TidBITS#1075/02-May-2011

Apple is by no means perfect, and this week sees not one, not two, but three situations in which the company is addressing problems. Most notable is the Q&A that Apple released to explain the controversy and bugs related to the iPhone storing location information, but more important is the Snow Leopard Font Update, which resolves the font-related bugs introduced in Mac OS X 10.6.7. And the longest standing problem is the company’s 10-month inability to produce the white iPhone 4, which is at long last available. Also this week, two-security related stories hit the headlines, with a “crimekit” being released to target Mac OS X, and the MACDefender scareware app masquerading as an anti-virus program — Adam has all the details. Finally, Lex Friedman bids TidBITS farewell after accepting a full-time staff writer job at Macworld. Notable software releases this week include Firefox 4.0.1, MacGourmet 3.1, Microsoft Office 2008 12.2.9 / 2004 11.6.3, Adobe Photoshop Lightroom 3.4, Mactracker 6.0, Quicksilver β59, Mailsmith 2.3.1, Evernote 2.1, iPhoto 9.1.2, and iMac Hard Drive Firmware Update 1.0.
 
Articles
 

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

Apple Releases Snow Leopard Font Update

  by Adam C. Engst <ace@tidbits.com>
  3 comments

Apple has finally acknowledged the font-related troubles in Mac OS X 10.6.7, by releasing the Snow Leopard Font Update (see “OpenType PostScript Fonts Troublesome in 10.6.7,” 27 March 2011). Apple details four specific problems fixed by the update, including:

Our hope is that the update, which weighs in at a mere 3.77 MB, fixes the OpenType font encoding definitions in such a way that it will resolve all the problems that Mac users have been experiencing since 10.6.7 shipped slightly over a month ago.

Apple recommends that all users of 10.6.7 install the update, and while it’s hard to argue with that suggestion, if you’ve been holding at 10.6.6 because of 10.6.7’s font-related woes, I strongly recommend staying there until the community has confirmed that the Snow Leopard Font Update really does fix the problems.

Read and post comments about this article | Tweet this article


Beware Fake MACDefender Antivirus Software

  by Adam C. Engst <ace@tidbits.com>

While the news of the Weyland-Yutani crimekit (see “Macs Targeted by New “Crimekit”,” 2 May 2011) is more concerning for the Mac platform as a whole, security software firm Intego has identified a new piece of malware that masquerades as an antivirus program called MACDefender. (This MACDefender isn’t in any way associated with a German company called MacDefender that runs the MacDefender.org Web site and writes geocaching and other GPS-related software.)

A rather specific combination of actions needs to occur for MACDefender to be downloaded and installed, including visiting a poisoned Web site, allowing the Web browser to open files after the file downloads itself, and then entering an admin password in the installer. But if all that happens, MACDefender adds itself to the login items, displays a menu bar icon, and looks like a real antivirus program. See the Intego security memo for screenshots of what it looks like.

MACDefender’s goal appears to be to scam users into paying for the program, and to that end, it claims to find viruses and also opens porn sites in the user’s browser every few minutes in an attempt to make the user think they’re infected. After paying, the warnings disappear. Of course, it’s entirely likely that the purchase process is designed as much to steal credit card numbers as to make money from purchases, given that the charges can be reversed if the user discovers the scam.

MacDefender is an example of “scareware,” an increasingly popular type of malware that attempts to trick users into thinking they are infected with viruses in order to extort money (and credit card numbers).

Intego’s VirusBarrier X5 and X6 with updated malware definitions do protect against MACDefender, but MACDefender isn’t sufficiently subtle for us to recommend that you run antivirus software (see “Should Mac Users Run Antivirus Software?,” 18 March 2008). Just avoid iffy Web sites, and for goodness sake, if you’re ever asked for your administrator password by a software installer that you didn’t explicitly download and run, don’t enter that password!

It’s also a good idea to uncheck Safari’s “Open ‘safe’ files after downloading” checkbox in its General preferences. I believe Google Chrome and Firefox always ask for permission when you first encounter a new type of download, and you can clear previously granted auto-opening permissions in Chrome’s Under the Hood preferences (choose Chrome > Preferences > Under the Hood > Downloads) and in Firefox’s Applications preferences (set the desired file type, such as Zip, to Always Ask).

Image



Read and post comments about this article | Tweet this article


White iPhone 4 Finally Arrives

  by Adam C. Engst <ace@tidbits.com>

Apple finally made the mythical white models of the iPhone 4 available for purchase for both GSM (AT&T and international) and CDMA (Verizon Wireless) networks as of 28 April 2011, more than 10 months after the iPhone 4 initially shipped.

Phil Schiller, Apple’s senior vice president of Worldwide Product Marketing, said, “We appreciate everyone who has waited patiently while we’ve worked to get every detail right. Our Oompa-Loompas have been working day and night to carve the back casing of each white iPhone 4 from the horns of unicorns. Sustainably harvested horns, of course.”

Well, perhaps that last bit wasn’t in Apple’s announcement. But it’s nonetheless amusing that (a) a company with Apple’s design and manufacturing chops could have this much trouble with white, and (b) that Apple felt it was sufficiently important to warrant a press release.

Of course, the real question is whether there’s actually any pent-up demand for the white iPhone 4, or if everyone who would have preferred the white model has already purchased a black iPhone 4. Perhaps the iPhone 5 will come only in a shade of gray (like brushed aluminum), just to avoid the whole black and white issue.

Read and post comments about this article | Tweet this article


Macs Targeted by New “Crimekit”

  by Adam C. Engst <ace@tidbits.com>
  2 comments

The Danish security firm CSIS is reporting that they have uncovered evidence of a new “crimekit” called “Weyland-Yutani BOT” that criminals can use to make malware designed to steal information and access credentials (such as for online banking sites). At the moment, Weyland-Yutani supports “web injects” and “form grabbing” in Firefox, with support for Safari and Google Chrome on the way. These techniques enable the attackers to defeat online banking security tokens and capture login information entered into forms. CSIS also reports that while Weyland-Yutani targets Mac OS X currently, iPad and Linux versions are planned.

Most coverage of Weyland-Yutani has focused on the fact that its appearance means that Apple’s star has now risen high enough to attract the attention of malware authors. That could be, since most malware today is created for the express purpose of making money, and Apple’s user base (particularly once you bring in iOS devices) is now large enough that the investment may be worthwhile for online criminals to target Apple users. We’ll find out, since Weyland-Yutani itself costs around $1,000. So the real question is if Weyland-Yutani will turn out to be a commercial success or flop.

What does this mean for normal Mac users? For the moment, only that you really do want to stay up to date with security updates to Mac OS X and Web browsers. If criminals were to start using Weyland-Yutani to create truly unpleasant malware targeting Mac OS X, the anti-malware market on the Mac would certainly heat up.

But for the moment, just be sure to install security updates, be careful opening email attachments that could contain code, and stay away from dodgy Web sites pushing pirated software, gambling, and porn. Oh, and keep reading TidBITS for news of changes in the security landscape. In other words, use your common sense, since the Internet simply isn’t an entirely safe place and hasn’t been for years.

Read and post comments about this article | Tweet this article


Parting Is Such Sweet Sorrow: Lex Leaves for Macworld

  by Lex Friedman <lex@lexfriedman.com>
  5 comments

I didn’t write professionally about Apple until January 2009. I responded to a flurry of tweets from various Macworld editors seeking freelance iPhone app reviewers. My first review, of a decidedly unimpressive game called Darts, ran in February of that year.

I was thrilled to be paid to write about Apple stuff, and even more thrilled that people were actually reading what I wrote. Eventually, I was writing longer reviews for Macworld, and lots of them. Over time, I branched out, writing speaker reviews, case reviews, and the like. After a while, I was even trusted to write how-to’s, news, and opinion pieces.

But it wasn’t enough! Though I loved what I was writing for Macworld, I craved more. I was still holding down a full-time job working for a large Internet company, but getting paid to write about Apple felt magical. I wanted more of that feeling. On a lark, I cold-emailed Adam Engst, offering my writing services for TidBITS. This was back in the long-ago era of July 2010 — so long ago that Charlie Sheen still had a job!

Though I didn’t know it, my timing was good, since Doug McLean was leaving TidBITS just then to return to grad school. Nonetheless, Adam wisely asked Jason Snell and Dan Moren at Macworld whether I was worthy of his (and TidBITS’s) time and attention. Jason and Dan responded in the affirmative (my e-checks to them had cleared, I guess), and Adam agreed to give me a tryout.

Most of my work for TidBITS was on the shorter side — TidBITS Watchlist updates, ExtraBITS links, and the like. But while I rarely flexed my longer-form writing muscle on TidBITS, I really enjoyed the work. I was writing for a publication I used to receive via email when I had a “text-only” Internet connection in the early 1990s. I was writing alongside industry greats like Adam, Tonya, Glenn, Jeff, Rich, Joe, Matt, and Mark. Frankly, it was an honor just to sit in on the weekly staff calls and exchange email with folks whose writing I had respected and idolized for years. I even got to meet many of the TidBITS staffers in person at Macworld 2011 back in January.

But now, though it seems like I’ve known the TidBITS crew for eons (time flies in the Internet world), I’m leaving my freelance role at TidBITS after just nine months, as I’ve accepted a full-time offer from Macworld. The friendship between TidBITS and Macworld is obvious and strong (ever noticed that there are months that the masthead of Macworld is nearly monopolized by articles from TidBITS writers?), but my new employment with Macworld gives them rights to all the Apple-focused stuff I write. A number of people who start off writing for TidBITS end up contributing to Macworld too, and I’m not even the first to take the path from freelancer to Macworld staffer; Dan Frakes blazed that trail back in 2003.

My affection for TidBITS, and my even greater affection for the people behind the site, is unwavering. I’m proud that I was involved, however briefly, with such a venerable publication, and will miss the frequent email messages from Adam. They’d contain not just new software updates to cover for the TidBITS Watchlist, but often expressions of gratitude that I was writing them so he wouldn’t need to stress about not having the time to write them up himself.

I believe that I’ve even helped find an excellent replacement for me, but that’s an announcement for another time!

As you might imagine, (and as I’ve wordily blogged about elsewhere), I’m tremendously excited to be joining Macworld as a full-time Staff Writer. I am also extremely grateful to TidBITS for the work and friendship offered to me over the past nine months, and I’m certain that continued greatness lies ahead for the site. My sincere thanks to Adam, Tonya, and the gang for everything.

Read and post comments about this article | Tweet this article


Apple Addresses Location Controversy Questions

  by Adam C. Engst <ace@tidbits.com>
  11 comments

Responding to the tempest in a teapot surrounding the discovery that the iPhone records certain location data, Apple last week issued a clearly written Q&A that addresses the primary questions asked by users. Later that day, Steve Jobs, Phil Schiller, and Scott Forstall talked to Ina Fried of All Things Digital (run by the Wall Street Journal) about the situation; the transcript is well worth reading.

For those who have been lucky enough to miss the fuss, it was determined that some form of location data was being stored on the iPhone, which led to hysterical news articles claiming that Apple was tracking the locations of iPhone users. This data included geographic coordinates that, when plotted on a map, seemed to provide a long-term record of your movements.

The hysteria continued even after saner heads, like David Pogue of the New York Times, pointed out that the information wasn’t being transmitted to Apple or anyone else and that all cell phone carriers track and record every movement of their subscribers. Nor did it make a difference that the information extracted from your iTunes backups (which was extremely hard to get until the iPhoneTracker application was created to display it) was often clearly different from where you actually were. The greatest risk might have been someone (law enforcement or a technically savvy stalker) obtaining your phone and having what seemed to be a record of your location over time.

Although I strongly recommend reading Apple’s Q&A, it can be summarized as follows.

Apple is not tracking the location of your iPhone. Nor is your iPhone logging your actual locations. Instead, iOS maintains a database that represents a subset of Wi-Fi hotspots and cell towers in the general vicinity of a current location. The point of this database is to help the iPhone calculate its location more quickly when requested, both by avoiding a round-trip query over a mobile or Wi-Fi network to look up this information, but also to help a GPS receiver, if one is present (as one is on all iPhones since the iPhone 3G and all 3G versions of the iPad).

When starting fresh, a GPS receiver by itself can take up to 12.5 minutes to receive the full set of information about all the satellites it can see and obtain a location. If the GPS receiver knows its approximate location, that time can be reduced to 30 to 60 seconds. But with Assisted GPS (AGPS), which Apple and other smartphone companies employ, the time to acquire a satellite lock can be reduced to just a few seconds by using rough Wi-Fi or cell tower location information (the large blue circle in the Maps app, for instance) to help interpret fragments of GPS satellite signals. (TidBITS editor Glenn Fleishman wrote a long explanation of AGPS for Ars Technica in 2009, if you want more detail.)

There is little more frustrating than sitting in a car and waiting for your GPS navigation app to figure out your location so you can start driving in unfamiliar environs. That’s where AGPS comes in, and it’s part of the explanation for why Apple caches location data.

The iPhone does transmit — in an anonymous and encrypted form that Apple cannot use to identify you or your position — the locations of nearby Wi-Fi hotspots and cell towers back to Apple, where they are added to a massive crowd-sourced database. Apple used to get this sort of data from Skyhook Wireless, the firm that pioneered Wi-Fi positioning, but switched to its own network data gathering with the first iPad release, and with iOS 4.0 for all other devices.

The iPhone downloads and caches an appropriate subset of that database to aid in location calculations, and it’s this cached subset that is backed up in iTunes and read by iPhoneTracker, which accounts for the locations that don’t correspond with where you’ve actually been. For instance, check out the screenshot to see that, yes, I’ve driven around a bunch of upstate New York for cross country and track races. But I can guarantee that I’ve never been to lots of these spots.


The only location data that Apple collects and shares with other companies comes from iAds, which can use location as a factor in targeting ads. That information will be shared, but only if you explicitly approve when an iAd asks for your current location (Apple gives the example of a user requesting that an ad locate the nearest store).

Apple did for the first time reveal that it is now “collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.” Although the Q&A isn’t clear about this, it’s likely the same sort of current road speed data captured by Android phones and some cell-connected standalone GPS navigation devices. Live traffic data can be integrated and then fed back out to provide real-time road status even on relatively low-traffic streets.

Now, all this said, Apple also acknowledged that they have identified a number of bugs in how location services were working. A free iOS update within the next couple of weeks will:

Finally, Apple promised that the next major release of iOS would encrypt the cache on the iPhone so it couldn’t be used to determine even the general part of the world the user was in. It’s unclear if this means iOS 4.4 or iOS 5.

The only remaining question is if there’s anything more to this situation than Apple is letting on, and honestly, I doubt it. Apple is a business, and businesses exist to make money. Unless someone can point to a legal way Apple could make a boatload of money from location data without in any way endangering the massively lucrative iPhone market, assuming that Apple is up to no good here is pure conspiracy theory.

Yes, Apple could have designed the system to encrypt this data to start, and yes, Apple could have caught the bugs they’ve now identified and acknowledged earlier, but minor technical mistakes happen in all sufficiently complex systems. More important is how they’re resolved — and how quickly — and it appears that Apple is doing the right thing with the forthcoming iOS update.

Now perhaps privacy watchdogs can turn their attention to the very real breach of Sony’s PlayStation Network, from which hackers were able to steal personal information about tens of millions of subscribers, possibly including credit card data.

Read and post comments about this article | Tweet this article


TidBITS Watchlist: Notable Software Updates for 2 May 2011

  by TidBITS Staff <editors@tidbits.com>

Firefox 4.0.1 -- From the Mozilla Foundation comes Firefox 4.0.1, an ostensibly minor update that packs in numerous bug fixes for everything from memory leaks to security issues. While the majority of the changes affect elements of the app that are not immediately obvious to end users (beyond the occasional crash), a few fixes were prompted by certain Web sites, like Yahoo Answers and Amazon, failing to function properly in small ways. Mozilla recommends the update for all current users of Firefox 4.0; see our full review in “Firefox 4 Improves, But Not Radically,” 2 April 2011. (Free, 26.8 MB)

Read/post comments about Firefox 4.0.1.

MacGourmet 3.1 -- Advenio has released version 3.1 of MacGourmet, its recipe management software that lets your collect and organize your favorite dishes on your Mac (for a comparison with other programs, see “Cook from Your Mac: 10 Recipe Tools Compared,” 21 September 2007). Highlights of the changes in MacGourmet 3.1 include the capability to download and import recipes from over forty popular Web sites, support for blogging, and many improvements in the way ingredients are handled. In addition, MacGourmet 3.1 addresses a large number of bugs that touch on pretty much every aspect of the app; full release notes are available. ($29 new from Advenio or the Mac App Store, free update, 12.7 MB)

Read/post comments about MacGourmet 3.1.

Microsoft Office 2008 12.2.9 / 2004 11.6.3 -- Refusing to leave those who haven’t upgraded behind, Microsoft has released a couple of updates for older versions of the Office suite — the 2008 edition has been bumped to version 12.2.9, while its 2004 counterpart is now at version 11.6.3. The Office 2008 update requires Mac OS X 10.4.9 Tiger or later and includes a number of security, stability, and performance improvements, additional support for Microsoft’s SkyDrive cloud-based file sharing system, improved compatibility with the SharePoint enterprise collaboration system, and individual fixes for both Entourage and PowerPoint. The Office 2004 update, which needs 10.2.8 Jaguar or later, contains only unspecified security fixes. (Free updates; 333.1 MB for 2008, 23.4 MB for 2004)

Read/post comments about Microsoft Office 2008 12.2.9 / 2004 11.6.3.

Adobe Photoshop Lightroom 3.4 -- Adobe has released Photoshop Lightroom 3.4, a maintenance update that adds support for the raw image formats used by several recent cameras and incorporates a host of bug fixes. Cameras added to this update include the Canon EOS 600D (Rebel T3i/Kiss X5 Digital) and Canon EOS 1100D (Rebel T3/Kiss X50 Digital); Fuji FinePix S200 EXR, FinePix F550 EXR, FinePix HS20 EXR, and FinePix X100; Hasselblad H4D-40; Kodak EasyShare Z990; Nikon D5100; Olympus E-PL1s, E-PL2, and XZ-1; and the Samsung NX11. Bug fixes range from problems uploading to online photo-sharing sites to fixing a color cast on Nikon D7000 or Pentax K-5 images under certain circumstances. Adobe also released the free Camera Raw 6.4, which adds support for the same cameras for Adobe Creative Suite 5. ($299 new, free update for owners of Lightroom 3, $99 upgrade from earlier versions, 88.6 MB)

Read/post comments about Adobe Photoshop Lightroom 3.4.

Mactracker 6.0 -- Ian Page has released version 6.0 of his encyclopedia of Apple hardware, Mactracker, adding new features and updates to its extensive database of nearly every Apple hardware product ever made. Each entry contains plenty of detail, including technical specs, the original sale price in 10 different markets, and benchmarking data (you can even compare the specifications of up to four devices). The most significant enhancement is a complete overhaul of the app’s interface, featuring a new in-window search function and “smart categories” whose contents are based on a search query. (Free from Ian Page’s Web site or the Mac App Store, 21.9 MB)


Read/post comments about Mactracker 6.0.

Quicksilver β59 -- The open-source launcher Quicksilver β59 has been released, adding numerous features and plug-ins, and fixing plenty of bugs as well. Improvements include auto-updating, a new menu bar icon, an Open URL in Background action, performance improvements, and changes that will enable Quicksilver to be a 64-bit application in the future. But much of Quicksilver’s power lies in its many plug-ins, which enable it to integrate with other applications. This new version includes new plug-ins for Yojimbo, 1Password, and Cyberduck, along with fixes and changes to a number of others. Numerous bugs have also been fixed, although reports on the Quicksilver Google Group indicate there are still issues. (Free, 1.8 MB)

Read/post comments about Quicksilver β59.

Mailsmith 2.3.1 -- Stickshift Software has released Mailsmith 2.3.1, which fixes a bug that prevented Space-bar navigation from working properly, plugs some memory leaks, and avoids checking the installed version of SpamSieve to avoid problems with newer versions of SpamSieve. (Free, 25 MB)

Read/post comments about Mailsmith 2.3.1.

Evernote 2.1 -- Those relying on the popular Evernote service can now download Evernote 2.1 for the Mac, which brings a number of notable features to the information gathering application. (Versions are also available for various Web browsers; the iPad, iPhone, and iPod touch; Android; BlackBerry; Palm Pre and Pixi; and Windows and Windows Mobile.) Most notable in Evernote 2.1 for the Mac is audio recording, which allows audio to be attached to any new or existing note. Audio can also be played back within the Evernote application. Then, for those who thrive in the public sphere, there’s note sharing via Facebook, Twitter, and email, or via a direct URL. Searching is now faster, especially for large accounts, the Find In Evernote menu item now works properly, and other unspecified bugs have been fixed. One note: if you’ve customized your toolbar, you’ll have to do so again after the upgrade. (Free, 19 MB)

Read/post comments about Evernote 2.1.

iPhoto 9.1.2 -- Along with adding new card themes to iPhoto ’11, Apple’s recent iPhoto 9.1.2 update addresses a number of minor bugs, mostly related to the application’s interface. The zoom slider now works properly in Magnify (1-up) view, toolbars auto-hide in Full Screen view, the message size of email messages now updates correctly when changing the Photo Size menu, multiple book pages can now be drag-selected in All Pages view, design tools in print projects are now accessible via separate Layout and Options buttons, and the Tab key can now navigate through all the text fields in a book project. In addition, the update fixes minor formatting issues with book, card, and calendar themes, and preserves photo backgrounds when the book type is changed. Lastly, the search field now correctly performs an “includes” search when searching by text string, and a bug has been fixed that prevented some iPhoto 5 libraries from upgrading correctly. ($14.99 new, free update, 106.32 MB)

Read/post comments about iPhoto 9.1.2.

iMac Hard Drive Firmware Update 1.0 -- If you have a mid-2010 iMac, Apple has just released the iMac Hard Drive Firmware Update 1.0 to resolve a problem that might prevent your iMac from booting properly. Although there’s no way to know if you really need this update or not, the inability to boot could make installing this update in the future significantly more difficult, so I’d recommend doing it now, after making sure you have a current backup. (Free, 767 KB)

Read/post comments about iMac Hard Drive Firmware Update 1.0.


ExtraBITS for 2 May 2011

  by TidBITS Staff <editors@tidbits.com>

If you’re looking for a little more to read this week, Glenn Fleishman explains Assisted GPS at Macworld, Jeff Carlson shares a link to an interview with the ex-Mac luminary and current professional photographer Joe Holmes, and Adam points to Ars Technica’s recent experience with Facebook as a reason to avoid relying on the social networking service for business purposes.

Why Businesses Shouldn’t Friend Facebook -- The news site Ars Technica (owned by Condé Nast Digital) woke up one morning last week to find their Facebook page locked after an unknown person complained to Facebook that some piece of Ars Technica content infringed on their rights. With no warning, explanation, or clear appeal process, and with only minimal communication after Ars staffers started to investigate, the Ars Technica Facebook page remained inaccessible the entire day. (It has now been restored, with a statement from Facebook apologizing weakly and justifying the action.) If this can happen to a major news outlet like Ars Technica, which can bring corporate resources to bear on resolving the situation, just imagine how much fun it would be for a small business. Moral of the story: Do not rely on Facebook for anything critical to your business. Facebook is not your friend.

Read/post comments

The Quiet, Lovely Photographs of Joseph O. Holmes -- Joseph O. Holmes has been a lawyer and a Mac journalist, and he appeared earlier this year with Adam and other notable Mac figures at a Macworld Expo panel called “Holmes Brothers Live.” Joe now makes his living as a professional fine art photographer, and in this article at Rob Galbraith’s Digital Photography Insights site, he talks about his inspiration and creative process.

Read/post comments

How the iPhone Supplements GPS -- Over at Macworld, TidBITS editor Glenn Fleishman explains Apple’s curious statement that GPS positioning would take minutes without its secret sauce of Wi-Fi network and cell-tower location data. Apple (and other mobile device makers) supplement GPS with several clever techniques to get a faster fix.

Read/post comments


This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Copyright 2011 TidBITS; reuse governed by this Creative Commons License.