augnq.org

From our friends at TidBits:

by Agen G. N. Schmitz: agen@tidbits.com

Apple has released iTunes 11.0.3 with a number of playback and interface improvements. At its heart, the MiniPlayer remains svelte, but it gains a track progress bar as well as visible volume/AirPlay control icon (previously, you needed to mouse over the MiniPlayer for this to appear). The volume icon appears if you are broadcasting audio to a single source, while the blue AirPlay icon appears if you have multiple audio streams selected.

If you clicked the MiniPlayer’s album cover image in the previous incarnation of iTunes, a second window opened featuring the album cover and playback controls at the bottom, while the MiniPlayer remained visible as well. But with iTunes 11.0.3, clicking the image simply expands the MiniPlayer into a larger album cover view (rather than opening a second window) and playback controls appear only when you mouse over the MiniPlayer. Clicking the three-line Up Next icon while in the expanded album art view now displays the list at the bottom of the window. (Previously, this view was available only from the standalone MiniPlayer, and it was not available from the separate album art window). To exit the Up Next list, click the three-lined icon again. Additionally, clicking the album art box once more returns the MiniPlayer to its miniaturized form. – Click on the image for a full size view.

 

The update also makes a welcome improvement to the way multi-disc album tracks are displayed in Albums view. Where previously all tracks flowed in succession from one disc to the next without any demarcation, iTunes 11.0.3 separates the tracks according to disc number. (The previous implementation was maddening when trying to sort out our Mozart and Stax/Volt collections with upwards of 14 discs in each set).

If you use the Songs view, you can also now display artwork. Choose View > Show View Options (Command-J) and click the Show Artwork checkbox. This option, on its own, displays the album artwork in the Songs view only if there are several album tracks grouped together — it definitely works better if you’ve sorted Songs view by Artist or Album. However, clicking the Always Show checkbox displays the artwork even for single tracks, and you can use the Artwork Size slider to step down or up a size. (Slider is a bit of a misnomer, as you only get three size options — small, medium, and large). - Click on the image for a full size view.

Finally, Apple promises in its typically brief release notes that iTunes 11.0.3 improves searching and sorting performance for large iTunes libraries. Federico Viticci of MacStories has discovered that iTunes 11.0.3 also adds AppleScript control of AirPlay speakers, which is good news for automation buffs. AppleScript wizard Doug Adams has already created a basic script to select AirPlay speakers. And as Viticci, our own Michael Cohen, and reader Scott Hanson have pointed out, Apple has added some tweaks to iOS app updates, including an Updates tab to view available updates, a new contextual menu for apps that have updates, and display of app updates for all associated Apple IDs.

It’s available as a direct download from Apple’s iTunes Web page (188 MB), via Software Update on systems prior to OS X 10.8 Mountain Lion (194.1 MB), or via the App Store app on Mountain Lion (129 MB).

{ 0 comments }

Courtesy of our friends at TidBITS

By Josh Centers: josh@tidbits.com

On 6 May 2013, Adobe stunned the creative community at the Adobe MAX conference by announcing that Adobe Creative Suite 6 will be the last boxed version and that Adobe’s design products will be available only through the year-old Creative Cloud, which offers a slew of apps and services, along with free upgrades, on a subscription basis. Current users of Adobe CS6 will continue to receive support for the foreseeable future, and boxed copies of CS6 will remain available for sale.

So how much does Creative Cloud cost? Well, that can be a tricky question. For individuals, $49.99 per month will gain you access to the Complete package, if you commit to a year-long subscription. If you currently hold a license to at least one of the apps in Creative Suite 3 or higher, you can get Creative Cloud for only $29.99 per month for the first year. A single app, like Photoshop, will cost you $19.99 a month with a one-year commitment. Both packages also include 20 GB of online storage for collaboration.

There are separate packages for businesses and education that offer substantial discounts. For instance, there’s the $69.99 per month, per user Team edition, which includes some additional software, such as InCopy, that’s not in the Complete package. And the Student and Teacher edition, which normally runs $29.99 per month, is only $19.99 per month on a special offer good through 25 June 2013.

But what if you need Photoshop or Dreamweaver for just a single month? Adobe does offer month-to-month pricing, but doesn’t advertise it — you’ll have to contact an Adobe representative to place an order. I did just that and found out that if you pay by the month, the Complete package costs $74.99 per month and a single app will run you $29.99 per month. If you’re contemplating buying an annual subscription and canceling it, don’t even think about it, as you’ll be on the hook for 50 percent of the remaining monthly fees.

Based on the higher prices and hoops I had to jump through just to discover them, it’s clear that Adobe isn’t interested in selling apps by the month. I think Adobe is making a huge error here. How many users pirate Adobe software because they’re amateurs or occasional users who can’t justify spending hundreds or thousands on a professional software package? I have never bought any of Adobe’s software personally, but if I could get a month of Photoshop for $30, I probably would buy it a few times per year. As Zee Kane, CEO of The Next Web, said last year, “Adobe’s main competitor in this space isn’t competing products, interestingly enough; it’s BitTorrent.”

Needless to say, Adobe’s decision to go subscription-only is controversial. However, not everyone is unhappy about it. I asked Mule Design’s Mike Monteiro about the change on Twitter. The usually outspoken Monteiro said only, “About time.” Mule designer Tom Carmony also praised Creative Cloud, saying, “I appreciate that the [subscription] model gives you access to all apps; stuff like Audition I wouldn’t have in a design bundle.” And TidBITS Publishing subscribes to Creative Cloud in order to have occasional access to InDesign and Photoshop — it’s much easier to justify a low monthly cost than spending over $1,000 on packages that will be launched only a few times per month.

In fact, for many users, Creative Cloud could be a blessing. A boxed copy of CS6 Design Standard runs $1,189.98 on Amazon, and includes only Photoshop, Illustrator, and InDesign. That same $1,189 would buy you nearly two years of Creative Cloud at $49.99, which consists of way more software plus cloud storage. Even a single copy of Photoshop CS6 on Amazon costs $628, which would equal over 20 months of a single-app Creative Cloud subscription. If you’re a professional who wants to stay on the cutting edge, Creative Cloud is a sweet deal. And no need to worry about an update that doesn’t support your system, as updates aren’t forced.

But of course, if you’re a freelancer or more casual user who is happy to use out-of-date software (to the extent that’s possible with Apple deprecating PowerPC apps in Mac OS X 10.7 Lion, for instance), you may not be comfortable with a monthly bill and the latest versions. Unfortunately, there isn’t much competition for the key packages in Creative Cloud. You could theoretically replace Photoshop with the excellent Pixelmator, Illustrator with Sketch, and InDesign with QuarkXPress or even Pages, but for the most part, Adobe’s software sets the industry standard and nothing truly compares for professional work. Until that changes, whether you like it or not, Creative Cloud is the way of the future.

{ 0 comments }

by Rich Mogull: rich@tidbits.com

It has been over four years since I wrote “Should Mac Users Run Antivirus Software?” (18 March 2008). Although much has changed since then, my recommendations mostly haven’t. While Macs aren’t immune to malicious software (malware), and we even experienced one reasonably widespread incident in 2012, malware on Macs is still not nearly common enough to recommend antivirus software for everyone. And while antivirus tools are effective against certain known attacks, they often don’t provide the level of protection people expect.

More Malware, but Still Rare — In April 2012, we experienced Flashback, the first real, widespread malware attack against Macs (see “How to Detect and Protect Against Updated Flashback Malware,” 5 April 2012). By some accounts over 500,000 Macs were infected at one point, but there is no evidence that any infected Macs or Mac users were actually harmed in the attack. This quickly led to predictions in certain corners that the Apple “age of innocence” had come to an end, and Mac users would now face as many and as severe malware attacks as Windows users.

Since that fateful week we have seen not a single additional widespread attack, and only a handful of smaller pockets of infection similar to the pre-Flashback days. (Note that there were some attacks against specific targets, but antivirus is relatively ineffective at stopping these.) Despite those predictions, Mac users haven’t seen any significant increases in malware, and it is still quite rare.

Some of this is due to steps Apple took both before and in response to Flashback, which I outlined in “Examining Apple’s Security Efforts in 2012” (20 December 2012). Gatekeeper was designed to reduce the likelihood of a user being tricked into installing malware on their own computer — still the most common attack against Macs (see “Gatekeeper Slams the Door on Mac Malware Epidemics,” 16 February 2012). Apple continues to harden the operating system itself, making it more difficult (but far from impossible) to exploit remotely. All apps in the Mac App Store must now implement sandboxing, which reduces the harm they can cause if they are compromised — although, embarrassingly, Apple has yet to sandbox its own apps. And Apple significantly changed how Java and Adobe Flash, the software exploited by Flashback, are supported and enabled to further restrict their use as a vector for infection via a Web browser.

Plus, if reports are accurate, Flashback failed to net any significant profits for the attackers. For the most part, bad guys are in it for the money, and they drop unprofitable product lines like any other business. In fact, Apple’s security changes have, by its own admission, focused more on disrupting the economics of malware than trying to stop any single vector of attack.

This doesn’t mean there won’t be successful attacks against Macs, but all signs point to those attacks being limited — occasional one-off incidents rather than the constant maelstrom of endless attacks we have seen against Windows. The ecosystem — thanks to its size and Apple’s protections — simply can’t support ongoing waves of Mac malware. Even the latest versions of Windows don’t face the same malware issues as earlier efforts.

Some of these future incidents will be widespread, but they will also very likely be discovered and contained quickly. As for antivirus, the odds are against the tools playing a significant role in preventing these attacks due to their inherent limitations.

The Limits of Antivirus — There are two main ways to detect malicious software: detect unusual activity, or recognize something in the software that marks it as malicious. Nearly all antivirus tools on the market rely mostly or exclusively on “signatures” for malware detection.

A signature is typically a string of text, often a hash value of a portion of a known piece of malware. Antivirus companies scour the Internet looking for malware samples. Once they find a malicious program, they create a signature based on the application’s code, then push this signature into the antivirus software on your computer when you update your virus definitions. Your antivirus software scans new files as they come into your computer, plus all files on your system periodically, looking for these signatures.

Security tools tend to avoid relying on behavioral analysis because it is very hard to know whether any particular action on a general purpose computer is “bad.” For any malicious action you can think of, odds are there is a legitimate reason for that activity in a different context. It is also difficult to hook into an operating system at the right level to capture this activity. And unless you detect and manage to prevent the act of infection (which may look exactly like normal software installation), the malware gets to run on your system before the tool has an opportunity to detect bad activity. Behavioral analysis is thus fairly limited, and more effective in controlled environments, such as enterprise servers, than on personal computers.

The advantage of signature scanning is that if there is a match, and the signature is well-crafted, you have positively identified a known piece of malicious software. You can also scan software before it ends up on your system or runs in the first place. But there are two very large downsides.

The most obvious limitation is that to create a signature, the antivirus vendor needs a sample of the malware. They can build signatures only for what they find, meaning new malware always has some running time before the first sample is collected, turned into a signature, and pushed down to client computers. Not every malicious program is created from scratch, so theoretically an antivirus tool should have a reasonable chance of picking up new variants. But the bad guys know this and buy the major antivirus programs to test their variants before release. Or, if they are on a budget, they run the samples through sites like VirusTotal, which test samples against dozens of antivirus tools.

The second major issue is that malware is a popular market, with massive numbers of new variants appearing daily. Some antivirus vendors report on the order of 65,000 new malware variations every day! That is 65,000 signatures they need to create, test, and release to their customers on a daily basis (now you know why it’s important to update virus definitions). Together these two factors make it nearly impossible for antivirus vendors to keep up. Their tools do filter a lot of malware, but never get close to catching everything bad, and there is always a window where new malware spreads before being detected.

Far less malware exists for Macs, but even there we see limited effectiveness across tools. For example, in a recent test by Thomas Reed, even the best Mac malware tool detected only 90 percent of the known malware samples used. This is a poor showing — we only see dozens of Mac malware variants per year, compared to 65,000 per day for Windows.

Despite Flashback being used as a call to arms to encourage people to adopt antivirus tools, most of those tools failed to detect Flashback for weeks — until it was highly publicized.

There are additional technical issues, as well. The more analysis and detection you want, the deeper antivirus tools need to hook into your system, and the greater their potential for failure. Apple doesn’t help much, being much more concerned with preventing malware from taking over the operating system than with helping antivirus vendors — who, after all, need to monitor all access to files and exercise control over launching applications and opening files, which are just the kinds of things malware authors want to do, too. There are also major performance impacts, and nearly every antivirus vendor has issued a bad signature at some point, causing serious issues for customers — typically false claims that a critical system or application file is a virus, which of course causes problems when the software attempts to prevent the (critical, legitimate) file from “compromising” the system.

Considering the current state of Mac security and the malware environment today, I find it hard to recommend Mac antivirus tools for most consumers. OS X’s built-in security and basic malware protection currently stops most or even all existing Mac malware, and new malware variants don’t appear often enough for antivirus tools to provide a significant benefit by protecting personal Macs. Mac infections are so rare, and antivirus tools are so limited, that they simply don’t offer enough value for most Mac users — even the free ones.

When to Use Mac Antivirus — Those limitations aside, there are situations where antivirus software is still useful.

The first, and best, is when you don’t use it on the desktop. Signature-based filtering in email stops known viruses before they ever hit your desktop. I highly recommend using an email service such as Gmail, iCloud, Yahoo, or Hotmail that filters all email for viruses before it is downloaded your computer. For businesses I also recommend Web filtering, but that isn’t easily available to regular consumers.

The next group who might benefit from antivirus is family members running older versions of OS X. Nearly all the best anti-malware security features of OS X are available with 10.8 Mountain Lion, with 10.7 Lion being second-best. We know TidBITS readers largely stay up to date with Mac and iOS operating system updates, but if family members don’t, then antivirus may be warranted.

Corporate users may also need antivirus software to comply with corporate policies or other requirements.

If you consistently engage in high-risk behavior, then antivirus software may be useful. For example, if you turn off Gatekeeper and routinely download illegal or dubious software, antivirus tools might prevent infection. Maybe. Of course malware appears on mainstream sites as well, but if you stick with Gatekeeper and known developers your chance of infection is almost nil.

Lastly, you might simply want antivirus for peace of mind — understanding that antivirus tools are far from infallible, and their users do still get infected, especially if you ignore the necessary patches and definition updates.

If Mac antivirus tools offered 100 percent effectiveness — or even 99 percent — I might take a different position. If we ever see massive volumes of malware, as happens in the Windows world, I might change my recommendations. But at this point, there are so few Mac malware infections, and antivirus tools are so limited, that for most users of current versions of OS X, antivirus doesn’t make sense.

During the Flashback infection there were accusations that Mac users were too smug, or too ill-informed, to install antivirus software. But the reality is that antivirus tools offer only limited protection, and relying on antivirus for your security is as naive as believing Macs are invulnerable.

{ 0 comments }