Apple's Achilles Heel

The current Flashback botnet is symptomatic.

Get It Try It

Thetis took her son Achilles to the river Styx when he was still a baby. She held him by one heel and dipped him into the water. The river Styx offered invincibility but Thetis forgot to switch hands and dip again. Achilles grew up to be a nearly invincible warrior and then one day a poisoned arrow struck him in the heel. Bye bye Achilles.

The Apple faithful were hit in the months of February and March 2012 by a concerted attack that so far has reaped over 600,000 casualties. The heretofore invincible OS X seems to have been compromised.

Apple inherited a nigh on perfect system from NeXT in January 2007. NeXT struggled for years to bring their futuristic product to market. And after a number of false starts - after which they scuppered Steve Jobs' idea of yet another hermetically sealed machine - they abandoned the hardware side and concentrated solely on the software. The software has been called the 'jewel' of the NeXT project.

There is no more fitting testimony to how good this product is than the success of the iPhone and later the iPad. The code running those devices comes straight from the NeXTSTEP and OPENSTEP projects of old. That code is built the right way. No other IT company can do anything remotely comparable.

NeXTSTEP and OPENSTEP after it are component-based. NeXT never considered writing their own operating system - they simply borrowed one. From FreeBSD, an open source variant of BSD Unix, the result of a visit to Berkeley by Unix cofounder Ken Thompson.

A quick check of a recent 'Acknowledgements' file found on most OS X systems reveals Apple were using 410 open source modules at the time.

'Open source' doesn't necessarily mean 'free as in beer'. It does mean that the code can be freely modified. But the big advantage with open source is neither its price nor the availability of the source code. The big advantage is that there are teams of programmers maintaining each and every project. Corporations wishing to use open source modules reap huge benefits in this fashion.

Zero Days

NeXT came to Apple in 1997. It would still be three more years before the start of the big Internet malware epidemic - ILOVEYOU followed by AnnaK and most notably by Code Red ushered in a new era of personal computing. Attack techniques were still primitive but the black hats were quick to catch on.

Some black hats are especially clever: they find vulnerabilities in systems all by themselves. Other black hats take the easy ride: they wait for the software vendors to announce security updates to fix vulnerabilities that have come to their attention.

The term 'zero day exploit' refers to malware which is released into the wild as soon as a vulnerability becomes known. It's a race to patch vulnerable systems from Day Zero onwards - patch them before malware can hit them. Time is crucial.

And here is where open source can really play a part. A system with 400 or more open source components can in a single day become vulnerable to attack. The open source teams will rush to make fixes available and the corporations using the modules will rush to get them out to their users.

With the notable exception of Apple.

Apple's OS X has an Achilles heel. Either Apple learn to play the game like all the others or their OS X is going to be destroyed by malware.

Steve Jobs and his NeXT crew were hit by a brick wall when they entered Cupertino in January 1997. They had a brilliant system. A system that had finally taken NeXT out of the red ink and into the black. NeXT had finally been looking at profit forecasts to the tune of several hundred million per year. NeXTSTEP was the talk of the town and OPENSTEP actually outshone it. Why wasn't this product immediately marketed by Apple after the merger with NeXT?

1. NeXT's most important clients - including Dell and WorldCom - knew Apple history. They knew Apple made a bad business partner. They canceled their contracts with NeXT, even though Apple leadership promised them everything would be OK. They didn't trust Apple.

2. Apple engineers and third party vendors didn't like OPENSTEP. Steve Jobs was famously booed off stage when unveiling the OPENSTEP File Viewer file manager. That the replacement was essentially of the same design didn't matter - Apple's faithful missed that familiar name. Finder.

Finder. What an inappropriate name for a file manager. Anyone who's ever struggled to actually get any serious work done with Finder knows the one thing Finder cannot do is find things. But no matter. Steve Jobs and his staff from NeXT in Redwood City went back to the drawing boards to come up with something that didn't incur such hostility.

Five Years

Five years. It took Steve five years to come up with something he wouldn't get booed for. Apple's 'Mac' OS X finally saw the light of day in a decent version in August 2002. Five years. Five years wasted as Microsoft consolidated their market position and forever condemned the world's PC users and Internet surfers to lives of constant fear and harassment.

But it's not the collateral damage that's important here - what's important is that Steve and his NeXT pals had to go to such lengths to appease the hostile elements in the World of the Mac. The changes necessary to OPENSTEP were considerable.

Apple kept their anachronistic file system because the Apple faithful wanted the same features as before and couldn't be bothered to learn why NeXT's file system would have been better and more suitable for the Internetted world. John Siracusa led a protest against the mere suggestion that Macs should be more aware of how other platforms performed. And all through the system, from the top on down, OPENSTEP was modified to accommodate yesterday's Mac technology to appease the beast.

Siracusa was back in 2005 with another screed where he admitted that the slaughter perpetrated on NeXT's code was enough to move a serious system architect to tears. But he encouraged Apple to keep it up - to continue to ruin OPENSTEP, to 'keep up the good fight'.

Apple's OS X of today is so far from its original idea (and ideals) that it takes months to adopt and integrate upgrades of open source components. Apple's OS X is so far from an open 'open source' system that those 400+ components can't be plugged in and distributed in a zero day emergency. The vulnerabilities at the core of the Flashback epidemic currently infecting over half a million Macs were patched two months ago. But it's only in the past few days Apple have got around to fixing their version of the Oracle code.

This isn't the way open source is supposed to work. This is inefficiency taken to an extreme. Either Apple learn to play the game like all the others or their OS X is going to be destroyed by malware.

See Also
Industry Watch: Flashback Botnet Recruits 550,000 Macs