There was a great story yesterday by “technology writer” Dan Goodin at the Associated Press, and because it was from the AP, we can read it on several sites:
CNN：“病毒赶上了Mac: Experts debate just how susceptible Apple is becoming”
MSNBC：“Macs No Longer Immune to Viruses, Experts Say: Apple’s growing market share, new chips said making it more of a target”
What’s great about an AP story like this one is that if you’re only paying attention to the headlines, it creates the impression that there are multiple reports from all over the web corroborating the same point, when in fact it’s just one story, repeated many times over by news publications that regurgitate whatever comes in over the AP wire.
Oh, and I love the way both the CNN and MSNBC subheads conflate the Mac — which is a computer that can in fact be attacked by computer viruses — with “Apple”, which is a company, and therefore, one would think, not possibly “susceptible” or “targeted” by viruses. That’s good journalism, as it keeps the readers on their toes.Good god, now they’re going after entire companies.
新闻这种好处值得仔细分析Let’s start with the lead:
Benjamin Daines was browsing the Web when he clicked on a series of links that promised pictures of an unreleased update to his computer’s operating system.
Instead, a window opened on the screen and strange commands ran as if the machine was under the control of someone — or something — else.
“Or something” — could it be gremlins? Or worse, poltergeists? Spooky.
So what we’ve got is the classic “trend piece opening with a vignette”疯狂的自由式。
Such headaches are hardly unusual on PCs running Microsoft Corp.’s Windows operating systemDaines, however, was using a Mac — an Apple Computer Incmachine often touted as being immune to such risks.
Oh, zing! Not just an opening vignette, but theopening vignette with the ironic twist! See, I thought he was going to say Daines was using a Windows PC, because, you know, that sort of scene plays out每年数百万次对Windows PC用户You’d think I would have seen the “but he was using a Mac” twist coming, given the various “Macs are not immune to viruses” headlines that the piece ran under但是，古丁的精湛讲故事让我眼花缭乱。
Who exactly is touting the Mac as “immune to such risks”? Goodin doesn’t say, but his word is good enough for meI’m sure whoever they are, they’re experts.
I, on the other hand, had never been under the impression that the Mac was either magically or technically “immune” or “invulnerable” to viruses, Trojan horses, spyware, adware, malware, and so forth. Rather, I thought it was simply the case that,for whatever reasons, such software isn’t a problem for Mac users and hasn’t been for the last 15 years or so即that Macs aren’t magically protected, and that in theory, malware could be written to target the Mac, but that the point is that in practice, in the real world, they aren’t.
另一方面，Macs做恰巧可以免疫窗户viruses and spyware and adware and Trojan horses, thousands of which are discovered every month但为什么要出汗呢？
He and at least one other person who clicked on the links were infected by what security experts call the first virus for Mac OS X, the operating system that has shipped with every Mac sold since 2001 and has survived virtually unscathed from the onslaught of malware unleashed on the Internet in recent years.
好主Daines and “at least one other person” — that means at least二Mac用户受到这种病毒的攻击(And what’s funny about the “onslaught of malware unleashed on the Internet” is that it isn’t just Mac users who’ve emerged “virtually unscathed”, but just about everyone who isn’t using Microsoft WindowsIt’s enough to make you think that the problem isn’t “Internet malware”, but “Windows malware”.)
What virus was it that hit Daines? What kind of havoc did it wreak? Goodin doesn’t say — who cares about the details, really? — but judging from his description that Daines caught the virus after he “clicked on a series of links that promised pictures of an unreleased update to his computer’s operating system,” it seems safe to assume it was theOompa-LoompaTrojan horse described by Ambrosia Software’s Andrew Welch back in February.
And what does Oompa-Loompa do? It attempts to spread itself via iChat on Bonjour — but it can only be spread if the person whose Mac it attempts to infect opens its file attachment payloadSo you can only get it via other Macs on your local network, and if you do, you have to manually open a file named “latestpics.tgz”, and if you do, all it will do is attempt to send itself to other local Macs on iChat.
“It just shows people that no matter what kind of computer you use you are still open to some level of attack,” said Daines, a 29-year-old British chemical engineer who once considered Macs invulnerable to such attacks.
Daines’s uninformed opinion that Macs were “invulnerable” to such attacks indicates that he believed it was safe to download and open any random file from the Internet, including gzipped archives from the sort of sites that traffic in bootleg screenshots of future Mac OS X releases.
Perhaps someday I’ll have an opportunity to make equally informed statements regarding chemical engineering — a subject about which I am utterly ignorant — in an Associated Press report.
Apple’s iconic status, growing market share and adoption of same microprocessors used in machines running Windows are making Macs a bigger target, some experts warn.
That’s quite an interesting theory — that the malware plaguing so many millions of PCs running Windows isn’t necessarily the result of problems with Windows itself, but is rather the result of something related to their Intel “microprocessors”.
I’ll bet that means all the other operating systems that run on Intel-compatible x86 processors, such as Linux and FreeBSD, are just as susceptible to malware as Windows.
Apple’s most recent wake-up call came last week, as a Southern California researcher reported seven new vulnerabilitiesTom Ferris said malicious Web sites can exploit the holes without a user’s knowledge, potentially allowing a criminal to execute code remotely and gain access to passwords and other sensitive information.
Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world’s largest software company was criticized for being slow to respond to weaknesses in its products.
This is in contrast to Microsoft now, in 2006, when their Windows users are no longer plagued by security problemsAnd we know for a fact that at least二Mac OS X users have been hit by Oompa-Loompa just this year.
该Ferris报道的漏洞are legitimate bugs, but to my eyes (和Rosyna的— who thinks Ferris is counting the same TIFF rendering bug twice), they’re all just ways to make an application crash, one of which has already been fixed in 10.4.6. But Ferris reports that这一个, regarding Safari, “causes the application to crash, and or [SIC] may allow for an attacker to execute arbitrary code”重点是可以in “may allow”, apparently, because the only thing his examples do is cause Safari to crash.
任何导致Safari崩溃的事情肯定很糟糕And presumably Apple is working not just to fix these particular bugs, but to fix the architecture of Safari to make it less vulnerable in general to these sort of bugs in the system’s image-parsing routinesBut the genius here — and I’m not sure whether the credit goes to Ferris or Goodin, so let’s just credit them both — is in the leap from bugs which, as Ferris originally described, “may allow for an attacker to execute arbitrary code”, to bugs which, in Goodin’s article, “potentially [allow] a criminal to execute code remotely and gain access to passwords and other sensitive information”.
Because, see, in Ferris’s original report, he meant “may” in the sense that they may, or they may not, but that he didn’t actually know whether it was possible and has no evidence that they could. But in Goodin’s AP story, that changes to “potentially”, which手段“capable of being but not yet in existence; latent”, which is good journalism because “potentially allowing a criminal to execute code remotely” is much scarier-sounding than “definitely allowing a jerk to crash your web browser”.
“[Microsoft] didn’t know how to deal with security, and I think Apple is in the same situation now,” said Ferris, himself a Mac user.
Where by “same situation”, Ferris is referring to, what?, the two guys who were hit by the Oompa-Loompa Trojan horse? One can only hope that Apple will one day handle security issues as well as Microsoft does now.
Apple officials point to the company’s virtually untarnished security track record and disputed claims that Mac OS X is more susceptible to attack now than in the past.
Apple plans to patch the holes reported by Ferris in the next automatic update of Mac OS X, and there have been no reports of them being exploited, spokeswoman Natalie Kerris saidShe disagreed that the vulnerabilities make it possible for a criminal to run code on a targeted machine.
Classic he-said/she-said situation: He said criminals can take over your Mac; she said they can’tOne way to resolve this would be to emphasize the fact that Ferris has no proof to back up his claim. But a good journalist like Goodin knows that would just take the oomph right out of the storyAnd oomph — not facts or accuracy — is at the heart of every good story.
In Daines’ infection, a bug in the virus’ code prevented it from doing much damageStill, several of his operating system files were deleted, several new files were created and several applications, including a program for recording audio, were crippled.
Behind the scenes, the virus also managed to hijack his instant messaging program, so the rogue file was blasted to 10 people on his buddy list.
“炮轰”是一个很好的词Much more exciting than something more accurate, such as “sent as an attachment”.
“A lot of Mac users are in denial and have blinders on that say, ‘Nothing is ever going to get to us,’ ” said Neil Fryer, a computer security consultant who works for an international financial institution in Britain“我不能说我同意他们的观点。”
Fryer, also a Mac user, said he has begun taking additional precautions over the past year to make sure he doesn’t fall victim to an attackHe spends more time than in the past scrutinizing his security logs for signs of intruders, and he uses a firewall and additional security applications, just as he would with a Windows-based machine.
It’s so obvious that horrible things would happen to Fryer’s Mac if he hadn’t taken these steps that there’s no need to mention what those horrible things areNext thing you know, Apple is going to have to start shipping a firewall as part of the OSI can see it now: right there as a tab in the Sharing panel in System Preferences.
The Mac’s vulnerability could also increase as Apple transitions to a product line that uses microprocessors made by Intel Corp., security experts said.
With new Macs running the same processor that powers Windows-based machines, far more people will know how to exploit weaknesses in Apple machines than in the past, when they ran on the PowerPC chips made by IBM Corp和摩托罗拉公司spinoff Freescale Semiconductor Inc.
“They have eliminated their genetic diversity,” said independent security consultant Rodney Thayer“The fear is that we’re going to run into a new class of attacks.”
You can tell he’s a genuine computer security expert because he has long black hair and a beard.
“We’re all sort of waiting with bated breath to see if any problem will happen and the jury is still out,” said Thayer, the independent security consultant“I don’t think you’ll find a consensus.”
只有在这里，最后，Goodin的文章才会失败Rather than a devastating gut punch, it just sort of fades out with a reasonable “we’ll see what happens” whimper.
随着苹果昨天推出了一款新的电视广告that draws specific, pointed attention to the fact that Macs are not besieged by malware — this sort of bogus “trend piece” that purposefully conflates the issues of whether Macs are理论上可能容易受到恶意软件的攻击（是的）与Mac是否一样in reality受到攻击(no)就是我的心意But it deserves to end with another sucker punch.
如果古丁想成为合理的or accurate, he could have written a story titled “Some Guy Double-Clicked a Trojan Horse Virus for Mac OS X but It Didn’t Actually Spread to Anyone Else”, but what kind of story would that be? OK, it’d be a真正story, but it wouldn’t be a好故事。
No one would have linked to such a story except to make fun of it: What would be the point of making a big stink out of one guy who got hit by a Mac OS X Trojan horse — which was so poorly written that it couldn’t even successfully spread to another computer — when there are hundreds of thousands (millions?) of Windows users suffering from malware every single day?
What good journalism calls for is taking that one guy, and writing an article that presents his episode as though it were part of a trend of increasing Mac virus attacksNo one is going to make fun of Dan Goodin — or the Associated Press, or the dozens of reputable news outlets that ran the story — for that.