TidBITS#935/30-Jun-08 ===================== Issue link: Are you concerned about the safety and security of your data? We are, and this week's issue proves it. First, defense: Rich Mogull tells you how to protect yourself from new Mac OS X Trojan horses that have recently appeared. Next, offense: Joe Kissell, having just released major updates to his best-selling "Take Control of Mac OS X Backups" and "Take Control of Easy Backups in Leopard" ebooks, looks at the surprisingly robust state of backup software - 90-plus programs! - and discovers first-hand how that preparation is useful after his MacBook Pro dies. In other news, we cover the appearance of Mac OS X 10.5.4, critical updates for Microsoft Office 2008 and Office 2004, and the release of Mac configuration software for Linksys gateways. In the TidBITS Watchlist, we note the releases of Apple's Pro Applications Update 2008-02 and Final Cut Server Update 1.1, Mars Edit 2.1.4, Keyboard Maestro 3.2, Dejal Simon 2.4.1, and Adobe Acrobat 9 Pro. Lastly, Adam and Tonya decide to try this "vacation" thing their friends have been raving about, so our next issue will be 14-Jul-08, though we'll keep publishing on our Web site. Articles TidBITS Issue Hiatus for 07-Jul-08 Mac OS X 10.5.4 and Security Update 2008-004 Fix Bugs Critical Updates for Microsoft Office 2008 and 2004 Linksys Gateways Gain Mac Configuration Software Take Control News: Better Backups with New Ebooks and Free Content The Hole in My Backup Plan How to Protect Yourself from the New Mac OS X Trojans The Evolving World of Mac Backup Software TidBITS Watchlist: Notable Software Updates for 30-Jun-08 Bonus Stories for 30-Jun-08 Hot Topics in TidBITS Talk/30-Jun-08 ------------ This issue of TidBITS sponsored in part by: -------------- * READERS LIKE YOU! Support TidBITS with a contribution today! Special thanks this week to Howard Turetzky, Jim Carr, Mark Franklin, and Jerry Keller for their generous support! * Fetch Softworks: Fetch 5.3 makes FTP and SFTP easy! Upload, download, mirror, and manage your Web site. Dozens of new features to make file transfers easier and more reliable. Get your free trial version at ! * WebCrossing Neighbors Creates Private Social Networks Create a complete social network with your company or group's own look. Scalable, extensible and extremely customizable. Take a guided tour today * MARK/SPACE, INC: Take it with you! The Missing Sync makes it easy to synchronize contacts, calendars, notes, photos and more from your Mac to your BlackBerry, Palm OS, or Windows Mobile phone. * VMware Fusion. The most seamless way to run Windows on your Mac. Backed by nearly a decade of proven virtualization technology. Try VMware Fusion today for free, or order online for only $79. Visit: * Make friends and influence people by sponsoring TidBITS! Put your company and products in front of tens of thousands of savvy, committed Macintosh users who actually buy stuff. More information: ---------- Help support TidBITS by supporting our sponsors ------------ TidBITS Issue Hiatus for 07-Jul-08 ---------------------------------- by Adam C. Engst article link: Although the other hard-working members of the TidBITS staff will continue to be writing and editing articles over the next few weeks, Tonya and I will be taking some time for - gasp! - a summer vacation. We've heard that these "vacations" are all the rage, and we've been curious to see what they're like, so we'll be wrapping up this week and then spending the next few weeks peregrinating around in the UK. We'll mostly be visiting castles in Wales, since Tristan is a major Welsh castle buff and has planned much of our itinerary around his favorites, with a few days in Portsmouth to see Admiral Nelson's ship HMS Victory. (Several years ago, when he was engrossed in naval history, Tristan dressed as Admiral Nelson for Halloween, a costume that required constant explanation, given how few Americans know of Nelson's victory at the Battle of Trafalgar.) The practical upshot of this family vacation is that there will be no email issue of TidBITS on 07-Jul-08, since I'll be on a plane, and Glenn and Joe and Jeff can use a break from the extra effort of putting out the issue after all the ebooks they've written and edited over the last few weeks. They'll still be posting articles on our Web site, though, and assuming all goes well, the next email issue should appear on 14-Jul-08. Tonya and I should have sporadic email access while we're away, but don't expect much in the way of quick replies until the week of July 21st, when I'll start digging out. Mac OS X 10.5.4 and Security Update 2008-004 Fix Bugs ----------------------------------------------------- by Jeff Carlson article link: Apple released Mac OS X 10.5.4 today, a bug-fix update that touches on several areas. Recent security updates are included (though the recent ARDAgent vulnerability has not yet been addressed; see "How to Protect Yourself from the New Mac OS X Trojans," 2008-06-25). If you want to take advantage of the security updates without installing the operating system update, you can download Security Update 2008-004 for Intel (128 MB) and PowerPC (80 MB); security updates for Mac OS X 10.5 Server are also available for Intel (165 MB) and PowerPC (127 MB). Designers will be relieved to discover that a problem with saving and reopening Adobe Creative Suite 3 files located on remote servers has been resolved. A pair of AirPort fixes deal with reliability of 5 GHz networks and poor performance when using Logic Studio or MainStage. According to Apple's release notes, iCal sees the most improvements, such as resolving problems when deleting events, copying and pasting attendees between events, and reliability of shared meetings. Fixes in Safari center on improving performance and solving problems loading secure Web pages. Apple is still grappling with the way Spaces operates, fixing a problem where the Finder would become the active application when switching to a space instead of the program residing in that space, as well as an issue dealing with assigning applications to spaces in the Spaces preference pane. This update also includes a number of new security fixes, including major updates to patch recent vulnerabilities discovered in the Ruby programming language. Two fixes close holes that could allow an attacker to take over your computer if you were to visit a malicious Web site using Safari. One of those vulnerabilities is exploitable only if you have the Safari preference to "Open 'safe' files after downloading" set - this is a valuable reminder to disable that preference in Safari's General preference pane. The Mac OS X 10.5.4 update also adds raw format support for more cameras, fixes a problem where X11 may not be completely installed, and improves L2TP VPN client reliability. The update is available via Software Update or as standalone downloads: Mac OS X 10.5.4 Update (88 MB); Mac OS X 10.5.4 Combo Update (561 MB); Mac OS X Server 10.5.4 Update (133 MB); Mac OS X Server Combo 10.5.4 Update (677 MB). Critical Updates for Microsoft Office 2008 and 2004 --------------------------------------------------- by Adam C. Engst article link: We've been waiting for these! The just-released Microsoft Office 2008 for Mac 12.1.1 Update fixes a variety of troublesome bugs, some introduced in the previous update. And, the Microsoft Office 2004 for Mac 11.5.0 Update fixes some crashing bugs, improves compatibility with Mac OS X 10.5 Leopard, and includes all the updates previously released for Office 2004, so new installations of Office 2004 don't have to be updated 19 times to be brought up to date. **Office 2008 Changes** -- Most notably (from my perspective, anyway), Word and Excel documents downloaded from the Web or attached to email messages will now open when double-clicked. Yay! This has been driving me bonkers whenever I tried to open a Word file attached to an email message in Eudora. Also fixed in Word 2008 is a bug that would cause spaces to be lost when opening a document created in or saved by Word 2008 or Word 2007 in Windows - I didn't run into that one, thankfully. Other fixes preserve items in Notebook Layout documents when the document is converted from .docx to .doc, preserve font size settings for text in tables, and address a problem in saving .doc documents that contain an Area or Filled Radar chart. Excel 2008 also features numerous improvements, including accepting international decimal separators for error bars, no longer duplicating embedded movies when workbooks are saved in .xls format, and improving PivotTable reports. Excel's reliability has been enhanced in a variety of situations, such as when chart data is updated, when you reference or link to a sheet name that resembles a cell reference, and at times when you calculate or edit a formula. PowerPoint 2008 and Entourage 2008 see fewer changes. This update fixes a problem that would cause PowerPoint to take a long time to open presentations that use certain fonts, and also fixes a nasty bug that would cause Entourage to crash when you wake the Mac from sleep. The Microsoft Office 2008 for Mac 12.1.1 Update requires Mac OS X 10.4.9 or later, and that you have already installed the Microsoft Office 2008 for Mac Service Pack 1 (see "Microsoft Fixes Office 2008 Bugs, Announces VBA Return," 2008-05-19). It's a 153.3 MB download, and is available from Microsoft's Web site or via the Microsoft AutoUpdate utility launched by choosing Check for Updates from any Office 2008 application. Once again, kudos to Microsoft for excellent release notes. **Office 2004 Changes** -- For Office 2004, which Microsoft appears to be maintaining more actively than is usual for a previous release, the 11.5.0 update improves compatibility with documents in the Open XML format used by Office 2008 and Office 2007 in Windows, and it also fixes a problem whereby the installer would find copies of Office backed up by Time Machine. In Word 2004, Microsoft fixed a number of crashing bugs, including several that could occur during typical operation, one that could happen when you pasted content from an Office 2008 document into Word 2004, and one that kicked in when getting the properties of a hyperlink via AppleScript. Other fixes include improved text display when you change the size of table columns and cosmetic improvements to the Page Setup dialog in Leopard. Similarly, Excel 2004 receives fixes for errors when pasting data from Excel 2008; for crashing bugs related to opening workbooks containing a shape, a SmartArt graphic, or a text box created in Excel 2008 or Excel 2007; for saving paper sizes for documents saved in both Excel 2004 and Excel 2008; and for the inability to open Excel 2007 documents via the Open dialog. Finally, the update fixes a problem in PowerPoint 2004 that could cause crashes when opening presentations with a large number of slides, or when pasting content from an open Office 2008 application running on an Intel-based Mac into a PowerPoint 2004 presentation. The Microsoft Office 2004 for Mac 11.5.0 Update requires Mac OS X 10.2.8 or later, and as I noted previously, includes all previous Office 2004 updates. It's a 58.9 MB update, and is available either via the Office 2004 version of Microsoft AutoUpdate or as a standalone download. Linksys Gateways Gain Mac Configuration Software ------------------------------------------------ by Glenn Fleishman article link: Long-time Wi-Fi and broadband gateway maker Linksys, a division of Cisco, has finally started to embrace Mac users fully. The company announced that it has released its Linksys EasyLink Advisor (LELA) for Mac OS X 10.4 and 10.5. I've used this software under Windows, and it's a huge improvement over the alternative for Mac users: setting up a Linksys router through its Web-based configuration system. With LELA, you install the software, launch it, and it walks you through the steps necessary to set up an administrative password to control access to the router's configuration, a Wi-Fi password to control access to the network, and any ISP-related details needed for Internet connectivity. Initially, LELA works only with a handful of Linksys's most popular current and new Wi-Fi gateways, such as the 802.11g-based WRT54G2 and the dual-band WRT600N. The WRT600N can serve traffic simultaneously over 2.4 and 5 GHz Wi-Fi connections using any combination of 802.11a, b, g, and n, with gigabit Ethernet for backhaul. The full list of currently supported devices is: * WRT54G2 Wireless-G Broadband Router * WRT110 RangePlus Wireless Router * WRT160N Ultra RangePlus Wireless-N Broadband Router * WRT310N Wireless-N Gigabit Router * WRT600N Dual-Band Wireless-N Gigabit Router with Storage Link If you own one of these routers, visit the LELA page, find your product, follow the link for "Setup Wizard (Mac OS 10.4 or higher)" under the More Information area of the product page, and download LELA. You may also need to download the software if you buy a router in the near future and don't find the Mac software on the included CD-ROM. Take Control News: Better Backups with New Ebooks and Free Content ------------------------------------------------------------------ by Adam C. Engst article link: When Joe Kissell set out to revise "Take Control of Mac OS X Backups" to create a third edition that would cover both Mac OS X 10.4 Tiger and 10.5 Leopard, he realized that he faced the Herculean task of listing all known Mac backup programs, along with notes about their features. The category of Mac backup applications has exploded of late: what had been a long appendix became impossible to keep updated long enough to produce an ebook and call it "up-to-date." We have solved that problem by posting the information for free on our Web site, creating what has to be the largest compilation of Mac backup applications - currently 90 different programs. Because the information is in HTML on the Web, rather than in PDF, Joe should stand a chance at keeping it reasonably updated. We also posted about 20 book pages of instructions for working with the current version of Retrospect, still one of the most feature-rich backup programs available (but slated for replacement by a rewritten version later this year). If you want a comprehensive look at all that's changed in the backup world recently, turn to the third edition of our best-selling "Take Control of Mac OS X Backups," in which Joe helps readers go beyond the false security of turning on Time Machine or copying a few files to CD. You'll find an at-a-glance comparison of different backup strategies (low-cost, easy, safest), along with extra advice for backing up digital photos and massive video projects. You'll learn the pros and cons of each type of backup media, including hard disk, Time Capsule, Internet backup service, optical disc, and more; discover how to pick the best backup software for your needs; and find time-tested recommendations for setting up, testing, and maintaining backups, complete with essential instructions for restoring after a crash. Covers Tiger and Leopard. 186 pages. $15. For those overwhelmed by all the backup possibilities, version 1.1 of Joe's "Take Control of Easy Backups in Leopard" teaches you the fastest and easiest way to create a complete Leopard backup system - including archives, an all-important bootable duplicate, and an offsite backup - from which you can restore your data after an accident or disaster. Joe helps you identify the backup hardware that best matches your needs and budget (including a look at Time Capsule - Apple's new backup appliance), and he provides instructions for using Time Machine as well as alternatives for eight cases where Time Machine won't provide the backups you need. Joe walks you through every step of the way, from setting up your backup drive or Time Capsule to explaining how to recover your precious data in case of a deleted or corrupted file, a dead drive, or a stolen laptop. 96 pages. $10. If you've already purchased one of these titles, check your email or open your existing PDF and click Check for Updates on the cover for information about upgrade discounts or free downloads. The Hole in My Backup Plan -------------------------- by Joe Kissell article link: A couple of weeks ago, my 17-inch MacBook Pro, which has been my primary computer for the last year, stopped working. I know a thing or two about troubleshooting, and I tried all the tricks I could think of, but the problem appeared not to involve the hard disk, RAM, NVRAM, PMU, or any other component my ministrations could affect. My Mac was showing the signs of having a logic board defect, and since I couldn't even boot from a CD without a kernel panic, it was necessary to put my Mac in the hands of professionals for repair. The timing couldn't have been worse, as I was simultaneously pushing to meet several major writing deadlines, trying to spend time with family visiting from out of town, and preparing to move to a new apartment! And this little crisis has highlighted a deficiency - or maybe a few deficiencies - in what I thought was an excellent backup plan. Being without my main computer this long (I hope to get it back this week) has been excruciating, and as a public service I'd like to explain why that is. First, I want to be very clear about the fact that I follow my own advice. Of course I have multiple backups of my data, including a bootable duplicate. I also have AppleCare for this laptop, so even though it was a couple of weeks past the end of its standard 1-year warranty, I knew that any potentially expensive repairs would be covered. (And yes, that coverage extends here to France even though I bought the computer in the United States.) I also have two other Macs here (and my wife has a third), so there are other Macs I can use in the interim. However, apart from all the hours I've had to spend troubleshooting and dealing with the repair, the biggest problem has been that none of these other Macs comes close giving me the capabilities of my MacBook Pro, which has a 2.4 GHz Intel Core 2 Duo processor, 4 GB of RAM, a 250 GB hard disk, and a 1920-by-1200-pixel display. The other Macs I have at my disposal are two PowerBook G4s (including the 1 GHz TiBook on which I'm now typing this) and the Intel-based Mac mini that's our media server (and whose only display is a standard-definition TV). All of these have significant problems as backup machines, but I'd never realized this was the case because I'd never had to rely on them completely. Here's what I found: * Given my line of work, I regularly rely on software that runs only on Intel-based Macs (such as virtualization programs). That fact alone means I can't get some of my crucial work done on either of the PowerBooks. And even some universal binary applications, like Microsoft Office 2008, are at times painfully slow on a G4. * Although my Mac mini has an Intel processor, it's slow and has half the RAM of my MacBook Pro - it's better than nothing, but still not enough. (It's also normally busy doing other important tasks, such as functioning as a backup server, so it's problematic to switch to it for any length of time.) * Because there's no stand-alone, high-resolution monitor in the house, I'm also constrained to working with a much smaller screen than I'm accustomed to, and that seriously reduces my productivity. * Much of my work involves testing software - which means I need to be able to have a reliable Mac to use for writing and other essential tasks, while testing risky or time-consuming programs and procedures on a less-critical computer. Having my most reliable and useful computer disappear from the mix is debilitating. * Apart from the issue of sheer processor speed, the limited RAM in my other computers makes it impractical to run as many applications at once as I normally do, further reducing my efficiency. * I hadn't installed all my important software separately on the PowerBook or Mac mini or synchronized my most essential files (as there had never been a need to do so), meaning that I had to jump through some extra hoops just to get back to work. To be sure, I could boot one of our other Macs from the duplicate of my MacBook Pro's drive. But for a variety of reasons, that makes my work awkward, especially since the capabilities and configuration of the MacBook Pro are so much different from those of the other Macs. So what's the lesson to be learned from all this? Honestly, I'm not yet entirely sure. It would be easy enough to say I should have had a backup computer with as much (or nearly as much) oomph as my main computer, but I can't afford that, and for the 99 percent of my time that my main Mac is working, it would be overkill. I'd like to make the argument that we now clearly _need_ a high-definition TV - you know, just so we have a decent monitor to use in emergencies! - but that could cost more than a new Mac. I'm leaning toward the opinion that, at the very least, I should buy new Macs a _bit_ more frequently (again, finances permitting) so that my previous computer is still recent enough to do real, demanding work. Needless to say, your mileage may vary. You may suffer much less inconvenience, or much more, to be without your main Mac - or your only Mac - for a couple of weeks. I can't make a good general-purpose suggestion about having a backup Mac available, but this experience has made me aware of an entirely new set of issues to think about when considering what's needed to stay up and running when trouble strikes. How to Protect Yourself from the New Mac OS X Trojans ----------------------------------------------------- by Rich Mogull article link: [Editor's note: this article initially recommended changing the permissions of ARDAgent to block the vulnerability, an approach that has been proposed by other sites as well. Our testing revealed that this approach may be insufficient, so we only recommend removing the ARDAgent as detailed below.] One of the downsides of increased attention to computer security is that whenever a new vulnerability or attack technique appears, we, the humble users, face an onslaught of hyperbole from the press, security vendors, and bad guys themselves. This is especially true with Apple products, where we face the triple threat of security vendors trying to sell products to a disinterested community that usually doesn't need them, a press always eager to knock Apple down a notch, and bad guys looking to build their reputations at Apple's expense. In such a maelstrom of information it is often difficult for average users to separate the truth from the hype, evaluate their personal risk, and take defensive actions. We watched this cycle kick into full gear during the past couple of weeks, starting with the announcement of a new Mac OS X vulnerability on 18-Jun-08 over at Slashdot. Soon after the unpatched vulnerability was disclosed the major Mac antivirus vendors updated their products and issued press releases to draw attention to the problem. It's an unfortunate truth that fear and bad news are effective sales tools for security products. By the next day, the first reports of this vulnerability being used in exploits appeared, followed by various news stories, additional alerts from security vendors, and new exploits from the bad guys. But what's the real risk to users? The good news is, based on the nature of the vulnerability, the risk is low - but the bad news is that this kind of attack could become more serious. As usual, Apple will need to patch this one quickly. This particular vulnerability is what we call "local privilege escalation." It enables a user of a system to escalate their rights to "root," which allows full control over the system. Thus, even if you are running as a regular user or in a guest account, exploiting this vulnerability allows you to escalate your rights to run without restriction. In this case, the Apple Remote Desktop agent (ARDAgent) uses a technique called SUID to run things as root. It's a common programming technique on Unix systems, but one that often creates security problems. In this case, ARDAgent supports AppleScript, including the command to run other programs, which then run as root. Simply running the AppleScript command osascript -e 'tell app "ARDAgent" to do shell script "reallybadstuff"' runs "reallybadstuff" as root, without asking you for your password. When this first appeared, I wasn't really worried. The attacker still needs to get you to run something on your system in the first place, and there are some simple things you can do to protect yourself (see Matasano Security's excellent blog post for more technical information and how to disable the attack). Privilege escalation attacks are typically used in two situations. The first is if someone has physical or remote access to your computer. He uses the attack to become root and install whatever software he wants, or otherwise messes around on your system. The other scenario is more serious - the attacker exploits a vulnerability that gives them access to your user account, then he uses privilege escalation to take over your system as root, often installing additional malicious software. These combined attacks are common, although we don't see them often on Macs (in fact, I've never seen one on Mac OS X). The attacker will use something like a Web browser vulnerability to get his foot in the door, followed by the privilege escalation to, well, drive an invisible school bus into your house. We call that school bus a "Trojan horse" since, like the Trojan Horse, it conceals nasty stuff within a somewhat innocuous package. In other words, Trojans aren't like viruses and worms. They don't break into your system, but they conceal a nasty payload that does something malicious once you execute them. The first major Trojan to leverage the ARDAgent vulnerability is called "PokerStealer" (identified by antivirus vendor Intego). Rather than using some sort of attack to get on your system, it pretends to be a poker game. When it's run, it uses the ARDAgent vulnerability to escalate its rights (without asking for your password) and installs malicious software like a keystroke capture program. A more serious problem is that, as reported by Brian Krebs at the Washington Post, some bad guys developed a tool to bundle a package of malicious software into any downloadable Mac application. It uses the ARDAgent vulnerability to run these pieces without your interaction, like PokerStealer. The program needs to run only once, then it embeds itself in your system. Interestingly enough, Krebs reports that this tool was in development since May 2008. We can expect the bad guys to use all sorts of social engineering tricks (like writing little games) to get us to run their software on our systems. To protect yourself, if you don't use (or plan on using) Apple Remote Desktop (which is different from Screen Sharing), you can go to /System/Library/CoreServices/RemoteManagement/ in the Finder, copy ARDAgent.app to your Desktop, right-click and compress it, and move the file someplace like your Documents folder. Then delete the original file. That way you just need to unzip and reinstall the file if you ever need ARDAgent down the road. I almost avoided writing this story since I hate to add to the hype of low-risk threats like this. While I don't doubt for a second that we'll see serious Mac (and iPhone) security threats in the future, this one is low on the list of things to worry about, especially if you don't make a practice of downloading random software from unknown developers. But unlike many other Mac vulnerabilities, this one has already been weaponized and is starting to appear in the wild. It's clear the bad guys are slowly paying more attention to Mac OS X, although we've avoided any serious mass attacks so far. With all the hype, it's worth taking the time to raise our security awareness and understand the risks and how to protect ourselves without having to buy and maintain products that would likely provide only a false sense of security. The Evolving World of Mac Backup Software ----------------------------------------- by Joe Kissell article link: Because I write so much about backups, I try to keep on top of all the programs one can use to back up a Mac, and their ever-changing feature sets. While working on the recently released version 3.0 of "Take Control of Mac OS X Backups," I realized that the appendix in which I provided feature-comparison checklists was badly out of date, and that trying to update it as I'd done in the past was a lost cause - it would just be obsolete again a day later. So instead, I've put that information on a Web page, where I can update it much more quickly and easily than revising an ebook. At the moment, this online appendix provides feature comparisons of 90 Mac OS X backup programs (not counting seven enterprise-oriented programs that I mention but don't describe in detail) - and I wouldn't be at all surprised if my list is still incomplete. Think about that for a moment. Nearly 100 different Mac programs that claim to have some type of backup capability. Incredible. To be sure, not all of them meet _my_ criteria for a backup program, which is to say that some of them are incapable of producing either an additive incremental archive or a bootable duplicate - that makes them, essentially, "merely" synchronization programs (useful, just not the same thing as a backup). But still, when I saw that number I was truly astounded. I'm all in favor of choice, but seriously... Mac users do not need _this_ many backup options! Who has time to sort through them all, test them, figure out which program uses which terminology to mean what, and come up with a meaningful evaluation of what's actually useful? (Yes, I know, that's what _I_ get paid to do, but I was speaking rhetorically.) What we need is a small number of excellent options. And yet, although my list of 90-plus programs includes some that are very good, there isn't a single one to which I'd give a perfect 10-out-of-10 rating, or even 9 out of 10. In my professional judgment, every backup program I've tried has room to improve - in some cases, _significant_ room. It is by no means my intention to diss all the world's Mac backup software. In fact, I can confidently say that, all things considered, the range of options available today is vastly better than what was available a year or two ago. All I'm saying is, despite the quantitative and qualitative increases we've seen recently, we haven't reached Backup Nirvana yet, and I'd rather see more work on the quality side than a greater number of so-so choices. **Backups Redux** -- Still, what strikes me more than anything else about my revised list of Mac backup programs is how much activity (new programs and updates released) has occurred _since the release of Mac OS X 10.5 Leopard_. When Apple announced Time Machine, a lot of people worried that it would spell the end of third-party backup software for the Mac. On the contrary, just the opposite seems to have happened. The buzz surrounding Time Machine has helped to educate Mac users about the importance of good backups, and that has increased the interest in backup software generally. Inevitably, some people discover that Time Machine isn't what they need (or isn't _all_ they need) and search for alternatives or supplements, and developers seem happy to jump on that bandwagon. The people who create backup software are being more creative, too. Previously, I had divided my feature-comparison list into three main sections: programs that create archives, programs that create duplicates, and programs that do both; later on I listed things like synchronization utilities, version control software, and Internet backup services, which were outside the scope of what I considered core backup options. But developers, it seems, have not made it their top priority to preserve the tidiness of my lists. With wanton disregard for my carefully considered classification system and the number of table cells that can reasonably fit on a page, they've added novel features left and right, created programs that intertwingle categories in ways I'd never imagined, and otherwise altered the rules for creating backups. As a result, I've had to do a considerable amount of extra typing, copying, and pasting, with more undoubtedly to come. _Thanks a lot, guys!_ **Current Trends** -- It's still useful to think about archives and duplicates as separate, and essential, backup tasks. But beyond that, the range of ways in which backups can function is becoming much more interesting. I'd like to highlight a few of the recent trends I've noticed: * Block-level incremental updates. Most backup software copies an entire set of files on its first run, and then on subsequent runs, incrementally updates your backup with just those files that have been added or changed since the last time. However, this can be a problem when the files are quite large (think of the disk images used by virtualization programs like Parallels Desktop and VMware Fusion, or Entourage's database file); because the _whole_ file must be copied every time even a tiny bit changes, backups can take a long time and chew up tons of disk space. The effect is more serious if you're backing up over a slow network, or paying by the gigabyte for online storage. But now, a number of programs (including CrashPlan, MozyHome, and QRecall) can copy just the _portions_ of files that have changed on subsequent runs - what's known as _block-level_ updates. These can run much faster than file-level updates, and occupy far less storage space. The downside is that you absolutely, positively must be able to retrieve every single piece of a file, in perfect condition, when the time comes to restore it. If any corruption occurred during transfer or storage, or if the backup engine is unable to correctly reassemble the pieces for any reason, you could be completely out of luck. * Duplicate filtering. Retrospect has offered this for years, but now more developers are catching on. To save even more time and storage space when creating archives, some backup programs (in general, the same ones that offer block-level incremental updates) check to make sure no data is duplicated at the destination. So, if you have two copies of a file on your computer, it stores just one (but remembers where both copies were). If you back up two or more computers to the same archive, and the same file appears on more than one, again, only one is stored. Some programs take this concept even further, eliminating duplicate data not just at the file level but within files - for example, if you have two files that have a 90 percent overlap in their data, only the different 10 percent of the second one will be stored. * Schedule-free backups. What I'm now beginning to think of as old-fashioned backup software runs only on a fixed schedule (every morning at 3:00 AM, for example). Increasingly, backup programs do their thing continuously (or at least frequently) in the background, without requiring you to set up anything, and with very little system overhead. Time Machine, of course, runs every hour. CrashPlan Pro can detect when files change and back them up immediately (or after a delay you specify, such as 15 minutes). MozyHome lets you choose automatic backups, scheduled backups, or both. NTI Shadow lets you archive files every time they change, at a fixed interval (such as every 10 minutes), or as infrequently as once a week. Retrospect has a mode (called Backup Server) in which it runs as often as needed. Numerous other programs offer variations on this theme. * Smarter scanning. When a backup runs, actually copying the files is only part of the process. Before the copying starts, most backup programs scan all the files you want to back up, comparing them with what's already in your archive to see what's changed, how much space will be needed, and so on. That scanning can take a long time, which in turn means the backup itself takes longer. One way to avoid scanning (or at least to speed it up considerably) is to use Leopard's FSEvents (file system events) notification system to determine which files have changed recently without a full, brute-force scan. Time Machine, Synchronize Pro X, and Synk (Backup, Standard, and Pro editions), for instance, all do this. Other programs, including SuperDuper, scan and copy in a single pass for greater efficiency. * Hard links. Time Machine makes use of a clever Unix construct called a hard link to make a file (or folder) appear to be in many places at once without each copy taking up lots of space. With hard links, each incremental update can look and act exactly like a full copy of your files, even if only a few changed. Long before Time Machine existed, the command-line tool rsync (and its graphical variant for Mac OS X, RsyncX) could do the same thing. Now other backup programs, such as Intego's Personal Backup X5, are joining the party too. * Online sync. Lots of backup programs (including CrashPlan, MozyHome, and steekUP) can send your data over the Internet to secure servers. But a new breed of programs is starting to combine online backups with multi-computer file synchronization and even online file sharing. Of course, .Mac members have always been able to use an iDisk for online storage and file sharing (albeit without the benefit of an encrypted connection), optionally adding backups using Apple's Backup or another program. Now, though, the landscape is changing even more. DropBox, still in beta testing, syncs local folders to online storage space. You can access your files - including old and deleted versions! - from any other computer, using the DropBox software or a Web browser. SugarSync also offers online syncing (prices start at $4.99 per month for 30 GB), but without storing old and deleted files. However, you could get the same end result by sharing the external disk on which your conventional archives are stored. **Trends I'd Like to See** -- As delighted as I am to see progress and innovation in the world of Mac backup software, I'd like to see still more. In particular, there are a few areas that have received too little attention, and developers of backup software would do well to give them serious consideration. * Amazon S3 support. Amazon.com's S3 (Simple Storage Service) offers capacious, secure, and reasonably priced online storage - ideal for backups. But Amazon doesn't supply any software. Although a few Mac FTP programs (such as Cyberduck, Interarchy, and Transmit) can access S3 storage space, the only serious option at the moment for backups to S3 is JungleDisk. Not only can JungleDisk mount your S3 storage space as a volume (which, in turn, another backup program could access), it's a full-featured archiving program in its own right. And, with the optional $1-per-month JungleDisk Plus service, it can even do block-level updates and resume interrupted transfers. (A program called Super Flexible File Synchronizer (SFFS), still at beta 1, also supports S3, though I can't yet tell how good it will be as a backup tool.) But whereas JungleDisk supports online backups _only_, I'd like to have a choice. I'd like to see existing conventional backup software upgraded to let users choose S3 as their destination as easily as they can now choose a hard disk or mounted network server. * Better metadata support. Almost every Mac backup program can handle common pieces of metadata such as resource forks, file permissions, and Finder labels. But metadata comes in many shapes and sizes. What about access control lists (ACLs), or HFS+ extended attributes? And what about hard links, including those for folders (introduced in Leopard)? More than a dozen varieties of metadata can be set for a given file, and lots of current backup software ignores a good bit of it. The result is that what _appears_ to be a perfect duplicate of your data might in fact be missing some important attributes. I've been using a command-line tool written by Nate Gray called Backup Bouncer to automate the testing of how well various programs handle these many sorts of metadata. Backup Bouncer doesn't yet evaluate every possible type of metadata, and arguably some kinds of metadata it does check are completely irrelevant in terms of backups, but it's still been tremendously helpful to have this automated testing tool. Note that, in response to some feedback I've received, I've recently modified the way my tables present the "scores" for metadata support. A much-less-than-perfect score is not necessarily a cause for concern, though programs with an "A" or "A+" (including, as you might expect, Carbon Copy Cloner and SuperDuper) do merit increased confidence for bootable duplicates. * Better optical media support. All things being equal, I think it's usually best to back up to a hard disk rather than to a recordable CD or DVD. But optical media can be useful in some situations, such as when you're traveling, or when your budget doesn't permit the purchase of hard drives. Most Mac backup software has only minimal support for optical media - specifically, it usually can't split a backup across more than one disc (pretty important if you have individual files that are too big to fit on a single disc) or record multiple sessions on a given disc (even if there's lots of free space). Retrospect can do both of these things; so can Data Backup 3 (though it supports multisession recording only for CDs, not DVDs). A handful of other programs (including BRU LE, Get Backup, and Personal Backup X5), support disc spanning but not multisession recording. (In some situations, you can work around the lack of multisession support using a 15 euro [about $23] utility called BurnAgain FS that lets you add data to CD-R, CD-RW, DVD-RW, and DVD+RW discs in the Finder.) I'd love to see much more thorough and pervasive support for optical media in Mac backup software, including, naturally, full compatibility with Blu-ray drives available from FastMac and MCE. * Better user interface. Whatever you may think of Time Machine's limited customizability or its 3-D outer space animation, it's at least clear that Apple put a great deal of thought into making a very complex process extraordinarily simple to set up and operate. At the other extreme, and without naming names, one of the most recent additions to my list has such an astonishingly complicated user interface, it makes Retrospect look like SuperDuper. The program in question is undeniably very powerful, but getting it to do anything interesting requires many highly unintuitive manual steps that almost make me feel as though I'm programming my own backup software from scratch. Far too often, a program's user interface is a mere afterthought, and in many cases, what you end up with is something that makes sense to engineers but not to ordinary folk. (That's true of all software, of course - not just backup software.) A good backup program need not look anything like Time Machine or SuperDuper, but as a user, I deeply appreciate any and all efforts to make software self-explanatory and obvious, to provide plain-English explanations and error messages, and to limit the amount of clicking I must do to accomplish simple tasks. Developers, if UI design is not your forte, hire a good designer, and have an outside firm conduct usability tests with, say, your parents as test subjects. You'll be amazed at what you learn. (This goes double for companies with cross-platform Java software, which tends to look pretty bad under Mac OS X.) * Better logging and feedback. Adam Engst reminded me of another issue that afflicts many otherwise good backup programs. Anyone who's used Time Machine, for example, has probably noticed that sometimes the "Preparing Backup" and "Finishing Backup" stages of each hourly run take an inordinately long time, and that sometimes a lot more data is copied than we have any recollection of changing. Why? What _exactly_ is going on behind the scenes? And when an error occurs, what's the problem, and how can I fix it? Figuring out what your backup software is doing shouldn't require advanced forensic investigation (see Matt Neuburg's "Time Machine Exposed!", 2008-05-08). Backup programs should provide clear, unambiguous feedback as to what they are currently doing (and how long it's expected to take), and log files should be both detailed and easily human-readable. I have no idea how long my list of Mac backup programs will eventually grow, though I truly hope not to see too many more additions. On the other hand, at the risk of sounding like I'm encouraging feature creep, I also hope very much to see some of the existing programs evolve to be more powerful and flexible under the hood, while at the same time acquiring simpler, more intuitive user interfaces. And developers: bonus points if you can do all this without messing up my tables again! TidBITS Watchlist: Notable Software Updates for 30-Jun-08 --------------------------------------------------------- by Adam C. Engst article link: * Adobe Acrobat 9 Pro updates Adobe's PDF manipulation software with improved creation and management of forms, support for Flash, document reviewing, and security. A new PDF Portfolio feature enables combining of several PDF files into one file using templates for displaying the information. This version also provides the capability to remove redacted information from files instead of just covering it up (a problem companies and government agencies have run into recently when such redacted information has become public). Unsurprisingly, the Mac version lags behind the Windows version. Microsoft Office integration has been removed, and Mac users can purchase only the $449 Pro version whereas Windows users can also choose Acrobat 9 Pro Extended or the less expensive Acrobat 9 Standard. ($449 new, $159 upgrade) * Pro Applications Update 2008-02 from Apple fixes problems in Final Cut Pro 6.0.4 and Compressor 3.0.3 related to installation, compatibility, general performance, and overall stability. (Free update, 138 MB) * Final Cut Server Update 1.1 from Apple addresses problems with the check in/check out process for Final Cut Pro projects and double-byte character sets, and generally improves the reliability of the asset management and workflow automation software. ($999 new, free update, 50.1 MB) * MarsEdit 2.1.4 from Red Sweater Software is a minor update to the popular blog posting software. Changes include a dock menu item for creating a new post; uploading to a specific Picasa album for Blogger users; and fixes for crashes related to bad URLs, the display of tags in the main window preview, and inadvertent loading of URLs dragged to the preview window. ($29.95 new, free update from 2.x or $9.95 from 1.0, 3.5 MB) * Keyboard Maestro 3.2 from Stairways Software enhances the macro utility with more options for macro groups, including secondary key activation of macros within a group and both temporary and permanent palettes showing the contained macros. The secondary key activation is particularly interesting, since it lets you activate a group, and then execute a particular macro within the group using a single key. So you could press Command-Control-M to activate a group of text-munging macros (remember that Keyboard Maestro can apply BBEdit Text Factories to clipboard text), and then press Q to activate a quote-cleanup macro. Other new features include an Alert action with a Stop/Continue dialog, macros without direct triggers, and remembered window size and position for script result windows. Keyboard Maestro 3.2 also adds triggers based on scripts, wake events, and login. ($36 new, free upgrade, 7.1 MB) * Dejal Simon 2.4.1 from Dejal Systems fixes several bugs in the server monitoring tool with the Port plug-in and adds a pair of hidden preferences to log debug information for the Port and Ping plug-in helpers. ($29.95 to $195 new, free upgrade, 10.8 MB) Bonus Stories for 30-Jun-08 --------------------------- by Adam C. Engst article link: **Microsoft Needs to Empty Windows Trash, Reboot** -- Mr. Ballmer, tear down this operating system! Seriously: you have virtualization software. Vista is bloated, but not bad. Don't make Windows 7 continue to carry the water for 15 years of old, sometimes bad decisions. Just a suggestion. (Glenn Fleishman, 2008-06-29) **Discovering Sparse Bundle Disk Images** -- A new disk image format introduced in Leopard is backup-friendly, because it doesn't require huge files to be backed up when only a small change has occurred. Now we just need more developers to catch on. (Joe Kissell, 2008-06-27) **Print Custom Text & Photo M&M's** -- Who knew you could now print photos on custom M&M's? Well, you do now, but good luck getting a photo to print well in half the size of a dime. (Adam C. Engst, 2008-06-27) **Vanity Spreads to Top-Level Domain Names** -- Have you ever wanted to see your name in dot-lights? The group that oversees domain names will allow vanity and corporate top-level domain registration. Are .coke, .pepsi, and .7up in our future? (Glenn Fleishman, 2008-06-26) **Symbian Smartphone Platform Goes Free, Partly Open Source** -- Nokia buys out its partners in Symbian, the world's most popular smartphone platform by far, and may change the whole nature of competition for these intelligent communicators by making it even more accessible to more handset makers. It's a shot across the bow for Apple, RIM, Microsoft, and Google, but it won't reach fruition until 2010. (Glenn Fleishman, 2008-06-24) **Get More From the iPhone's Text Widget** -- Texting on the iPhone is fun and useful, but it also can be expensive and may not work all the time. Discover how to track and reduce your bill, and find tips on solving problems with the Text widget. (Ted Landau, 2008-04-24) **Solve More Word 2008 Problems with AppleScript** -- A pair of articles I wrote for Macworld provide several AppleScripts that address common complaints in Word 2008. (Joe Kissell, 2008-04-22) Hot Topics in TidBITS Talk/30-Jun-08 ------------------------------------ by Jeff Carlson article link: **Car Bluetooth Hands Free Units** -- Readers provide suggestions for Bluetooth in-car speakers for talking on the phone hands-free while driving. (5 messages) **Making AppleCare Worthwhile: MacBook Pro Battery Replacement** -- Jeff Carlson's experience getting a replacement battery is echoed by some readers, while others debate the merits of AppleCare. (19 messages) **Firefox feature sought** -- Firefox's add-on capability opens the door for features that aren't included in the program itself. (11 messages) **How to Protect Yourself From The New Mac OS X Trojans** -- Readers discuss possible workarounds for the latest security vulnerabilities. (14 messages) **Firefox 3 Bounds Forward** -- People are reporting mixed experiences running the newest version of Firefox following Adam's article. (4 messages) **Critical Update for Microsoft Office 2008** -- The latest Office update apparently does not fix an issue where the modification date is changed on PowerPoint files just by opening them. However, a few workarounds are suggested. (2 messages) $$ This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe! Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017. Copyright 2008 TidBITS: Reuse governed by Creative Commons license. Contact us at: TidBITS Web site: License terms: Full text search: Subscriptions: Account help: