I
seriously doubt Apple could do the same with this.
That said, this wasn't a good move for Apple to say the least. I
wish these companies would learn to come clean about stuff like
this, it wouldn't bother people as much as discovering it this way
does.
off. In case people are paranoid about clicking links (I am when
using a winblows box), the instructions are as follows:
1. Open Terminal.
2. sudo mv /etc/mach_init.d/dashboardadvisoryd.plist /etc
mach_init.d/ dashboardadvisoryd.plist.disabled
3. Reboot.
Not so bad. Ever go through removing that WGD (Winblows
Genuine DISadvantage) trash from your system before? I have,
let's just say it's not quite so easy.
Since we're comparing this to WGD, would someone mind telling
me how Apple could use this to disable your system? That's what
ticked me off about WGD - I couldn't use my own computer for a
few days until I called M$ and read them a bunch of useless
numbers, then entered another bunch of useless numbers. And
for those who figure I'm a nefarious type, no my XP license isn't
in question (it's perfectly legal) and no I haven't upgraded
anything on my box in years (same processor, memory,
motherboard, HD, etc). WGD literally locked up my computer
because my firewall prevented it from phoning home upon
installation (it can be argued that's my fault, since I blocked it). I
seriously doubt Apple could do the same with this.
That said, this wasn't a good move for Apple to say the least. I
wish these companies would learn to come clean about stuff like
this, it wouldn't bother people as much as discovering it this way
does.
Of course, that won't stop ignorant folks from spreading the usual FUD...
Of course, that won't stop ignorant folks from spreading the usual FUD...