The first Mac OS X Trojan horse was spotted last week - or was it? Adam looks at Intego's announcement of the MP3Concept Trojan, and how it affects the Mac going forward. Also in this issue, Andrew Laurence reviews the Slim Devices Squeezebox streaming audio player, and we note the releases of Eudora 6.1, DragThing 5.1, and NoteBook 1.2 v180. Lastly, we're taking a short break, so look for your next issue of TidBITS on 26-Apr-04!
No TidBITS 19-Apr-04 -- We're taking the next issue of TidBITS off for a little hard-earned rest and recuperation in Hawaii at my sister Jennifer's weddingShow full article
No TidBITS 19-Apr-04 -- We're taking the next issue of TidBITS off for a little hard-earned rest and recuperation in Hawaii at my sister Jennifer's wedding. Those who have been with us from the beginning may remember that back in 1992, Jennifer converted our first 99 issues from HyperCard format into setext, which was an essential step in allowing us to provide a complete archive containing every TidBITS issue. Aside from the wedding festivities, Tonya and I are looking forward to downtime and extra sleep to make up for what we've lost in the last week while dealing with Tristan's cold-exacerbated asthma troubles. So, although we'll try to keep TidBITS Talk flowing, we won't be reading or replying to other email on a regular basis. Our next issue will be released on 26-Apr-04. [ACE]
Matias Sponsoring TidBITS -- We're pleased to announce our latest long-term sponsor, Matias Corporation, makers of the Tactile Pro Keyboard, and the Laptop Armor and iPod Armor hardshell casesShow full article
Matias Sponsoring TidBITS -- We're pleased to announce our latest long-term sponsor, Matias Corporation, makers of the Tactile Pro Keyboard, and the Laptop Armor and iPod Armor hardshell cases. Matias first caught our attention back in 2001 with their Half Keyboard, an unusual halved QWERTY keyboard that used the spacebar as a modifier key to access the missing keys. Although neat enough to warrant mention in consecutive Macworld Superlatives articles, the Half Keyboard was attractive primarily in very specific situations (such as when portable data entry to a Palm OS handheld was necessary), and it's great to see Matias devoting their design sensibility to more mainstream products like the Tactile Pro Keyboard and the two hardshell cases. We've been impressed both with Matias's products and the company itself, so we couldn't be happier to include Matias among our select group of sponsors. [ACE]
Eudora 6.1 Adds Google Searching -- Qualcomm has released Eudora 6.1, the latest version of their venerable email client. New in Eudora 6.1 is a toolbar-based Search Bar that enables you to search either within Eudora or in Google via your Web browser; you can also Control- or right-click a word and choose it from the contextual menu that appears to search for it in GoogleShow full article
Eudora 6.1 Adds Google Searching -- Qualcomm has released Eudora 6.1, the latest version of their venerable email client. New in Eudora 6.1 is a toolbar-based Search Bar that enables you to search either within Eudora or in Google via your Web browser; you can also Control- or right-click a word and choose it from the contextual menu that appears to search for it in Google. Another new feature (though a more-limited version appeared in Eudora 6.0; see "Eudora 6.0 Slams Spam, Concentrates Content" in TidBITS-696 for more on that release) is Transfer to Selection, which enables you to Control- or right-click a word in Eudora and choose a similarly named mailbox into which the message will be transferred. IMAP synchronization has been improved with the capability to synchronize specific IMAP mailboxes on mail checks and easier resynchronization of entire mail folders. Eudora 6.1 provides more control over content concentration, which it uses to hide quoted and other less relevant text appearing in the preview pane. Lastly, and perhaps the most welcome (if depressing) feature is the addition of Junk mail statistics to the Statistics window. It's harsh being shown that 61 percent of my mail is spam overall, and that the percentage is more like 75 to 78 percent for the day or week.
Eudora 6.1 is available in Paid mode for $50; Sponsored (with ads and no support) and Light (reduced features and no support) modes are free. If you've purchased or upgraded Eudora within the last 12 months, the upgrade is free; if you purchased or upgraded more than 12 months ago, but less than 24 months ago, the upgrade costs $40; and if you last paid for it more than 24 months ago, you have to pay the full $50 again. Eudora 6.1 is a 6 MB download for either Mac OS X or Mac OS 9. [ACE]
by Matt Neuburg
Version 5.1: A DragThing of Beauty -- TLA Systems's DragThing, a launcher and Dock replacement that we've been covering since its inception, has been upgraded to version 5.1Show full article
Version 5.1: A DragThing of Beauty -- TLA Systems's DragThing, a launcher and Dock replacement that we've been covering since its inception, has been upgraded to version 5.1. The big change here is that DragThing's docks are now documents: you can now open and close them individually, and they can be exported completely as XML. This makes things much easier when you develop a one-off or specialized dock that needn't be present all the time. You can also have "workspaces" (dock sets), read-only docks, and stationery docks. The Desktop Trash feature is also much more flexible, and there are many cosmetic and functional improvements and bug fixes. DragThing 5.1 requires Mac OS X 10.2 Jaguar or better and is a 3.2 MB download. It costs $30; this is a free upgrade for DragThing 5 users. [MAN]
NoteBook 1.2 v180 Beefs up HTML Export -- Circus Ponies Software has released NoteBook 1.2 v180, a minor upgrade to their elegant snippet keeper and information manager, which I've found handy for maintaining to do lists and taking notes on complex proceduresShow full article
NoteBook 1.2 v180 Beefs up HTML Export -- Circus Ponies Software has released NoteBook 1.2 v180, a minor upgrade to their elegant snippet keeper and information manager, which I've found handy for maintaining to do lists and taking notes on complex procedures. This version adds an option to export only changed pages to HTML, preserves text styling in HTML, and automatically converts a series of multiple spaces to a non-breaking space character. You can also now choose the format for images pasted into Notebook. Circus Ponies also fixed a number of bugs, including an annoying one with the licensing system that could cause a crash on the first launch after restarting your Mac. NoteBook 1.2 v180 is a 7.7 MB download that's free to registered users; new copies cost $50. [ACE]
By now, assuming you pay any attention to the Macintosh media in between your weekly doses of TidBITS, you've undoubtedly heard of the hubbub brewing around the announcement last Thursday of the first Trojan horse to target Mac OS XShow full article
By now, assuming you pay any attention to the Macintosh media in between your weekly doses of TidBITS, you've undoubtedly heard of the hubbub brewing around the announcement last Thursday of the first Trojan horse to target Mac OS X. The news came from Intego, the developers of a variety of security software, including the anti-virus program VirusBarrier, which Intego updated to detect hypothetical malicious software using this new technique.
Should we laud Intego's integrity in alerting the Macintosh community to this possible pestilence, or should we revile the company for a self-serving PR move that has the potential to cause untold headaches for the entire Macintosh world? I'll reveal my hand here - if Intego wants to do public service announcements, they shouldn't use a press release to submit their findings, and they should stop selling a product that stands to benefit directly from both the increased paranoia they've caused and a potential plague of copycat Trojans.
Just the Facts, Ma'am -- Toward the end of March 2004, a discussion took place on the Usenet group comp.sys.mac.programmer.misc about the potential for embedding malicious code inside an MP3 file. After some back and forth, programmer Bo Lindbergh posted a proof-of-concept file that is an MP3 and plays in iTunes, but is actually also an application. Bo's proof-of-concept merely popped up a dialog box, but it obviously could execute any sort of code. It's a clever hack that takes advantage of both the way Carbon applications work and the ID3 tag portion of the MP3 file format to run executable code from within a legitimate MP3 file. It's worth noting that all of the programming techniques used by Bo's proof-of-concept are perfectly legitimate, and the only vulnerability this exposes is the ability of a programmer to disguise an application as a document. Nothing new there, and it's well worth reading the technical commentary posted on BoingBoing by Miro Jurisic (a top-tier Macintosh programmer known for winning the MacHax Group's Best Hack Contest at MacHack on multiple occasions).
On 20-Mar-04, Intego said that an unnamed person reported this proof-of-concept Trojan to Intego, Symantec, Network Associates, and Apple. Intego evaluated the code and added some code to VirusBarrier to detect it. So far so good. But then, despite some "initial hesitation," Intego decided to put out a press release trumpeting how the update to VirusBarrier detects "the first Trojan horse for Mac OS X." Open bottle, extract genie.
Needless to say, the press release was immediately covered by a variety of news sites (I've included a selection of links below; it's amusing to compare them, and be sure to see the hilarious Joy of Tech cartoon at the end). As usual, that means a few sites confirmed the story, investigated the technical claims, and queried security experts, whereas many others merely reprinted or pointed to Intego's press release. The massive coverage instantly generated a ton of confusion and misunderstandings. Many people thought Mac OS X was immune from such malevolent code (false, and the proof-of-concept works equally well in Mac OS 9), which led to the conclusion that Intego was promulgating a hoax (equally false). Other misapprehensions that quickly resulted were that this was a virus (false, Trojans don't self-replicate) and that it was in some way related to Apple's success in the music world (inane, and at best a non-sequitur). Intego itself generated other confusions, such as the implication that what was being identified was an actual Trojan horse (false) rather than just a method by which a Trojan horse could be created. Intego is also culpable for classic FUD (Fear, Uncertainty, and Doubt) tactics by advertising that the same technique could be used with GIF and JPEG files, and QuickTime movies (true, but irrelevant).
<http://apple.slashdot.org/article.pl?sid=04/04/ 08/1922237&mode=thread&tid=126& amp;tid=172>
Clear and Present Terminology -- Let's step back and look at what the terms for the various types of malicious software really mean. Viruses are pieces of executable code that that can't stand alone, but must be inserted into and operate within a "host file," usually an application. Most importantly, viruses self-replicate, inserting their code into other files as a way of moving from one file to another, and one computer to another. Although worms also replicate themselves, they don't require a host file and exist as standalone files.
A Trojan is a horse of a different color. Like worms, Trojans are standalone programs, but they don't self-replicate. Instead, they're designed to deceive an unwary user into downloading them and launching; as a rule, they can be identified precisely (which allows warnings of "If you see a file called 'Trojan Horses' that purports to provide a directory of farriers in the Middle East, don't run it or it will delete all the files on your hard disk!"). Without detracting from the clever technique that Bo Lindbergh came up with, Trojans are trivially easy to write. That's because all they have to do is deceive you long enough for a double-click. Once you double-click, the Greeks leap from the horse and it's all over for Troy and your computer. (In case you're not up on your Homer, we can thank Odysseus for the original Trojan Horse.)
Bo's proof-of-concept was primarily interesting for what it did after it was double-clicked: it acted like a normal MP3 document. Also interesting was the fact that it could be dragged into iTunes and played like any other MP3 file. But despite having the data fork of a legitimate MP3 file, it was in fact an application, and the Finder's Get Info window properly identified it as such. In essence, the proof-of-concept was more deceptive after the fact, which, had it been an actual Trojan horse, might have made it somewhat harder to detect. But as it was neither malicious nor deceptive, the proof-of-concept simply was not a Trojan horse. That said, it was a questionable move to post such a proof-of-concept in public.
Think Like Intego -- So why did Intego decide to issue a press release about what the company dubbed the MP3Concept Trojan? Obviously, I wasn't privy to the discussions (or I would have told them in no uncertain terms what a terrible idea this was), but it seems likely that the decision was in the end based on the positive benefits it would have for Intego. After all, promoting corporate interests is what PR is all about.
The reasoning is easy to follow. With just a little effort in the press release, Intego could both catapult the company into the spotlight of the Macintosh media and engender a sense of paranoia in the Macintosh community that would result in sales of VirusBarrier. For examples of how the wording of the press release supports this goal, consider this: "While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks." The sentence manages to imply that Intego discovered the Trojan (it was actually reported to them by a user) and at the same time states that there are multiple versions of the Trojan. As far as I've been able to determine, and Intego did not answer my direct question to this point, at the time when this press release was sent out, there was only Bo Lindbergh's proof-of-concept.
Then there's this section: "Due to the use of this technique, users can no longer safely double-click MP3 files in Mac OS X. This same technique could be used with JPEG and GIF files, though no such cases of infected graphic files have yet been seen." That's classic FUD aimed at scaring less-sophisticated users into believing that they cannot so much as double-click an MP3, JPEG, or GIF file without risking untold digital horrors. Unless, that is, they're running Intego's VirusBarrier.
So Intego gains massive press coverage, and even if it turned negative, there's always the aphorism, "I don't care what you say about me as long you spell my name right." Intego also sees increased sales of VirusBarrier, lending a direct financial bonus to the announcement. If nothing else, Intego's behavior was crass, very much along the lines of the anti-virus companies whose software identifies worm-generated email but, instead of deleting it, wastes even more time and resources by bouncing it back to the forged address with an advertisement for the anti-virus software. Although those companies haven't yet been taken to task for such tactics, Intego may suffer a significantly damaged reputation from this decision.
Intego calls itself an "i-security company" and talks on its About page about how it is committed to "protecting your computer from security threats of all kinds." Ignoring the utterly cynical thought that Intego would wish ill upon those who were not its customers, by releasing the announcement of MP3Concept, Intego violated that basic goal of protecting computers from security threats of all kinds. That's because the publicity that surrounded both the initial press release and Intego's followup Q&A document about MP3Concept significantly lowers the bar for creating Trojan horses using the MP3Concept approach. I would be surprised if actual MP3Concept Trojans hadn't been released into the wild now, given that most people writing malicious software generally just modify techniques and code from others. So by providing details about how MP3Concept works, how it could affect GIF and JPEG files, and more, Intego almost ensured that some disaffected programmer would implement it. Do you feel that Intego's announcement has helped protect your Mac from security threats?
Intego would certainly argue that the information would have gotten out anyway. That may be true, since the information about the proof-of-concept was protected only by obscurity. But the Internet is an awfully big place these days, and just because some piece of information is available doesn't mean it will automatically be introduced to hundreds of thousands of Macintosh users. Lots of programmers discover ways of abusing operating systems that they either don't act on or don't publicize. Intego chose to go public.
What Should Intego Have Done? It's said that hindsight is always 20/20, but in this case, I think it's clear how Intego should have responded. First, I think Intego should absolutely have updated the virus definitions for VirusBarrier to identify and delete any Trojan horses using the MP3Concept technique. That's entirely in line with the mission of protecting computers from security threats of all kinds, and I have nothing against Intego using this information to improve its products.
However, Intego should next have verified that the right people at Apple had received the information, assuming that a Macintosh developer like Intego would have better contacts within Apple than a random user. Intego said the reporting user had also alerted Apple, but we all know that Apple is a very large company, and sending an email message to a general feedback address is a lot different from making sure Apple's security team was aware of the problem. The Apple Product Security page provides a email address to which such security vulnerabilities should be reported.
Intego could also have alerted an independent security organization like the CERT Coordination Center to the vulnerability. That would have allowed CERT to verify the vulnerability, alert Apple again, and publish the information in a controlled fashion. Then, had the information become public, Intego wouldn't have been tainted by a blatant conflict of interest and could still have announced that VirusBarrier had been updated to deal with the problem.
What Should You Do? The cat's out of the bag, and thanks to Intego's self-serving behavior, the Macintosh world is a less trusting place than it was this time last week. So what's your actual vulnerability to Trojans (or worms, because self-replicating code could be added) using the MP3Concept technique? I hope that, apart from a few quick copycats from programmers without the skill or creativity to produce anything worthwhile, we won't see many implementations, which means that most people won't have to worry about anything most of the time. Also reassuring is the fact that downloading a raw MP3, JPEG, or GIF file from an FTP or Web site (or one of the file sharing networks) is unlikely to expose you to an MP3Concept Trojan horse because Macintosh resource forks aren't transmitted when such files are downloaded unless the file is first encoded in a StuffIt archive, MacBinary file, BinHex file, or on a disk image.
That said, I encourage you to be cautious about files you receive in email, since email programs will use the AppleDouble or BinHex encodings to ensure that a file's resource fork is protected. Luckily, good email programs like Eudora and Mail refuse to let you launch an application attached to a message without prompting you first; if you ever see a query from your email program about executing an attachment, cancel the launch and investigate the source of the attachment.
If you regularly receive files in email and download files from Web sites of unknown reputation, I recommend that you run and regularly update an anti-virus application. On a technical basis, I don't know of any particular differences between Symantec's Norton AntiVirus, McAfee's Virex, and Intego's VirusBarrier, but I can't encourage supporting Intego after this incident. Symantec's Norton AntiVirus costs $70 from Symantec, though I instead generally recommend the $130 Norton SystemWorks bundle (which also includes Norton Utilities, Dantz's Retrospect Express, and Aladdin's Spring Cleaning). McAfee's Virex doesn't seem to be as readily available as Norton AntiVirus, but remember that you get it for free with a $100 .Mac membership, which is a good deal.
I don't currently know what methods Norton AntiVirus and Virex use to identify potential MP3Concept Trojans, but according to some Usenet discussions, VirusBarrier merely looks for any CFM executable whose name ends with a common filename extension. As a result, it apparently incorrectly identifies some plug-ins for Adobe Photoshop Elements and Adobe InDesign CS as being Trojan horses. Oops.
One final point to drive home: regular backups (and not just duplicates) can protect you from a multitude of evils ranging from an overeager anti-virus application to a malicious Trojan horse.
What Happens Next? Intego's media maelstrom elicited a statement from Apple, which is unusual for security vulnerabilities. As the Apple Product Security page states, "For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available." In response to our query, an Apple representative said, "We are aware of the potential issue identified by Intego and are working proactively to investigate it. While no operating system can be completely secure from all threats, Apple has an excellent track record of identifying and rapidly correcting potential vulnerabilities."
I'd be a little surprised if Apple actually had been working on this issue before Intego's announcement, since the proof-of-concept doesn't do anything illegal. Had it not been described in the Usenet posting, it would have been deceptive, sure, but a custom icon and a misleading name are also deceptive, and there's nothing Apple can do to prevent them. I've seen a number of ideas for ways Apple could modify the Mac OS to reduce the likelihood of a user launching a Trojan, including putting a subtle halo around the icons of applications (thus reducing the deceptive nature of Trojans masquerading as documents) and requiring user assent to the first launch of any newly downloaded application. Neither of these approaches would be complete protection, but they might lower the likelihood of someone running a Trojan without warning. Whether or not Apple was working on this issue ahead of time, I'm sure Apple programmers are evaluating it now, and it's entirely likely that Apple will release a security update in the near future to address MP3Concept's method of deceiving users.
In the end, the only real solution to the overall problem of malicious code would likely be a major rearchitecting of Mac OS X in such a way that prevents applications from causing damage. I doubt Apple would go to such lengths because of the cost of such a wholesale change, particularly given the minimal actual damage to Macs caused by malicious software so far.
(When last we left our intrepid music junkie, he was annoyed that the Slim Devices SLIMP3 streamed MP3 music, rather than being a disk-based storage and playback device like his beloved TiVoShow full article
(When last we left our intrepid music junkie, he was annoyed that the Slim Devices SLIMP3 streamed MP3 music, rather than being a disk-based storage and playback device like his beloved TiVo. Let's see how things have progressed.)
Since I reviewed the SLIMP3 last year (see "SLIMP3: MP3, Get Thee to the Hi-Fi" in TidBITS-676), disk-based media players have either vanished or morphed into the "home theater PC," but media-streaming devices have flourished. As just a few examples, Alex Hoffman reviewed TiVo's Home Media Option ("TiVo Series2 Improves on Original" in TidBITS-698); Gateway introduced their Connected DVD Player; Turtle Beach soldiers on with their venerable AudioTron AT-100; and MacSense is finally shipping the HomePod. The market has spoken: streaming it is.
Enter the Squeezebox -- Slim Devices introduced the Squeezebox in November 2003. With a new look and a slew of new features, it replaces the SLIMP3 as Slim Devices' flagship hardware product. Where the SLIMP3 felt like an exercise in home-brew hardware, the Squeezebox looks and feels like high-quality consumer electronics. It retains the SLIMP3's excellent vacuum fluorescent display (VFD) but is packaged in a slimmer, more attractive case. The SLIMP3's stark black metal is replaced with a rubberized exterior. The display is no longer angled upward, but faces directly outward just like the rest of your hi-fi components. The unit is much more at home in the entertainment center, or on a desk or dresser. Inside, the Squeezebox plants itself directly at the demographic intersection between computer and audio enthusiasts. A wired version connects to a 10/100/1000Base-T wired Ethernet network; a wireless version adds the capability to connect to an 802.11b wireless network. Your streaming audio is delivered to the stereo via either analog RCA or digital optical or coaxial jacks.
The Squeezebox's setup is remarkably intuitive. After a series of questions guides you through setup for your network, the box is off and running. In a nice improvement over the SLIMP3, the Squeezebox automatically detects if a new firmware version is on the server, and prompts the user to upgrade.
Where the SLIMP3's digital-to-analog converter only handled MP3 audio, the Squeezebox supports most popular formats: AAC (on Mac or Windows), AIFF, FLAC, MP3, Ogg Vorbis, WAV or WMA (Windows only). AAC, FLAC, Ogg Vorbis and WMA files are supported through server-side conversion into uncompressed audio; the conversion is only available for files that aren't protected by digital rights management, as are those purchased from the iTunes Music Store. In other words, the songs you rip into AAC or WMA are playable, but purchased (and protected) songs are not playable. (AAC playback requires QuickTime and is therefore only available on Mac and Windows servers. The Ogg and FLAC formats require that those programs be already installed on the server.)
The Squeezebox's interface is exactly the same as the SLIMP3, and you control its functions via either the included remote control or the server's Web interface. See my earlier review for descriptions of its operation.
SlimServer -- The SlimServer software, which is installed on the Mac hosting your music files, remains an impressively robust and flexible music platform. Where most players lock you into iTunes's predefined constructs of songs, albums and playlists, the SlimServer incorporates an "internal playlist" concept that opens the door to ad-hoc playlists. You can build a playlist for the moment, intermixing any number of songs, albums or pre-defined playlists; any unit of music available to iTunes can be a component of an ad-hoc playlist. I've always dreamed of an unending stream of music, limited only by my mood and imagination. With SlimServer, that dream has arrived (and yes, I know full well that I sound like I'm spouting advertising copy).
As testament to the strength of the SlimServer platform, competitor Roku Labs has adopted the GPL-licensed open-source SlimServer software for their not-yet-shipping Roku SoundBridge. Roku's literature proudly lists the device's support for multiple audio formats, the Web server interface, iTunes support, and compatibility with multiple operating systems. Interestingly, the SoundBridge appears to also use a VFD display. If imitation is the sincerest form of flattery, adoption must point to sheer adoration.
Costs and Benefits -- Streaming music devices all seem to be priced around $200. However, just as Macs cost more than PCs, the Squeezebox costs a bit more; enough to make you say "hmmm." The wired version costs $250; adding wireless bumps the price to $300. Although the Squeezebox is full-featured and rightfully claims a spot in the consumer electronics milieu, the price feels a bit high to me. Otherwise, the Squeezebox is a heck of a nice product.
While I was writing the SLIMP3 review, my wife and I noticed that we played music more often, and more easily. The seamless access to the music heightened our use and enjoyment a great deal, similar to the yield one gets from TiVo. After I sent the demonstration unit back to Slim Devices, we noticed its absence. Forced to once again shuffle CDs, we lapsed into old habits of leaving the same set of discs in the player and suffering through commercial radio. Now that we've gotten our hands on the Squeezebox, I just might have to buy one for the entertainment center.
[Andrew Laurence has almost figured out how to store all his CDs in the living room. Almost.]
PayBITS: If this article helped you, consider contributing
a few bucks so Andrew can buy a Squeezebox of his own.
Read more about PayBITS: <http://www.tidbits.com/paybits/>
As before, the second URL below each thread description points to the discussion on our Web Crossing server, which will be much faster, though it doesn't yet use our preferred design. Intego Trojan Warning -- Readers discuss Intego's press release about the MP3Concept Trojan horseShow full article
As before, the second URL below each thread description points to the discussion on our Web Crossing server, which will be much faster, though it doesn't yet use our preferred design.
Intego Trojan Warning -- Readers discuss Intego's press release about the MP3Concept Trojan horse. (7 messages)
Floppy Server? Truly, we limit April Fools topics to April 1 issues, so rest assured that this thread is a serious discussion of how to mount remotely an old Mac that's booted from a floppy disk. (8 messages)
LaunchBar vs. Quicksilver -- The venerable application launcher LaunchBar is seeing competition from upstart Quicksilver. How do the two compare? (14 messages)
QWERTY and Dvorak -- Adam's article on the Matias Tactile Pro keyboard reignites discussion of which keyboard layout is superior (and whether there's actually a difference). (3 messages)
Recommended Laptop Bags -- Following Jeff Carlson's article on buying a laptop bag, readers weigh in with their own favorite brands and essential bag criteria. (10 messages)