you are viewing a single comment's thread.

view the rest of the comments →

[–]Trajan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (3 children)

Posting in parts because my post was too long for Saidit's limits.

Before I go through this, it's important to understand what Malware is. Malware is software intentionally designed to perform malicious actions against the software or the user. Keep that in mind as I go through this GNU fanatic's mostly nonsense and occasionally insightful screed.

Apple appears to say that there is a back door in MacOS for automatically updating some (all?) apps. The specific change described in the article was not malicious—it protected users from surveillance by third parties—but that is a separate question.

Which happens if the option to 'install system data files and security updates' is selected. Hardly a back door. It's a security update mechanism that can be switched off. Granted it could be abused to silently install software, but no more so than regular software updates could be used to hide undocumented code. Where is the malicious intent and the damage?

The Dropbox app for Macintosh takes control of user interface items after luring the user into entering an admin password.

Dropbox isn't part of the operating system. It's pretty sleazy that Dropbox does this, and it seems a flaw that macOS doesn't properly prompt the user as to why they are providing admin permissions, and I don't know why those permissions persist on reboot for Dropbox to put itself back in. Whatever the case, there's no clear intent for the OS to cause damage.

Mac OS X had an intentional local back door for 4 years, which could be exploited by attackers to gain root privileges.

The article to which they link says 'The intention was probably to serve the “System Preferences” app and systemsetup (command-line tool), but any user process can use the same functionality.' I agree. It's more a bug that this was available beyond System Preferences and systemsetup. The main criticism I'd see is that it took too long to fix this local exploit.

The iPhone has a back door for remote wipe. It's not always enabled, but users are led into enabling it without understanding.

This is Exchange. They talk about it as if it's just email, but it's an MDM solution. Anybody using Exchange on a device (including Android) should be aware of this and understand what they're enabling. It is the responsibility of the employer to inform users of the consequences of enabling an MDM system on personal devices. How is it malicious intent to provide support for an MDM system that a user (or their employer) must then knowingly enable? See https://docs.microsoft.com/en-us/mem/configmgr/mdm/deploy-use/manage-mobile-devices-with-exchange-activesync

[–]christnmusicreleases[S] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (2 children)

Malware is software intentionally designed to perform malicious actions against the software or the user.

Apple software is software intentionally designed to perform malicious actions against the user. Such actions including spying, totalitarian control of information and device usage, and leaving backdoors open to agencies and hackers in the know. Furthmore, Apple works in collusion with other software and hardware providers to do these things and worse. And that's just the tip of the iceberg, I encourage everyone to actually read the article instead of just the comments.

[–]Trajan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

I definitely encourage people to read the article, including its sources. I also encourage people to do some research. Finally, I’d encourage them to read your post and note the number of arguments made in support of that barrage of claims you just made. Reading your arguments will not take long.

Most of all, I’d encourage people to read-up on malware and then see how many of the issues claimed fit the common understanding of the term.

[–]Trajan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Seriously, you think this nonsense makes sense? Here's one last bit of fun one I noticed because I forgot to close the window:

iThings automatically upload to Apple's servers all the photos and videos they make. iCloud Photo Library stores every photo and video you take, and keeps them up to date on all your devices. Any edits you make are automatically updated everywhere. […]

Yes, if you choose to enable iCloud Photos. By the same logic Backblaze is malware because it backs-up anything I put on my hard drive. By this definition any standard implementation of IMAP is malware.

There is a way to deactivate iCloud, but it's active by default so it still counts as a surveillance functionality.

Yes, it's called not creating an Apple ID. Another option is to simply disable any features you don't want.

Unknown people apparently took advantage of this to get nude photos of many celebrities. They needed to break Apple's security to get at them, but NSA can access any of them through PRISM.

From what I read of that, leaks were people not using two-factor. That's stupid for any online system that offers it. Some porn sites starting using the 'iCloud leak' because it got people interested even if the images didn't come from iCloud. The article they link for PRISM doesn't even mention iCloud.