Connare Tech: Owner’s Corner

It’s not often that county executives come to teach political science classes at colleges or universities. However on Wednesday, current Erie County Executive Chris Collins was a guest lecturer for the 9AM political science in Knox 109 on UB’s north campus. I had the privilege of not only sitting in on the class but was also able to ask Mr. Collins a few questions afterwards.

Collins came on an invitation from Greg Glauber, a student at the University. Both are actively involved in Boy Scouts. “Anything for a scout.. I’m there. I had to reschedule a few meetings to make this. But it’s worth it,” said Collins.

Before he declared his actual intent to run for office, Collins had no political experience. What he did have was a very successful track record in the private sector. He is the manager and sole investor of Cobblestone Enterprises, which invests in local manufacturing companies. The companies he has invested in now have an annual sales excess of $80 million, according to the Erie County government Web site. Collins’ lecture to the students focused on the practicalities of business and their applications in government management. He showed how they could be affective focusing on two things; his campaign and six sigma implementation in governmental operations.

“If you have good ideas, but don’t win. Then who cares?… The first step was to get elected” said Collins.

“I’m excited that a republication is coming to a more liberal university taking time to talk to students…letting us know what he’s all about,” said Jason Benner a junior political science major.

When Collins first came into the public spotlight less than one percent of the population knew the name. Collins noted his affiliation with the republican party made things even harder.

“Republican, was a bad word. If voters went into the voting booth on November 6^th and decided solely on the distinction of republican or democrat the odds were 70/30, 80/20, 90/10 aka not in his favor. Collins then reminded the class that Erie county is 2:1 democratic. It’s tied to Iraq, bankruptcy and the control board. A republican couldn’t win under any circumstances…In WNY republicans are bad people. Previous Executive Giambra had a five percent approval rating. He was the only politician that made [President] George Bush look popular. I had to change mindset of public,” said Collins.

To do so Collins approached the situation as any typical business man would. He introduced himself as a new product. He created prospectives and brochures to go along with the branding of his campaign.

His slogan was “Collins for our future”, not the typical friends of Chris Collins. This campaign slogin, helped him stand out and was combined with his past success in the private industry. Collins showed the ads run during his campaign featuring real people, that were directly affected by his actions in the private industry.

The marketing strategy, of this “new” product, focused three R’s though not your typical reading, ‘riting and ‘rithmatic. Instead it was reforming the government, rebuilding the economy, and reducing taxes.

“It’s an interesting way to learn about the subject material,” said Jessica Sullivan a sophomore political science and history major. “Since he comes from business it’s a different perspective than a political lawyer, or actual politician.”

After 35 years out of the private Collins realized that the people needed to elect a chief executive, not a chief politician. He noted how people laughed April, May, June, July and all the way into October. However there was a building of momentum despite having a terrible time raising money.

Collins was able to meet with people of Erie county to talk about problems, the need to create jobs discussing the need to run county government like a business and bring efficiency to the forefront of operations. The more he talked to people the more he started to see heads, bobbing up and down which he referred to as “The bobble head confirmation of message.”

Like any political match up, there was mudslinging. “If your not willing to take off the gloves and fight, don’t enter politics,” said Collins. He then showed how some of the facts regarding his opponents were twisted a bit out of context. For example he stated that his opponent Jim Kane raised his salary by 50% while in office, which in itself is a true fact, but Kane never responded back, saying that the increase was only a mere $10,000 change from $20,000 to $30,000. In the end his approach and mentality of chief executive and not chief politician worked. Collins entering the race as an unknown won in a landslide victory, despite never actually campaigning in the City of Buffalo.

One student was concerned and asked why Collins didn’t bother to campaign in the city of Buffalo.

“If look at the facts it’s the county that funds the Buffalo Zoo, the Buffalo science Museum, the Albright Knox and the Buffalo and Erie County Historical Society. None of it comes from the city. But the city only accounts for thirty percent in erie county revenue. I’m also sharing 50 percent of the sales tax even though buffalo only accounts for 12 percent.”

“I had one focus, win the election, spend money, win the election. I have ties with Mayor Byron Brown and [congressmen] Brian Higgins. I was told don’t waste your time. If you go to the city, your not somewhere else,” said Collins. “It wasn’t that I don’t understand problems of city but seventy percent of Erie county lives outside of the city.”

The second focus of his lecture was on efficiency. People earn salaries and wages because they do their job. In my campaign I said I will take a $1 a month salary until we get rid of the control board. Collins argued why should he be paid if he doesn’t do his job?

Until Collins does his job “this means that my wife gets half of my salary so really its 50 cents a month,” he joked. This theme, and approach was something completely unexpected, and a Collins referred to the dollar a month salary as the icing on the cake.

How do we rebuild our government, and rebrand WNY which is know for the bills, cold, snow and chicken wings. The answer Collins says is six sigma.

“Six Sigma is a set of practices…to systematically improve processes by eliminating…nonconformity of a product or service to its specifications,” according to Wikipedia.

“I want a sign on the thruway that says Erie County, the first six sigma community in the US. We are rolling it out. It’s a bottom up approach, not a top down. It empowers workers, eliminates chance of mistakes, visual management, color coding, all of the things that work in business that have never been tried in government.”

“The first 90 days have had tremendous inertia. It’s the cornerstone of driving efficiency into government, creating savings that can be redeployed in other ways and I think tax payers understand that.”

Already Collins has taken back cell phones and county provided cars for those who don’t absolutely need them and even drives his own car to work. With this initiative alone he expects to save the county nearly $150,000, according to the Buffalo News.

The class was able to ask a few questions of Collins one which included the future of the Bills and their presence in WNY, to which Collins responded.

“Ralph Wilson’s not in good health and the team will be sold on his death. [Senator] Chuck Schumer serves on committees in Washington like the anti-trust exemption committee. Schumer has a big bat, he could work to take away anti-trust exemptions that the NFL operates under.”

“There are some deep pockets in the WNY area If I’m the new owner of the Bills, I’m gonna go the county executive saying I want a new stadium. I fully understand that is a likely item on table. The potential exists and if it comes up and if we do build a new stadium it would be downtown, not in Orchard Park!”

Another student asked about how Collins felt about UB’s comprehensive expansion plan coined UB 2020.

“I’m fully supportive. They’re [UB’s] not asking for any money. So already I’m there. What UB is going to doing, especially in medical campus very important. I will lend my voice because we need albay and suny to support capital to make it happen. As students come in they spend money in the community which turns into a huge economic driver. It’s all being done by UB and not on backs of Erie county tax payers. How could you not support it and not be enthusiastic about it?” Collins responded.

While many felt thankful and appreciated the county executive taking time out of his day to talk to the class, Collins felt it was only part of his job, referring to it as community outreach.

“It’s as simple as giving back. Young people are our future. When someone asks me [to do things like this] I always try to say yes, not no,” said Collins. He then proceeded to reference an example of a letter he received in reference to a lecture he gave to a group of high school students.

“ ‘I wanted to know how you influenced my life, because of your class that you talked I then decided to purse a career in business.’ If one kid, goes a certain way as a direct result of your actions, then how can you put a price tag on that?”

“It was a good experience. I learned a lot about county government and where we are at right now,” said Ezera Bernstien an undecided freshmen.

Kriste Campell, a visiting assistant professor in political science and the one who normally teaches the class summed up what seemed to be the general consensus of everyone in attendance.

“We are thankful for the wonderful experience.”

I asked Collins what it was that he thought was the hardest thing going from the private to the public sector.

“The most difficult has been time management, like events. Last night I was at the Saturn club, yesterday at buffalo club, the time demands are far great than I ever experienced in private sector. The number of request is mind boggling.” Collins referred to his scheduling as blocks of time, otherwise if you cram too much in how can you give each event the attention that it deserves?

I also was curious as to what it was that he found most enjoyable so far as being county executive. “I can see that I can run the county government as a business. Six sigma would be a big part of it. Naysayers say I’m naive to politics. But do they know something I don’t know? 90 – 100 days now in, we can run it like a business and were getting positive reception, were finding savings.”

“ I’ve had a saying,” continues Collins. “What is life? Your born, you live and you die. There’s not much about being born, everything to say about living and not much about dying. A person that lives, that’s the most interesting chapter in book of life. This is chapter 12 in my book of life. I’m a doer, not an observer. This is an extraordinary.”

As I wrapped up my allotted time for questions he smiled, shook my hand, and concluded: “good luck with your business.”

One of the classes I am taking this semester is a journalism class. Some of the articles I have been writing about focus on the happenings of the tech world. While articles are often adjusted for length and content by my editors, some of my articles I feel raise interesting issues. I have decided to post my original versions of the articles here as while they might not be nearly as grammatically correct or flow properly it goes along with the same style of my other posts. Just my thoughts, strung together about certain issues, take or leave from it what you want.

Earlier this month the Virginia Supreme Court ruled that spam emails are not protected by the first amendment and that the state’s anti-spam laws, for which the defendant was convicted by, are not in violation of the right to free speech or the interstate commerce clause of the constitutional.

The defendant, Jeremy Jaynes, according to the Spamhuas project, which tracks spam on a global level, listed Jayes as the eight largest spammer in the world before his arrest in 2004. Jaynes conviction lands him nine years behind bars for sending more than 53,000 emails using AOL’s servers in a 3 day period.

“SPAM not only clogs email inboxes and destroys productivity; it also defrauds citizens and threatens the online revolution” said Virginia Attorney General Bob McDonnell in a press release regarding the victory. The court in its decision said that misleading speech for commercial means is not protected. This is along the same lines that have already been established by previous legal precedents such as yelling fire in a crowded room when there isn’t which is not protected. Some students agree with the decision.

“It sounds right,” says Rachel Stover a junior marketing major. “Spam is an invasion. The fact that you get it so much of it without agreeing to it is a problem.”

Virginia’s anti-spam law makes it a class 1 misdemeanor or class 6 felony to send out emails in this manner of over 10,000 within a 24 hour time period, 100,000 in a 30 day time period, or one million in a year. It defines a spammer as someone who “uses a computer or computer network with the intent to falsify or forge electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscriber” according to Virginia’s legislative website.

However, the conviction was narrowly upheld by a split 4-3 ruling. In the dissenting opinion Judge Elizabeth Lacy writes that the anti-spam law is unconstitutional “because it prohibits the anonymous transmission of all unsolicited bulk e-mail including those containing political, religious or other speech protected by the First Amendment.” Members of the UB community were also split about the decision.

“Tenure insures that faculty can have rights under academic freedom to say things that might be in contrast to current thinking. So in the same way, spam falls under freedom of speech, to contact me or any person about a particular product or service, to provide me with information,” says Teresa Miklitsch an adjunct professor in the graduate school of education in educational leadership and policy.

“How is spam any different than telemarketers, or the junk-mail, like credit-card offers that I receive at my house? I never ask for either, so why are they permissible, but now spam isn’t?” wonders Miklitsch.

This is the first time that a spammer has been convicted on a federal level, according to the press release by the Virginia attorney general’s office, experts believe that the ruling won’t have any immediate affect on the amount of spam that winds up in your inbox.

“Spam has changed nature of e-mail for the worst there is no question about that,” says William J. Rapaport, an associate professor in the department of computer science and engineering. “I’m optimistic about the decision but still skeptical because nothing has worked so far to stem the tide of spam.”

“Today in light of people using facebook or blogs we are opening ourselves up intentionally to more spam,” Miklitsch said. “They are all open communication that we’ve created by choice. So we’ve created an open market for communication.”

If the lack of a general consensus among students and professors at the University at Buffalo is any indication, much like that of the Virginia Supreme Court, don’t be surprised if this issue is brought up again in the near future, though this time in front the 9 justices of the U.S. Supreme Court.

Connare Tech is looking for people interested in working in the sciences and software engineering. We work with cutting edge technologies creating products that change the world and raise the standard of expectations and excellence.

Our Team is small but we are going through a huge period of growth. We are looking for:

• 2-4 Developers
• 1-2 Graphics/Designers

Developers:

Primary role will be in developing web related technologies and services. You will be trained through small exercises and programming projects which will focus on end-user usability, backend database integration, administrative front ends, and accountability for exceptions.

The primary technologies involved with our services are:

• PHP
• MySQL
• AJAX
• Flash AS
• Ruby

You will primarily be designing components and features for large scale systems and integrating them with stuff from the design team.

Graphics/Designers:

Primary role will be creating and designing layouts for services that we create as well as all of the images, icons, and buttons that will be used for those services. Graphics/Designers, like developers, will focus on end-user usability and ease of use for future users of the system.

All of our work is done from scratch. We are beginning to utilize flash technology bringing the two teams together as developers work with designers to create better end products.

If you are interested please fill out our online application here. Once your application is received you will receive a notification. Your credentials will be evaluated you will be notified of whether or not you have passed preliminary acceptance.

Connare Tech is an equal opportunity employer and does not discriminate based on race, color, religion, sex, age, sexual orientation, disability, national origin, ancestry, marital status, familial status, status as a disabled veteran or as veteran of the Vietnam era, and any other legally recognized status entitled to protection under state, federal, or local anti-discrimination laws.

New Years day presents a promising indication of our upcoming year:

I was one of the lucky 73,000 people to attend the NHL AMP Winter Classic, the first regular season NHL game to be played outdoors in the US. The game was the largest crowd ever for a NHL game and the day could not have been more perfect for the event (a bit of a surprise considering Buffalo’s unpredictable weather).

While the Sabres hosted, there were numerous Penguins fans in attendance. Having a mix of fans, a temperature that wasn’t blistering cold, and steady snow fall, made the experience all the more enjoyable.Despite the loss it was truly a memorable and amazing way to start the New Year.

Before 2008 blows us away, let’s take a brief look at the events of 2007. While updates to ConnareTech.com have been sparse and all appears quiet, nothing could be further from the truth.

As many have noticed there are a few more names on the “About Us” page. Yes, it is true, I did some hiring. We are involved with a few really neat projects which our small team could no longer manage and develop alone. Connare Tech is now officially registered as an employer within NYS. We began hiring at the beginning of the summer of ‘06 and the hiring spree will continue over the next month or two. If you are interested in working for us, keep checking connaretech.com for details.

ConnareTech.com was redesigned a few months ago and earlier last week we updated our client services, blogs, and infrastructural software which powers the site. Over the next week or so you will see a massive content adjustment to the site. The layout of Connaretech.com has been reorganized – it is much cleaner, easier to read, and easier to navigate. This adjustment will reflect all of the changes that the company is going through and will help users gain a better understanding of what it is that we do and all that we have to offer.

Over the past few months Connare Tech has made some strategic partnerships that are allowing the business to grow endlessly. The projects that we continue to find ourselves involved with come from interesting people with excellent ideas. It has been a great pleasure of mine to work with all of these different people and help bring their ideas to reality.

Potential grows with technology and engineering. Even in just the past year a number of different technologies have matured allowing us to revamp and expand. This includes redesign interfaces, making the user experience just more user friendly and lowering the learning curve for the products that we are developing. The past few months have been unbelievable.

What else can I say that you cannot experience for yourself – look around our site and take weight of all the progressive movement. All of the pieces are fitting together and the progress is more evident than ever. If that was 2007, I say bring on 2008! If the enjoyment, excitement, and energy of New Years Day are any indication of what is to come, 2008, I can’t wait; it is going to be an amazing year!

• Overview
• Copyright Concepts
• The RIAA’s approach and its Critics
• iTunes Changes Music Downloading
• Steve Jobs’ Open Letter Calling for DRM Free Music
• Music Tax… now that’s ridiclious
• YouTube and Copyright
  • YouTube
  • Viacom
  • NFL and Wendy Seltzer
• The SONY BetaMax Ruling and with Online Music Sales
• History Repeats Itself

Overview

Earlier this week Apple announced in conjunction with EMI (one of the biggest music labels) that they would soon be selling music without DRM (digital rights). Before I get into why this is so important, let’s first see how we got to here today.

Copyright is a fundamental in the US for business innovation. The concept of protecting technologies or ownership of works is instilled within our society. It is what allows our capitalistic business model to succeed. Say a business in the US developed a drug to cure AIDS. After investing millions, perhaps, billions of dollars in research and development the company would sell that drug on the market to make a profit. But what if their results could easily be copied by another company who could also sell that drug? The original company would no longer receive the compensation for all of the work they put in. Another company would profit off of the original company’s idea without having to invest the time or money. Thus there would be no desire for the original company to develop such a solution if there were no guarantees of protection. Such protection of innovation and technology is integrated into US law starting with the US constitution which grants these protections and rights of use “to promote the progress of science and useful arts” (NY TIMES)

It’s really about time that music executives started realization that overprotection in the end actually hurts the business model. Just look at Napster as the prime example. The RIAA in its fury to stem the piracy of music shut it down. In response many more alternatives stepped up to fill the void. These alternatives were harder to shutdown and caused free music downloading to skyrocket.

Copyright Concepts

There is a common misconception that upon purchasing a cd the purchaser not only physically owns the cd but also owns the contents of the cd and thus can do with it as they please. The reality though is that upon purchasing a cd while the owner may physically own the cd, the content on the cd itself is classified as intellectual property. The intellectual property on the cd is not owned by the purchaser, but in many case, by the RIAA (Torr). The RIAA clearly establishes these different types of property and its ownership of the intellectual property on the cds is the basis for its actions against piracy. When people share and download this intellectual property they are stealing from the RIAA.

The RIAA’s approach and its Critics

To address this issue the RIAA, as many people know, began suing music downloaders. They have stated that they “take great care to ensure that a user is illegally distributing or copying copyrighted recordings before it files a request for a subpoena”(Torr). All methods used in obtaining information were argued by the RIAA to be completely within its legal authority. Since it began suing, despite arguing that its tactics were legit, the RIAA has encountered a number of setbacks. While Verizon lost a lawsuit citing customer privacy violations, SBC in 2003 countersued arguing that the methodology used to gain information by the RIAA was unconstitutional. A court later ruled in favor of SBC declaring that the RIAA’s method of using subpoena to gain information was unconstitutional (Borland). Universities such as MIT and Boston College have refused to release information citing the Family Education Rights and Privacy Act and improper legal procedures by the RIAA (Sales). Despite claims of taking great care to verify individuals through the information obtained on sharing networks the RIAA has issued subpoenas for those who have been deceased and even people who do not even own a computer.

Critics do not only include business that deal with the RIAA but include musicians themselves. Earlier in 2006 over a dozen high profile Canadian artist including the Barenaked Ladies, Avil Lavinge, Sarah McLachalan, Raine Maida of Our Lady Peace, and Billy Talent formed the Canadian Music Coalition (Dixon). Many of these artists are winners of prestigious Juno and Grammy awards and have sold millions of albums. The group explicitly stated that record labels are lobbying for changes in copyright laws which would allow them to increase lawsuits and gain greater control over the distribution of music. The majority of these artists were being represented by the music industry which had been advocating for copyright and legal changes on their behalf (Canadian Music Creators Coalition). These artists however did not believe that the recording industry was accurately representing their interests.
The Canadian Music Creators Coalition has explicitly expressed that they believe suing their own fans is not only “destructive and hypocritical” but that those that sharing music “are not thieves or pirates”. The group also advocates against digital rights and locks on music. They argue that control distribution is not fair to the consumer, because it limits choice, is counterproductive, and causes backlash, which in turn misrepresents the artist (Canadian Music Creators Coalition).

iTunes Changes Music Downloading

There were many skeptics when iTunes first came to the market. After all it offered a different solution and so music selling services so far only had limited success. But after all it’s Apple were talking about and Apple pays attention to the fine details and every aspect of the user experience to just make it work and be as intuitive as possible. The music industry reluctantly signed on learning that the service would only initially be available to those on the Mac platform. Well the initial numbers were staggering. When iTunes finally came over to Windows the numbers took Apple to 1st place in online Music Sales. Today the iTunes store is the 4th or 5th (I do forget) largest music seller only behind brick and mortar stores such as WalMart and Target. I think they’ve even surpassed Amazon.com or are close to it. This showed that the majority of consumers will pay for music! It just has to be offered on terms that seem fair.

One of the best ways to generate buzz or publicity is to offer a great product not only for free but a product that just works. That’s what iTunes did. The technicalities of the DRM from the iTunes store are essentialy hidden from the average user and Music is of the same nature and while artists and the recording industry should indeed be compensated they should serve as a catalyst for new technologies and forms of entertainment, not as a barrier due to legal and over protectionist methodologies.

Steve Jobs’ Open Letter Calling for DRM Free Music

Earlier this year Steve Jobs released an open letter calling for the music industry to release DRM free music. In it he citied the harm it causes consumers and how it stifles choice. Before digital music if you bought at cd you knew it would play in your cd player. One could go to any music store and purchase any cd and there was never a doubt that you would not have trouble playing it. With the digital rights that the industry mandates on all legal songs sold just because you buy a song from one store does not guarantee that it will play on your current music player. For example, music purchased from the MSN store or Rhapsody, will not play on the iPod and music purchased from the iTunes music store will not play on players that work with MSN or Rhapsody compatible players due to the digital locks on the songs.

There were a number of responses to letter from various industry exectivies representing various companies and sure enough members of the music industry responded. Warner Music CEO Edgar Bronfman described the letter as one “without logic and merit” (Reuters). Marketing director for Zune at Mirosoft called the letter “irresponsible, or at the very least naïve” (NY Times), and yet now Microsoft is pondering the addition of EMI’s catalog DRM Free.

Music Tax… now that’s ridiclious

Both of these responses are from companies who have argued in favor of taxing music itself. Let’s analayize the concept of a music tax for a second. Bronfman in late 2005 proposed an iPod or music tax. His argument is that “We’re selling our songs through iPods, but we don’t have a share of iPods’ revenue” (TheStreet.com). First off this is anonsense claim. Apple pays music companies roughly 70 cents out of the $1.00 of every song sold for rights to sell that music. It also covers marketing, infastructural costs, and credit card processing fees for the store. All the music companies do is sign an agreement saying that Apple can legally distribute their music and they watch the cash flow in.

Secondly, why a tax now? Before the iPod it was the SONY walkman, which was then followed through with the portable CD player. These devices where phenomeoas which also changed the way people listend to music. Yet none of these devices had specific music taxes on them? I don’t see Warner coming out with any revolutoinary devices to change the way we listen to music, so why should they directly profit off of Apple’s research and sucess? They sure didn’t do it with SONY which held a dominant hold on the music device industry for decades. SONY never paid music lables a percentage of their sales based upon the number of units sold, so really why now? Today still TV makers don’t pay tv content providers just as radio makers such as JVC don’t pay radio stations, and Satellite radio such as Sirrus and XM don’t pay royalities for each product sold.

Microsoft tried to woo the music industry by paying a “tax” for each zune sold. They agreed to pay Universal Music Group $1 for every Zune sold (NY Times). What’s a Zone? Yea, not many people know, because its so confulsted with technicalities and digital rights integration. Plus it looks like a brick or just a general pos. Yet this is the first time in history that a company has compensated content providers.

YouTube and Copyright

Music for the longest time has been in the spotlight in regards to copyright, coming into the spotlight now is video, esepcailly with the enormous popularity of YouTube. Almost every internet user has heard of YouTube and millions have used it, often daily. YouTube was acquired by Google in the latter half of 2006 for about 1.6 billion dollars and allows users to easily upload and share videos. It’s another example of a product that just works. There is no nonsense with video formats or crazy plugins or anything of that nature. It’s just easy and I works. YouTube features content from a-z. Music videos, commercials, tv clips, movie clips, if you’re thinking of something that has to do with video and its been broadcasted or in the main stream media chances are that its on YouTube. Essentially YouTube has made sharing video as easy as sharing photos capitalization on sites such as flicker, and photobucket, except now its with.

I grew up in Buffalo and love my sports teams. God knows that all of us Buffalonians do. When the brawl between the Buffalo Sabres and Ottawa senators broke out, one of the first things I did, not having TiVo, was look up the clip on YouTube and there it was.

Some companies have used youtube to their advantage. An example was NBC when Justin Timberlake hosted SNL. Timberlake and Andy Samberg did a skit which had to be edited for broadcast television. NBC released the clip on YouTube as “A Special Christmas Box” uncensored and within a week there were over 9 million views. As of the writing of this entry it has more than doubled to 19,383,303 views. I personally had not seen the broadcast version but people were talking about it and showed it to me and all I could do was laugh. I in turn showed my friends and everyone was talking about the skit. That’s what companies want people to watch and enjoy their content and that’s what YouTube allows.

However abuses over copyright protection again come up time and time again. When Google acquired YouTube many analysts wondered whether Google would be hit with multiple lawsuits for copyright violation now that YouTube had money. Analysits were right on. YouTube suddenly infushed with cash could dish it back out if found guilty of copyright violation.

Content owners cite the DMCA or the Digital Millennium Copyright Act. The act, which was passed in 1998, makes the penalties for copyright infringement over the internet steeper and makes it a crime to circumvent copyright protection mechanisms. There are exceptions to the law, that are under the term “fair use” and content owners often seem to abuse the power that they are given by this act.

In a nutshell the act says that:

“- Web sites that make pirated material available generally are protected from liability as long as they remove the material at the copyright holder’s request.

– In their defense, Web sites must show that they were unaware of the pirated material until they were asked to remove it.

– Recent case law and legal theories hold that Web sites still can be held liable if:

1. The copyright infringement is so pervasive that the Web site should have been aware of it.

2. The Web site induces users to post pirated material.

3. The Web site profits from the violations. “(SFGate.com)

Viacom and YouTube

Today one of the major things that YouTube faces is entertainment giant Viacom. Viacom is a huge media company who owns Comedy Central, Nickelodeon, MTV and movie giant Paramount and DreamWorks. Their shows that they own include the popular Daily Show with Jon Stewart, South Park, the Colbert Report, SponeBob Square Pants,the list goes on and on. Clips from all of these shows can be found on YouTube and Viacom is claiming that Google’s ““YouTube deliberately built up a library of infringing works to draw traffic to the YouTube site, enabling it to gain a commanding market share, earn significant revenues and increase its enterprise value.”(NY Times). While there are a massaive number of copyrighted clips owned by the major media studios those aren’t the only things that YouTube has on its site. Some of the top hits are of clips done by amatuer film makers with a simple video camera wanting to share their work with the world.

Viacom is suing for $1,000,000,000. Yes that is correct number of zeros, one billion saying that their clips have been viewed over 1.5 billion times. Google has been very prompt in taking down clips when issued with a DMCA requests and argues that is has one of the fastest response times in the industry when issued with such a request. This is probabably true but Viacom then argues that in waiting to be notified it forces content owners to keep a watch out for copyright infringement themselves.

Google responded that “Viacom is attempting to rewrite established copyright law through a baseless lawsuit. In February, after negotiations broke down, Viacom requested that YouTube take down more than 100,000 videos. We did so immediately, working through a weekend. Viacom later withdrew some of those requests, apparently realizing that those videos were not infringing, after all. Though Viacom seems unable to determine what constitutes infringing content, its lawyers believe that we should have the responsibility and ability to do it for them.”(Washingtonpost.com)

Viacom also last month found itself in some hot water after sued moveon.org after the group posted a Colbert Show paradoy. The EFF got invovled and I would clearly agree that the ” video is an act of free speech and a fair use of ‘Colbert Report’ clips,” said EFF Staff Attorney Corynne McSherry. “Viacom knows this — it’s the same kind of fair use that ‘The Colbert Report’ and ‘The Daily Show’ rely upon every night as they parody other channels’ news coverage.”(EFF). Talk about irony. The question is where will the line be drawn? The 1st amendment of the constitution gives us the right to criticize without fear of retaliation and that is exactly what a parody is.

NFL and Wendy Seltzer

Another example of this is the fiasco that the NFL now finds itself in with Wendy Seltzer. Millions of Americans watched the SuperBowl and in every football game that is broadcast there is a blurb that says

“This telecast is copyrighted by the NFL for the private use of our audience, and any other use of this telecast or of any pictures, descriptions or accounts of the game without the NFL’s consent is prohibited”

Seltzer posted a YouTube version of this clip on her blog in Feburary. She “took exception to this claim—as it clearly makes no concession for fair use—and wanted to show her students how content owners are beginning to exaggerate their rights”.

Less than a week later the clip was taken down by YouTube, which had received a request from the NFl asking the clip to be removed due to copyright infriginement. Now the average person would no doubt just say ok my clip was taken down, bummer.

But Seltzer’s job title is not only law professor. She is also an attorney at the Electronic Frontier Foundation (EFF), and founder of Chilling Effects. Both of these organizations concern themselves with education and protection of online rights. The EFF itself has been involved in a number of high profile cases including the SONY Rootkit debacle and the Supreme Court ruling of MGM vs Grokster regarding file sharing applications where innovation trumped corporate interests.

Seltzer knowing full well about the DMCA issued a counter claim arguing full faith belief that the clip was not a copyright violation and the YouTube clip came back online. According to the law the only recourse that the NFL could take is to then ask for the content to be taken down through the courts. However the NFL instead asked for the same clip to be taken down ignoring the counter claim again citing DMCA violations.

What the DMCA does say that the NFL did not take into account apparently, is that you can’t issue a take down notice for the same content twice if a counter notice is filed. If this happens, the law states that the NFL is now liable for all damages and legal fees of the infringer because the NFL “knowing[ly] misrepresentat[ed] that the clip is infringing”
“Essentially, the NFL is now in violation of the same law that it is using to try to protect its own content. And, instead of following the proper procedures outlined in the DMCA, the NFL appears to be choosing to beat her over the head with takedown requests.”(ArsTechnica.com). These media conglomerates are often blindly using their power to maintain control over their content, in a 20th century fashion, regardless as to whether or not its within their limits, in a 21st digital lifestyle.

Yes companies deserve compensation for their products, after all again that is what makes the business model of America work. However many business themselves are over protective of their content and are truly causing themselves more harm than good by focusing on their short term ramifications rather than the long term. NBC has said that viewership of David Letterman has increased due to the clips being posted online and their sucess with the posting of the SNL clip has lead to increased viewing of the show. Do you see NBC suing YouTube? No, in many instances their sharing their content and posting legit high quality copies instead of rippied mediocore versions posted by john and jane doe.

The SONY BetaMax Ruling and with Online Music Sales

In Jobs’ open letter he cited the only reason that there is DRM on the music store is because the music industry players wouldn’t of otherwise licensed the music. With this agreement consumers are given the freedom they deserve. After all consumers are the ones that dictate the market not the companies.

The online music revolutoin is not the first time that the entertainment industry has been threanted by new technology. The introduction of radio caused record sales to plummet from 100 million to 6 million during the 1920s. That is a huge change in percentage versues the drop in music sales the RIAA argues is lost to online piracy. Over time though the music industry used radio to its advantage and to this day radio is now a promotional tool dominated by the music industry (Greenblatt). When the movie industry was first threatened by SONY’s betamax, an early verison of the VHS, which allowed people to record tv shows they tried to stop its sale through the courts, by suing SONY, much in the same way that the RIAA stopped Napster. The courts however sided with SONY, saying that SONY “was not liable for creating a technology that some customers may use for copyright infringing purposes, so long as the technology is capable of substantial non-infringing uses. In other words, where a technology has many uses, the public cannot be denied the lawful uses just because some (or many or most) may use the product to infringe copyrights” (EFF).

VHS soon replaced betamax (Jost) and were then sold for over twenty years becoming the movie industries most valuable source of income. VHS tapes themsleves brought in more than the box office itself before being replaced by DVDs. When MGM sued Grokster, just as they tried to do with VHS technology, the Supreme Court again upheld the rulling that innovation trumps piracy.

History Repeats Itself

Between 1999 and 2002, every month, over 2.6 billion songs were downloaded. CD shipments themselves fell from 1.16 billion to 860 million in the US and sales themselves dropped from $15 to $11 billion, which is a whopping 27%, over the same time period (Bainwol). The valuation of the music industry itself according to the CEO of the RIAA has fallen from $40 billion to $32 billion(Bainwol). In 2000 the top 10 cds sold totaled 60 million copies, in 2001 the top 10 discs totaled only 40 million and then in 2002 only 34 million which comes out to a 43% loss in sales over a 3 year period (Greenblatt). If history is of any indication, in the end technology will win over corporate interests and become a fundamental revenue source for the industry.

So really props to Steve Jobs and props to EMI Group CEO Eric Nicoli. “Nicoli said the move did not diminish EMI’s fight against piracy. We have to trust our consumers,’ he said. ‘We have always argued that the best way to combat illegal traffic is to make legal content available at decent value and convenient.’(BBC)

The people who cause mass piracy and have enough time to circumvent copyright protection schemes only make up a small fraction of the consumer population and there are always going to be people who fall into this category. The majority of consumers, don’t want to waste time dealing with technicalicty, and truly are good people who will do the right thing if offered the chance. It is good to see that there are some in the corporate world who can see this. They are the ones unaffected by greed and not only have the consumer’s best interest at heart but that are the ones who act on their intuitionsinstead of just sitting idly by.

———————————————-

Some parts of this entry were taken from an English paper that I wrote. The sources listed below were used for that paper.

Bainwol, Mitch. “The Music Industry’s Lawsuits Against Online Music Sharers Are Justified” Internet Piracy. James D. Torr, Ed. At Issue Series. Greenhaven Press, 2005. Mitch Bainwol, testimony before the Senate Committee on Governmental Affairs, Washington, DC, September 30, 2003. Opposing Viewpoints Resource Center. Thomson Gale. 08 October 2006
<http://galenet.galegroup.com.gate.lib.buffalo.edu/>

Greenblatt, Alan. “Future of the Music Industry.” CQ Researcher 13.41 (2003): 989-1012. CQ Researcher Online. CQ Press. 8 Oct. 2006 <http://library.cqpress.com.gate.lib.buffalo.edu/cqresearcher/document.php?id=cqresrre2003112100>.

B.B.C. News. “BBC News | Entertainment | Apple head attacks record firms.” Apple head attacks record firms. 20 Sept. 2005. BBC. 19 Oct 2006 <http://news.bbc.co.uk/2/hi/entertainment/4265434.stm>

Borland, John. “Court: RIAA lawsuit strategy illegal | Cnet News.com.” Court: RIAA lawsuit strategy illegal. 19 Dec 2003. Cnet. 20 Oct 2006 <http://news.com.com/Court+RIAA+lawsuit+strategy+illegal/2100-1027_3-5129687.html>.

Canadian Music Creators Coalition , “A New Voice.” A New Voice: Policy Positions of the Canadian Music Creators Coalition. 26 Apr 2006. Canadian Music Creators Coalition. 19 Oct 2006 <http://www.musiccreators.ca/docs/A_New_Voice-Policy_Paper.pdf>.

Cullen, Lisa Takeuchi . “Opposing Viewpoints Resource Center - Magazine and Newspaper Display.” How To Go Legit: Pay for music online? It used to be square, but the crackdown on pirates is giving legal sites new life. 22 Sept 2003. Time. 19 Oct 2006 <http://galenet.galegroup.com.gate.lib.buffalo.edu/>.

Dixon, Guy, Guy. “Opposing Viewpoints Resource Center - Magazine and Newspaper Display.” Canuck musicians say lay off illegal downloaders. 27 April 2006. Globe & Mail. 19 Oct 2006 <http://galenet.galegroup.com.gate.lib.buffalo.edu/ >.

Dixon, Guy. “Opposing Viewpoints Resource Center - Magazine and Newspaper Display.” Apple Extends Deal For 99cents Downloads. 3 May 2006. New York Times. 19 Oct 2006 <http://galenet.galegroup.com.gate.lib.buffalo.edu/>.

Jost, K. (2000, September 29). Copyright and the Internet. CQ Researcher, 10, 769-792. Retrieved October 8, 2006, from CQ Public Affairs Collection, <http://library.cqpress.com.gate.lib.buffalo.edu/cqpac/document.php?id=cqresrre2000092900>

Markoff, John. “Opossing Viewpoints Resource Center — Magazine and Newspaper Display.” Apple Sells 70 Million Songs In First Year of ITunes Service.. 29 Apr 2004. New York Times. 19 Oct 2006 <http://galenet.galegroup.com.gate.lib.buffalo.edu/ >.

Marks, Steve. “Internet Piracy Is a Serious Problem” The Internet. James D. Torr, Ed. Opposing Viewpoints® Series. Greenhaven Press, 2005. Steve Marks, “Remarks at General Counsel, Recording Industry Association of America, Florida Atlantic University,” www.riaa.com, April 15, 2004. Copyright © 2004 by the Recording Industry Association of America. Opposing Viewpoints Resource Center. Thomson Gale. 08 October 2006

Sales, Robert. “MIT responds to RIAA subpoena - MIT News Office.” MIT responds to RIAA subpoena. 22 July 2003. MIT. 19 Oct 2006 <http://web.mit.edu/newsoffice/2003/riaa.html>.

Schwartz, John. “Opposing Viewpoints Resource Center - Magazine and Newspaper Display.” A Heretical View of File Sharing. . 05 April 2004. New York Times. 19 Oct 2006 <http://galenet.galegroup.com.gate.lib.buffalo.edu/ >.

Torr, James D. “Introduction to Internet Piracy: At Issue.” Internet Piracy. At Issue Series. Greenhaven Press, 2005.
Opposing Viewpoints Resource Center. Thomson Gale. 08 October 2006
<http://galenet.galegroup.com.gate.lib.buffalo.edu/ >

On Monday, let me mark the date, March 5th 2007, I was interviewed by IBM. It still blows my mind that it was less than a week ago that I received an email from UB Career Services saying that IBM had selected me to be interviewed for a position in their WebSphere division. This division develops web related technologies and services much in the way Connare Tech does, but obviously on a much higher scale with a much bigger budget and with a much bigger reputation and name. In either case this interview started off as all interviews do.
“Hi my name is Sanjay Connare. It is a pleasure to meet you.” Immediately what stuck out was that there were two interviewees. I was surprised, though not taken back, as I had never been in a technical interview where there was more than one person evaluating me at a time. I was presented with more information regarding the position and what it entailed and then somewhere in the mix they asked me about my experience working with web applications. After that to me it was no longer an interview.

“Yea I have some experience, I’ve even developed a few through my own firm.” was the response I gave them, or at least something to that nature. “oh really, tell us a little more about that. we visited your web site, did you do that? how long have you been doing it for?”. Storytelling, I love it. It’s why I am writing right now and neither of them could have expected what was to come next from me.

I vividly recounted why I started Connare Tech, what it has meant to me and the both the experiences and opportunities that I have since been privileged to take part in. Once all the background information settled in I began to address their initial questions regarding web applications. Though instead of merely answering with something like “yea I’ve developed a few using lamp based frameworks”, I began to ask them the questions. “Would you like to see a demo of some?” They obliged eager to see what I had done and probably more so to see if I lived up to all my talk.

For the next thirty minutes I demoed all sorts of things that Connare Tech has developed over the past few years. I demoed the book inventory system, the redzone film playback and viewing history system and the city honors rugby site scheduling system. I emphasized the ease of use, interfaces that the admins used, and the power that occurred behind the scenes unbeknownst to the user.

When I had finished both congratulated me on my accomplishments. This was IBM saying Mr. Connare you’ve done excellent work. IBM, the #1 computer consulting firm in the world. They then proceeded to ask me when I was graduating and at that point the tone of the interview changed. The May 2009 graduation date stung like a thorn on a rose. The one interviewer told me she was going to be honest and straight to the point. She was sorry that it wasn’t sooner because there were so many strong candidates who were either graduating or about to graduate. The position was to serve as a stopgap for full employment, as many technical internships are. My graduation gap of three years was a little too much for them. As I prepared to leave the two interviewees gave me their contact information and hoped that I didn’t feel as if I had wasted my time. They reiterated their appreciation and acknowledgment of the work that I had presented to them and said that they wanted to stay in touch and would be in contact with me when they returned next year if I was still interested.

Afterwards the first thing I did when I got near a computer was look up the stats for connaretech.com and sure enough there were 2 unique hits from the domain IBM.com. While I didn’t get the job, was it a waste of time? No not at all, I enjoyed it all and still am taking it all in. So I thank them for honoring me with an interview. Besides as they said they’ll be in contact with me next year when they come back to campus. A lot can happen in a year but if i’m here next summer IBM if you’re reading this, yes I would be more than interested. Next on the agenda, my application to Microsoft. I hear back from them next week.

SP2 was Microsoft’s answer to security and with it included Microsoft’s own revamped firewall and Security Center. However, do not be fooled by the inclusion of a firewall by Microsoft. The built in firewall is barely adquedate in addressing real security threats that a firewall is supposed to protect against.

What is a firewall?

When you connect your computer to the internet, without protection, your computer is essentially accessible via any other computer also connected to the internet. A firewall is either a program or hardware device that controls, monitors, and filters traffic between your computer and the internet.

Why do I need a firewall?
When microsoft first shipped Windows XP it did not come with any firewall software. A microsoft windows xp computer with out any protection and connected to the internet can be compromised within twenty minutes of it being connected to the internet. (1) A firewall on windows is a must have, though using Microsoft’s built in firewall is not recommend.

What is wrong with Microsoft’s built in firewall?

Like many of Microsoft’s products its firewall which attempts to address some of the issues regarding its flawed XP operating system is inhertatly, like the thing it is trying to fixed, flawed. A good firewall will completely isolate the system and allow one true network point of entry and exit, bothin and out of the system, which is through itself. If the firewall deems the content passing through to be unharmful it will continue to pass the content through to the user, if not the content will simply stall out and it is as if its destination did not exist.

One of the first things that is flawed with XP’s built in firewall is that it only monitors and filters incoming connections. This does help solve the problem of denial of service attempts and the compromising of systems by things such as the blaster and sasser worms which took advantage of flaws in Microsoft’s RPC service. However, outgoing connections which are used extensivly by spyware and viruses to get new instructions, send out attacks, send out sensitive information, and so on and so forth are not monitored.

Secondly, the windows firewall can be disabled without the user explicitly turning it off. While there are no reports of this actually hapenning it also conincides with the fact that Microsoft’s Security Center can be spoofed into believeing that a legitamte firewall is installed and running. An article by PC Magazine here describes how this can be done.

What firewall is good?

A good firewall will do all of the following:

Microsoft’s built in firewall does a bare-bones minimal job. While it does increase the protection and level of security of the computer by providing basic defenses. It is by no means an adequdate solutions for the growing and expanding threats that are out there.
If your running windows get your own anti virus and firewall software. Be wary of the warnings and notifications that appear in the windows security center and monitor such applications yourself.

No sooner had I posted my few takes on the Mac OS X virus situation that the following few days saw the web and media in a fury over a new flaw “Mac OS X hacked in under 30 minutes.” Upon reading this article it would essentially destroy not only any of my arguments that I made in my previous article but would also destroy my reputation and it is also an insult to my intelligence. Go ahead read the article available here, but come back afterwords and finish reading what it is I have to say. Another interesting article from business week expresses that same view point of this situation and can be read here and another article again showing the differences between vulnerability and exploit in regards to Mac OS X vs. Windows is available here.

First let’s look at the basics of this situation, which has been summed up by Dave Schroeder of the University of Wisconsin.

“The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). Yes, there are local privilege escalation vulnerabilities; likely some that are “unpublished”. But this machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction.

Almost all consumer Mac OS X machines will:
# Not give any external entities local account access
# Not even have any ports open
# In addition to the above, most consumer machines will also be behind personal router/firewall devices, further reducing exposure

The original article was not fair, because it did not note, or even imply, or hint in any way, that local account access was granted. The whole point of Apple using proven open source services like OpenSSH and apache on Mac OS X is exactly because of their secure nature as a result of years of scrutiny by the community. Most users of Mac OS X in a consumer or desktop setting will never even enable any of these services at all. It’s unfortunate that the initial coverage was so journalistically poor and sensationalistic on what might otherwise have been an article about an interesting local vulnerability. Instead, it chose to leave people with the impression that a Mac OS X machine can be “hacked” just by doing nothing more that being on the Internet. That is patently false. ” This site was taken offline because the test on University of Wisconsin’s networks was not a sanctioned or authorized activity, it can be viewed here, in its entirety either through google’s cached web sites or through a pdf. However, for the entire duration of its time online, the worst that happened to the little Mac mini was that it was forced offline due to denial services attacks, which is like calling a phone number over and over so no one else can get through. The machine was never hacked, even with more services turned on than if the average user just powered on the machine and accepted the default settings!

If you give me personal access to any computer, be it Mac or Pc, I will be able to hack it. Having personal access to a computer changes the whole landscape of security. That is why if I need to reset passwords for clients for example, I need to have the computer in front of me. I could not possibly do this over the internet.

Second, let’s take a look at the economics of this situation. As more and more users switch over to OS X from Windows, virus companies, spyware companies and the likes of which knowing that their products are not used on any common mac user’s machine today, know that they are losing sales. So they convince people that there are things out there that could compromise their system and that they need these products. PC users respond by buying these products because they are from the trusted sources that previously protected their pc’s and if they are saying their are viruses out there then well I should get the product to protect my pc.

“It’s no coincidence that not long after security vendors began beating the drum about possible exploits of the Mac OS X operating system, unpatched flaws were uncovered, an analyst has suggested,” Gregg Keizer writes for TechWeb. “Rob Enderle, principal at the Enderle Group, reacted to the recent news of a pair of worms aimed at Mac OS X and a zero-day vulnerability of Apple’s operating system with accusations that the security industry hypes the danger in order to sell more security software. ‘The job of security companies is to make the Apple platform look insecure,’ said Enderle. ‘They’re now convinced that Apple is their next big revenue opportunity.’”

“Many people are worried. And rightly so. What if a large portion of people switch to Mac from Windows? What happens to the mom and pop operations that depend on selling boxes that run Windows and that have no experience with Macs? What happens to the antivirus companies that depend on the Windows security mess? How will they sell their wares to Mac OS X users? What happens to Microsoft’s Windows profits? What happens to software makers that make Windows-only software? The list goes on forever; there’s a whole economy based on fixing and supporting Windows.”(1)

When Connare Tech was first founded and was starting out, this was the primary and only source of revenue, fixing and supporting windows. Nearly 99% of all service calls were called in by those running Windows. The other 1% was those running Macs, but they needed help setting up or customizing their computer, or they wanted tutorial information, troubleshooting something that previously was working but now was broken was never the primary issue. As I stated in the previous security announcement, this changes nothing as to how I will use my Mac and in fact it makes me worry less. Does it make the Mac OS X platform any less secure? I think not, in fact I believe that it makes it even more secure because it brings truth to issues that are fabricated and based upon simply speculation, theory and the economic need of corporations to find new sources of revenue.

My parents are the type that are paranoid about identity theft and are always worried about the world at large compromising their sensitive financial data. So naturally when they read about the new mac viruses, my mother called me up specifically to ask whether or not it was still ok to submit her credit card information over the internet. As soon as this happened, I knew that something was wrong.

The short month of February brought with it huge media frenzy about the first Mac OS X viruses. Many were saying that it was only a matter of time before the mac, with no viruses, would be targeted and then it would be a domino effect following with spyware, malware, popups, basically all of the things that mac users get to laugh at would no longer be laughing.

• Business Week: Macs, Safe No More? - Recent malware outbreaks suggest that Apple’s computers are now targets of viruses and trojans.
• USA Today: Security Scares Mount for Apple Macintosh Users
• E*Week: Apple’s Switch to Intel Could Allow OS X Exploits
• and the list goes on and on.

It is true that past month saw “viruses”, as coined by the media, for the Mac OS X platform. The first is called OSX/Leap.A or OS X/Oompa-A, the second is a flaw that affects Apple’s popular web browser Safari, and the third is a “worm” that spreads through a vulnerability through Bluetooth wireless technology coined OSX/Inqtana-A. However, none of these “viruses” actually exist in the wild, and are merely either proof of concepts or vulnerabilities.

OS X/Leap.A/Oompa-A

” Leap-A, which appears to affect only the OS X 10.4 platform, spreads primarily via the Apple iChat instant-messaging program. The program forwards itself as a compressed file called “latestpics.tgz” to all the contacts on the infected user’s buddy list each time the program starts up.

But it’s up to the person to download the file, which shows up as an attachment to a conversation thread. If downloaded, the self-executable file masquerades with an icon typically reserved for image files but does not activate itself unless opened. (CNet.com)”

Even if someone does send you the “latestpics.tgz” file, your computer will not be infected unless you explicitly unzip the file, open it and then provide the computer with your password so it can run.

“The Leap-A malware was a poorly-programmed Trojan horse that relied on “social engineering,” or trickery to perform its nasty function. There’s a simple way to protect against this kind of threat — common sense — and in testament to this, a lot of people didn’t fall for it.

I’m not going to catch a virus this way any more than I’m going to send money to the honorable Dr. Mobuntu, head of the Central Bank of Nigeria.

When it comes to Leap-A, I’ll continue practicing the same common-sense precautions I take when using a Windows machine, like not opening any “nude pictures” of Britney Spears I get in e-mail.(Wired)” writes Leander Kahney.

Apple’s Official Policy concerning this is: “Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file. Apple always advises Macintosh users to only accept files from vendors and Web sites that they know and trust.” Apple provides a guide to safely handling files received from the Internet here.

Safari Critical Flaw

This flaw is indeed critical, however it is was released as a proof of concept flaw. This means that the exploit has been proven to exist and can occur but to date there have been no mention of systems being actually affected (more on “proof of concept” further in the article).

“The option to “Open ’safe’ files after downloading” in Apple’s Safari web browser has an issue. “This feature is activated by default. Its function is to automatically display images and movies after they are transmitted to the user’s computer, using the application assigned to that particular document format. Safari will also unpack ZIP archives and display the documents within if they are considered ’safe.’ If active content such as an application or shell script is found within the archive, a prompt requests user confirmation. So far, so good,” Heise Online reports. “Problems ensue if a shell script is stored into a ZIP archive without the so-called shebang line. If this line is omitted, Safari no longer recognizes the content as potentially dangerous and executes shell commands without a confirmation prompt. This behavior has been discovered by Michael Lehn, who has documented it on a web site.(Heise Online).”

The simple solution to this flaw is simply to disable open safe files after downloading in Safari preferences.

Since the exposure of these flaws Apple has released a security update that addresses both of these issues. The Apple Security Update 2006-001 available via Software Update or download from Apple’s Support Site. Apple specifically says the following is addressed in this update

• iChat. A malicious application named Leap.A that attempts to propagate using iChat has been detected. With this update for Mac OS X v10.4.5 and Mac OS X Server v10.4.5, iChat now uses Download Validation to warn of unknown or unsafe file types during file transfers
• Safari, LaunchServicesCVE-ID: CVE-2006-0848Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5Impact: Viewing a malicious web site may result in arbitrary code executionDescription: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the “Open `safe’ files after downloading” option is enabled in Safari’s General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9).

OSX/Inqtana-A

This flaw was fixed in June of 2005 and is addressed in Apple security update 2005-005, so why it is now receiving press attention in February 2006, as if it is a brand new “virus” or “security hole” found, is unknown to me.

Mac OS X Security vs. Windows Security

First and foremost concerning these “viruses” for Mac OS X as it stands there are still NO cases of Mac OS X viruses, ZERO. Second if you have the latest apple updates, you are not affected by these flaws that have been posted. Bingo, done no worries. So now that this has been addressed, lets go on.

Many are worrying that more mac viruses and such will occur because Apple is now using Intel processors, the same processors that run Windows. All major viruses out there, take advantage of the flaws and bugs in the operating system itself, not the hardware components that the operating system runs on. It’s like saying like we all use gas to power our cars, but if something is wrong with a honda it doesn’t mean that that same thing is going to be wrong with a ford.

Now that is not to say that Mac OS X platform is not vulnerable. No system is 100% safe as any system is going to have bugs and flaws. The difference is when these flaws and bugs are exploited. The Mac, which is based on UNIX is inherently more secure because of the way it functions and operates in comparison to windows. The mac, like windows, has security advisories released each month.
Many people are bringing to light the number of security advisories out there for Mac OS X. Yes, they exist, again no system is 100% safe. However, these security advisories have been constant since Mac OS X’s conception. Just because there is a flaw or bug in a system does not mean that it will result in a virus being released. In fact Mac OS X has almost close to the same number of security advisories as windows for the past few years as is shown by the following charts.

However just because a vulnerability exists doesn’t mean that it is going to harm anyone. In order for a vulnerability to affect people there has to be a working exploit. Apple releases fixes every so often to fix these vulnerabilities just like Microsoft releases patches to fix it’s flaws. The Safari web browser exploit, was a proof of concept, there were no working malicious exploits and this issue has since been addressed! Since Mac OS X is based upon UNIX, many of the components and all of their code is already out there on the web. Thus all of the flaws and vulnerabilities are already exposed. In fact ” many of the fixes in typical Mac OS X security updates aren’t Mac-specific,” Gruber says, “but rather are updates to open-source components and tools.” This helps to make sure that Mac OS X’s unix underpinnings are kept up to date with the open-source communities updates, fixes and contributions.

The difference in vulnerabilities and exploits is one of the key differences concerning security in Mac OS X vs. Windows. Almost all vulnerabilities in Windows are exploits, whereas due to the Mac OS X system architecture this is not the case, and is why Mac OS X is inherently more secure than Windows.

• “Windows comes with five of its ports open; Mac OS X comes with all of them shut and locked. (Ports are back-door channels to the Internet: one for instant-messaging, one for Windows XP’s remote-control feature, and so on.)(NY Times).” Ports are like doors from your computer to the internet. If you have doors open that you don’t even know exist, so as a result you can’t close them, of course it is going to be easier for a hacker to compromise your system. “At the very least, from the all-important network perspective, unlike Windows, Mac OS X ships with nearly all internet services turned off by default. Place an out-of-the-box Mac OS X installation on a network, and an attacker doesn’t have much to target in trying to compromise your system. A default installation of Windows, on the other hand, shows up like a big red bulls-eye on a network with numerous network services enabled and running.* And, unlike Windows, with Mac OS X, there’s no hard-to-disable (for average users afraid to tweak things unfamiliar to them, that is) “Messaging Services” that results in spam-like advertisements coming into the system by way of Windows-based pop-up message boxes. And, the Unix-based Mac OS X system firewall – simple enough protection for most users — is enabled by default (in Mac OSX Server) and easy to find and configure in Mac OS X Client software (not that there’s much that users need to worry about out-of-the-box anyway) — something that Microsoft only recently realized was a good idea and acknowledged should be done in Windows clients as well. (The Register) “
• “When a program tries to install itself in Mac OS X or Linux, a dialog box interrupts your work and asks you permission for that installation — in fact, requires your account password. Windows XP goes ahead and installs it, potentially without your awareness(NY Times).” Whenever a program needs to install something, those familiar to the Mac OS X system will see the password dialog box popup. Obviously if you do not know what is going on, and did not request for an application to be installed your not going to input your password, thus the virus or what have you will be defeated before it can even be activated. The fact that many commercial programs for windows present an interface when they install things is just conveninece. As stated from the NY Times article when you install something on Windows, your account password is not requested. So viruses just have to do this in the background and since there is no interface to view its activity, it appears invisible to the user.
• “Unlike Windows, Mac OS X requires an administrator password to change certain configurations, run the system updater, and when installing new software. From a security perspective, this is another example of how Apple takes a proactive approach to system-level security. If a virus, remote hacker, or co-worker tries to install or reconfigure something on the system, they’re stymied without knowing the administrator’s password stored in the hardened System Keychain. (Incidentally, this password is not the same as the Unix ‘root’ account password of the system’s FreeBSD foundation, something that further enhances security.) In some ways, this can be seen as Mac OS X protecting a careless user from themself as well as others. (The Register)” “Administrator accounts in Windows (and therefore viruses that exploit it) have access to all areas of the operating system. In Mac OS X, even an administrator can’t touch the files that drive the operating system itself. A Mac OS X virus (if there were such a thing) could theoretically wipe out all of your files, but wouldn’t be able to access anyone else’s stuff — and couldn’t touch the operating system itself (NY Times).” The core of Mac OS X lies in /System/Library, and the only account that can modify this is the root account. All other modifications occur in /Library and ~/Library so even if a program was granted access to modify the system it would not hinder the core operations of the computer itself.

A study done by the SANS Institute Internet Storm Center reveals that “an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it’s compromised by malware, on average. That figure is down from around 40 minutes, the group’s estimate in 2003. (CNet.com)” “As the SANS Institute notes, 20 minutes is not long enough to update your Windows PC before it is too late.(The Register) ” The full report is available here.

If any of my clients can prove that their Mac has been infected with a virus, I will personally buy them a new $2000 system of their choice. “You have to be able to prove that a Mac running Mac OS X (version 10.0 or greater, and patched to the latest security level available at the time from Apple) was accidentally and detrimentally infected with a virus that exploited a flaw in the base Mac OS X installation. Your computer must have SUFFERED FROM A REAL, LIVE VIRUS THAT ALREADY EXISTED! (Whilshipley.com)”, and was both able to spread and infect. Your system will not count if it was infected from a “virus” that was merely created to show that viruses can exist on Mac OS X.