Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Pushes Automatic Mac Software Update to Remove Vulnerable Zoom Web Server
- Thread starter MacRumors
- Start date
- Sort by reaction score
Zoom is very vigilant about not letting their software be used for adult content and will delete your account if they discover you do without any warning. Now the question is... How do they know adult calls are happening without monitoring people’s private calls on Zoom? If calls are being monitored... What about those corporate secrets?
Ok, you are free to buy an Android phone or Windows computer. My idea of security is top to bottom. Your idea of security is "I'll just let my grandma figure it out." and that, to me, is scary! This is why so many people get scammed and hacked online. Leave it up to the user. It's not like Apple hasn't earned my trust. I'm not trusting them blindly. Just like people who I trust with my children, I trust Apple with my security and privacy because they have proven themselves to be trustworthy. You see, Apple has a reputation to uphold. One reason people spend a premium on Apple products is because they know they are far less likely to have issues with their system being hacked. IBM did a study and found that it's actually far cheaper for corporations to deploy Macs than PCs because of the extreme reduction in man hours needed to support them and the overall higher durability and lifecycle. It's interesting and worth a Google. This is a situation where users uninstalled software and it kept a web server that was vulnerable running on their system. Apple not only had a right to remove it, they did the right thing by removing it. Users don't expect that kind of behavior on their Macs, which are supposed to be the most secure computer you can buy.
I am talking about people’s misconception about purchasing software and ownership, not about XProtect and such, though I can drag this one under the single “wale up call” banner as well.
Even then, I'm not sure how the "you only rent software" thing applies here, though it certainly does apply in some contexts. If you were of a mind you could have completely prevented Apple from making this change. You'd only be hurting yourself, but you could do so.
I am not promoting turning off XProtect. And regarding “only rent software” thing, I compare this with buying a lamp in a supermarket vs downloading a software package from internet. After buying that lamp, I can do whatever I want to that lamp and company which produces this lamp cannot sue me, while if I modify or reverse engineer software package for whatever purpose, I can be sued and prosecuted. Huge difference here. You would argue it depends on EULA, which makes sense, but still, lots of people who do not read ToC won’t realise this.
Sure. I agree with you about that and I definitely agree that in an Mac/iOS App Store, Google Play, Microsoft Store world and one where even non app store bought apps (and this goes for IOT hardware too for that matter) can be effectively crippled or killed by the shuttering of a cloud service renting vs buying is something we should definitely be cognizant of. All I was really driving at was that it seemed to be a bit of non-sequitur in the context of the thread. Nothing about the actions taken really spoke to me about that.
Anyway I think we're probably veering off-topic a bit. I appreciate the civilized discussion though.
It'll be interesting to see if Zoom notes any sort of issue in their next Q-earnings call related to this. But they literally just went public months ago, so perhaps they can absorb any hit since they don't have comparison data available.
(Also, haven't see it mentioned here yet, but I thought this might affect Linux users as well, as they install the server there as well. Or so I thought I read.)
I am using an Android phone because It is much more secure than iOS in my line of work. I have more control with my Android phone when it comes to security and privacy. I have educated my self using the Internet and was able to come up with a solutions that does not give away my control over the phone for security and privacy. Some hardware will let me install custom ROMS that does not include Google.
Can't engineers create a system that is secure and provides privacy without having control over the system? Does they really need to be in control just to provide security and privacy?
Take fo example, Signals protocol end-to-end encryption. It is able to provide security and privacy but does not ask a lot of control. How about Tails OS, the most secure and privacy driven consumer OS available that I can think of but the people who created it does not need to control the system to make it secure and anonymous when online. I bet anyone (but not my grandma, she doesn't even know how to text message) who know how to use a phone/laptop can use Signal or TailsOS. Many people are hacked and scammed online because they lack the understanding what is security and privacy when it comes to the Internet. Most successful hack or scammed starts with social engineering which can be defeated through educating yourself about Internet security and privacy.
Control does not mean security. Even with total control by Apple if the user does not educate itself on how to use the system securely it will still be compromised. Sometimes control can lead to false assumption that you are using a secure system and in the end will lead to more harm than good for the consumer. If Apples system is compromised then it means millions of user devices controlled by Apple will also be compromised. And there is the issue of trust. How much do you trust Apple? Apple advertise itself as a security and privacy first company. That they do not bend to the will of the FBI. However Apple is willing to work with Chinese government. In China their cybersecurity law demands that all data that a company like Apple has on its citizen should be in mainland China. Meaning servers should be be in mainland China and it should be readily accessible when Chinese government demands it. It sounds like a double standard when it comes to security and privacy. So basically what this shows me is that this company is willing to throw its claim regarding security and privacy out to the window just to be in business in China knowing that country has at least 1 billion population that they can sell their products. So this begs the questions, is privacy and security their concern first? Can I really trust them?
I disagree with your idea that Macs are the most secure consumer computer. I am using MacBook Air Retina but I still believe my Dell XPS 13 is much more secure because its running hardened Ubuntu and also I can use Tails OS on it. Even if my MacBook Air Retina is using its T2 Secure Enclave but no one knows how are things implemented inside. It is even possible that the T2 Secure Enclave in my Macbook Air Retina is calling home without my knowledge and by doing so might be leaking information.
I am able to install LineageOS to my phone and I did not screw up. It provides me much better security than iOS without me giving control to Goggle.
Can't engineer design a system that provides good security and privacy without them controlling it?
Tails OS provides the most secure and privacy driven OS in existence but the creator or the one who maintains the development of the software did not require control over the system.
In technical terms I might not truly own the software but however other licenses such as GNU General Public License it states that end user has the freedom to run, study, share and modify the software. It is basically the same as owning. So owning a software still exist today.
I get it. But, for the other 90% of people who don’t even know what an encrypted connection is, asking them to control their computer is asking for trouble. IT enthusiasts like you are still minority nonetheless, and the process of educating people on online safety can be ineffective from time to time. Some may find it unrelated, some may think it is too difficult to learn, some may show no interest in this topic, etc. etc.
In short, Microsoft Apple google alike chooses to control more and hide as many stuff for professional users as possible so that general public won’t be bothered by too much random technical information while watching YouTube or Netflix. General public chooses to hand over their control of their hardware and software, not just corps demanding more control from their end.
[doublepost=1562915564][/doublepost]
It exists, but again, for other people, they don’t care, and just assume what they believe is right. That’s pretty much.
All I can hope is this software wonderland remain as pure As Long as possible, because it is truly fascinating to enjoy.
I understand what you're saying about the general public lacks of education about technology and how it's affecting their life negatively and positively.
I can only hope that projects like AOSP, TailsOS, Signal, Linux and others continues to the future so that we have options rather than being trap like in an Apple eco system which offers security and privacy but in exchange for control.
To me though it shows how lax Zoom is about security. Someone on twitter demoed that just receiving an email with the right stuff in it, could cause Zoom to launch. Obviously, your points are still good.
I think the point being trying to be made, given the full content of this person's post, is that when there is inordinate power and control consolidated in a single organization the potential for harm is high. I would agree that Apple seems far more concerned (in both word and deed) with protecting user privacy than any other company I've seen. There may be others out there doing similar, but certainly not with the same level of visibility. Obviously, there are many who have demonstrated themselves utterly incompetent or completely disregarding of data privacy and protection. So, kudos to Apple.
But, what happens when a point in time comes when Apple determines its in their best interests to take a different approach, one that many experience as less benevolent. We are all reading about this particular because they wanted us to know about it as clearly makes them out to be the benevolent saviors. Those who are a bit more paranoid (realistic?) might wonder what else is happening without user permissions or even notification and if those things are really in their best interest... and perhaps a bit concerned that a tech giant that gets to, whenever they choose, silently and secretly decide what should reside on our computers. I imagine if macOS ever truly became a more threatening system, there are developers (and hackers) that would probably (hopefully!) reveal this to the larger populous.
Don't get me wrong, I feel far better about Apple than many of the other yahoos out there. But, blind faith and the assumption of benevolent intent in the presence of so much power and control would be naive, particularly when it's being consolidated to such an extraordinary degree by a very small handful of global technology mega-corporations.
No normal consumer is going to be running hardened Ubuntu or TailsOS. They don’t even understand the words that just came out of your mouth, and even though many are capable of learning, they either don’t have the time or the inclination to become a security expert in an unrelated field to that which they normally operate. This is akin to saying the average person should understand how to fix their car because they drive one. Sure, just about anyone can learn to fix a car, but it takes a lot of time and training. If you apply this to every aspect of your life, such as going to medical school because you have a body, or going to law school so you can handle your own affairs, or getting a real-estate license so you can efficiently sell your own house, or getting a general contractor license so you can finish your own basement—where does it end?
You’re clouded by your own professional experience and knowledge. Most people have no idea how any of this works and they don’t care. They buy a Mac because it’s secure out of the box. They’re not trying to flash a BIOS or jack around with creating bootable flash drives and they will never touch a terminal window. They just aren’t and most never will even consider it an option. One step towards mastering your expertise is being able to empathize with those who do not have the knowledge and experience that you do. If you point them towards a PC and give them a long list of steps to make it secure, they will just end up keeping Windows on it and will be worse off in the end because that’s how people work.
Most people aren’t like us and many others on tech forums. And yes, I used to fiddle with Ubuntu in my Inspiron back in the day, but in the end with Apple I save time on security and I make money with the apps and experience I get on their platform, and that’s why I use it. Ironically the only time I’ve ever gotten hacked (aside from a large scale credit card breach) was through an Ubuntu forum, lol. I foolishly used the same password as my Gmail because hey, it was 2007 and I was a stupid kid in college and many people did that back then. After that I switched to Apple in 2008 after falling in love with the original iPhone and got a MBP and haven’t had to touch security in 11 years with zero issues.