Apple's Operating Systems are Malware | This will blow your mind

submitted by christnmusicreleases from gnu.org

all 9 comments
sorted by:
top
newinsightfulfun

[–]Trajan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (8 children)

Posting in parts because my post was too long for Saidit's limits.

Before I go through this, it's important to understand what Malware is. Malware is software intentionally designed to perform malicious actions against the software or the user. Keep that in mind as I go through this GNU fanatic's mostly nonsense and occasionally insightful screed.

Apple appears to say that there is a back door in MacOS for automatically updating some (all?) apps. The specific change described in the article was not malicious—it protected users from surveillance by third parties—but that is a separate question.

Which happens if the option to 'install system data files and security updates' is selected. Hardly a back door. It's a security update mechanism that can be switched off. Granted it could be abused to silently install software, but no more so than regular software updates could be used to hide undocumented code. Where is the malicious intent and the damage?

The Dropbox app for Macintosh takes control of user interface items after luring the user into entering an admin password.

Dropbox isn't part of the operating system. It's pretty sleazy that Dropbox does this, and it seems a flaw that macOS doesn't properly prompt the user as to why they are providing admin permissions, and I don't know why those permissions persist on reboot for Dropbox to put itself back in. Whatever the case, there's no clear intent for the OS to cause damage.

Mac OS X had an intentional local back door for 4 years, which could be exploited by attackers to gain root privileges.

The article to which they link says 'The intention was probably to serve the “System Preferences” app and systemsetup (command-line tool), but any user process can use the same functionality.' I agree. It's more a bug that this was available beyond System Preferences and systemsetup. The main criticism I'd see is that it took too long to fix this local exploit.

The iPhone has a back door for remote wipe. It's not always enabled, but users are led into enabling it without understanding.

This is Exchange. They talk about it as if it's just email, but it's an MDM solution. Anybody using Exchange on a device (including Android) should be aware of this and understand what they're enabling. It is the responsibility of the employer to inform users of the consequences of enabling an MDM system on personal devices. How is it malicious intent to provide support for an MDM system that a user (or their employer) must then knowingly enable? See https://docs.microsoft.com/en-us/mem/configmgr/mdm/deploy-use/manage-mobile-devices-with-exchange-activesync

[–]christnmusicreleases[S] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (5 children)

Malware is software intentionally designed to perform malicious actions against the software or the user.

Apple software is software intentionally designed to perform malicious actions against the user. Such actions including spying, totalitarian control of information and device usage, and leaving backdoors open to agencies and hackers in the know. Furthmore, Apple works in collusion with other software and hardware providers to do these things and worse. And that's just the tip of the iceberg, I encourage everyone to actually read the article instead of just the comments.

[–]Trajan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

I definitely encourage people to read the article, including its sources. I also encourage people to do some research. Finally, I’d encourage them to read your post and note the number of arguments made in support of that barrage of claims you just made. Reading your arguments will not take long.

Most of all, I’d encourage people to read-up on malware and then see how many of the issues claimed fit the common understanding of the term.

[–]Trajan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Seriously, you think this nonsense makes sense? Here's one last bit of fun one I noticed because I forgot to close the window:

iThings automatically upload to Apple's servers all the photos and videos they make. iCloud Photo Library stores every photo and video you take, and keeps them up to date on all your devices. Any edits you make are automatically updated everywhere. […]

Yes, if you choose to enable iCloud Photos. By the same logic Backblaze is malware because it backs-up anything I put on my hard drive. By this definition any standard implementation of IMAP is malware.

There is a way to deactivate iCloud, but it's active by default so it still counts as a surveillance functionality.

Yes, it's called not creating an Apple ID. Another option is to simply disable any features you don't want.

Unknown people apparently took advantage of this to get nude photos of many celebrities. They needed to break Apple's security to get at them, but NSA can access any of them through PRISM.

From what I read of that, leaks were people not using two-factor. That's stupid for any online system that offers it. Some porn sites starting using the 'iCloud leak' because it got people interested even if the images didn't come from iCloud. The article they link for PRISM doesn't even mention iCloud.

[–]Trajan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

Seriously, you think this nonsense makes sense? Here's one last bit of fun one I noticed because I forgot to close the window:

iThings automatically upload to Apple's servers all the photos and videos they make. iCloud Photo Library stores every photo and video you take, and keeps them up to date on all your devices. Any edits you make are automatically updated everywhere. […]

Yes, if you choose to enable iCloud Photos. By the same logic Backblaze is malware because it backs-up anything I put on my hard drive.

There is a way to deactivate iCloud, but it's active by default so it still counts as a surveillance functionality.

Yes, it's called not creating an Apple ID. Another option is to simply disable any features you don't want.

Unknown people apparently took advantage of this to get nude photos of many celebrities. They needed to break Apple's security to get at them, but NSA can access any of them through PRISM.

From what I read of that, leaks were people not using two-factor. That's stupid for any online system that offers it. Some porn sites starting using the 'iCloud leak' because it got people interested even if the images didn't come from iCloud. The article they link for PRISM doesn't even mention iCloud.

Just list one thing that would be malware as understood by anybody in the industry outside of the GNU collective. Provide sources and/or evidence. Just one piece of evidence of software/hardware that fits the definition normal people use. Change my mind.

[–]christnmusicreleases[S] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (1 child)

I shouldn't need to deactivate malware. It shouldn't exist.

Most of all don't buy Crapple or any other mainstream vendor.

[–]Trajan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Yes, comrade.

[–]Trajan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

The iPhone has a back door that allows Apple to remotely delete apps which Apple considers “inappropriate”. Jobs said it's OK for Apple to have this power because of course we can trust Apple.

The ability to remotely delete an application, with no way for the user to opt-out, is more controversial and I agree that there should be concerns here. That said, this comes from something Steve Jobs said, and the intention does not appear to be malicious. The intention is to be able to remotely remove malicious software that made it through the approvals process. This feature does not fit the definition of malware.

Apple mainly uses iOS, which is a typical jail, to impose censorship through the Apple Store. Please refer to the Apple Jails section for more information.

Yeah, that's the deal with iOS. No side-loading of software, so all software will need to be approved. That does raise concerns particularly given the Californian tech cult's tendency towards authoritarian leftist politics.

Apple is putting DRM on iPhone batteries, and the system proprietary software turns off certain features when batteries are replaced other than by Apple.

Probably referring to the disabling of the battery health features and advises you to seek service. The battery still works. iPhones are not made to have some guy in a random kiosk open it up and stick-in a no-name Chinese battery. Batteries are highly variable and finicky things. I don't see malicious intent here. I would more likely see malicious intent if the iPhone simply bricked itself if it couldn't confirm a genuine Apple battery.

DRM makes the iPhone 7 nearly unrepairable by anyone else but Apple.

iPhones are not sold as being user serviceable. If you're buying hardware with the wish to tinker with it or have it repaired at a random kiosk then you're doing it wrong.

Apple uses DRM software to prevent people from charging an iThing with a generic USB cable.

Yes, they use a proprietary connector, and the lightning cable has a chip in there that confirms it's a legit cable. Hardly fitting the definition of malware.

DRM (digital restrictions mechanisms) in MacOS. This article focuses on the fact that a new model of Macbook introduced a requirement for monitors to have malicious hardware, but DRM software in MacOS is involved in activating the hardware. The software for accessing iTunes is also responsible.

Mini Display Port implements HDMI, including HDCP. While DRM inherently creates an inferior product due to reduced functionality, only a GNU fanatic would consider it to be malware. Anybody unhappy with content requiring HDCP should address their complaints to the publishers who require it.

DRM that caters to Bluray disks. (The article focused on Windows and said that MacOS would do the same thing subsequently.)

Same as above. AACS is driven by publishers. If you don't implement it in hardware/software, the content won't work.

[–]Trajan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

iTunes videos have DRM, which allows Apple to dictate where its customers can watch the videos they purchased.

No, it doesn't. It controls where the videos can be purchased based on the billing address of the payment method. Once bought the content can be played elsewhere. Even if true, and it's not, how would this be malware?

In MacOS and iOS, the procedure for converting images from the Photos format to a free format is so tedious and time-consuming that users just give up if they have a lot of them.

At least in macOS I can only assume the writer was wearing oven gloves while trying to do this. Here are ways of doing this, and you can judge the difficulty of them:

  1. View photo, copy, open Preview, File -> New from Clipboard. Save (JPEG is default).
  2. Select multiple photos, File->Export (JPEG is default), choose a location and save.

In their defence, they may have written this article a while back when things were different. Either way, it's not malware by any sense understanding of the term.

Apple devices lock users in solely to Apple services by being designed to be incompatible with all other options, ethical or unethical.

So Steam, Drop Box, FaceBook, and Spotify are Apple services? Not malware.

iWork (office software that runs on MacOS, iOS and iCloud) uses secret formats and provides no means of converting them to or from Open Document Formats. iWork formats have changed several times since they were first introduced. This may have had the effect of thwarting reverse engineering efforts, thus preventing free software from fully supporting them.

Proprietary formats are not malware, you maniac!

iWork formats are considered unfit for document preservation.

Document preservation should use open formats, obviously. That a format is proprietary and not suited to document preservation doesn't make it malware.

A series of vulnerabilities found in iOS allowed attackers to gain access to sensitive information including private messages, passwords, photos and contacts stored on the user's iMonster.

The deep insecurity of iMonsters is even more pertinent given that Apple's proprietary software makes users totally dependent on Apple for even a modicum of security. It also means that the devices do not even try to offer security against Apple itself.

By this definition GCC is malware.

A vulnerability in Apple's Image I/O API allowed an attacker to execute malicious code from any application which uses this API to render a certain kind of image file.

A bug in the iThings Messages app allowed a malicious web site to extract all the user's messaging history.

Malware requires intent. Security vulnerability != malware.

The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry. While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are lots of bugs in the phones' radio software.

Bugs are not malware. There are lots of bugs in GCC as well as all GNU software. The notion of a universal backdoor is completely speculative and based on little evidence beyond a book written by a former British Ambassador from about 15 years ago.

Apple plans to require that all application software for MacOS be approved by Apple first.

Speculation, although I would certainly switch to FreeBSD or OpenBSD full-time if this were to happen. Not malware.

Offering a checking service as an option could be useful and would not be wrong. Requiring users to get Apple's approval is tyranny. Apple says the check will only look for malware (not counting the malware that is part of the operating system), but Apple could change that policy step by step. Or perhaps Apple will define malware to include any app that China does not like.

Kind of ironic that the author complains that Apple might define malware to suit their needs while that being the entire basis of this article. Yes, it could introduce risk, given Californian tech's love affair with authoritarian leftism.

iOS, the operating system of the Apple iThings, is the prototype of a jail. It was Apple that introduced the practice of designing general purpose computers with censorship of application programs.

It's a phone. You don't by an iPhone to hack. Having a locked-down system is not malware.

Here is an article about the code signing that the iThings use to lock up the user.

Code signing isn't malware. It's authenticating software and ensuring it hasn't been modified. By their logic a checksum is proto-malware.

Curiously, Apple is beginning to allow limited passage through the walls of the iThing jail: users can now install apps built from source code, provided the source code is written in Swift. Users cannot do this freely because they are required to identify themselves. Here are details. While this is a crack in the prison walls, it is not big enough to mean that the iThings are no longer jails.

It's an iPhone. Don't buy an iPhone as a place where you can run your own software. This limitation isn't malware.

Apple has banned the app that Hong Kong protesters use to communicate.

While a great example of authoritarianism, it's not malware. Censorship is a big problem with Californian tech.

Apple censors the Taiwan flag in iOS on behalf of the Chinese government. When the region is set to Hong Kong, this flag is not visible in the emoji selection widget but is still accessible. When the region is set to mainland China, all attempts to display it will result in the “empty emoji” icon as if the flag never existed.

While this is pandering to China, how the fuck is not including a Taiwanese flag malware?

Users caught in the jail of an iMonster are sitting ducks for other attackers, and the app censorship prevents security companies from figuring out how those attacks work.

I'd agree that security through obscurity is not a good strategy. Not malware.

It was at this point I got bored of going through this shit. What good points the author makes are lost in a sea of GNU fundamentalist nonsense. Nothing they describe is malware, and they weaken their argument by trying to frame everything they dislike (e.g. DRM, proprietary systems, censorship) under that term.