Jon Alper's probably insufficiently humble opinion

Macworld|iWorld thoughts and reminiscences

There are several great articles reviewing last week’s Macworld|iWorld and I would urge you to read these two in particular:

Christopher Breen of Macworld.com’s “Macworld Expo is dead, long live Macworld | iWorld”

And Ted Landau, of The MacObsserver’s “Macworld | iWorld Reinvents Itself”

To those, I’d like to add this:

This year’s Macworld|iWorld was, and will be marvelous to me because it reminded me of QuickTime Live!

QuickTime Live! was managed by Paul Kent, the same person who’s been in charge of Macworld content for IDG for several years. QuickTime Live! was the drop-dead-best trade show experience I have ever had.

QuickTime Live! was a small event held, if I recall correctly, for three years before it was merged into and ultimately digested by WWWDC.

Sure, there were ‘vendor-driven’ how-to sessions (and some good ones too!) and there was an exposition hall with products and tools you could see, touch and discuss with their makers but the ‘expo’ was hardly the main thrust. The expo portion was sort of a ‘visual aid’ and a ‘chance to do some business’ but it was the sessions, the content and the social interaction that defined the show.

Sessions were great. Yes, some were WWDC-like in that they were ‘how-to’ sessions run by a tool-maker (including Apple). Sessions like those are important and happened and I think will continue to happen at Macworld|iWorld. But, and probably in part by dint of Apple’s QuickTime Team being smaller than Apple as a whole and, frankly, exceptionally kind and smart folk, there was a looseness, a comfort level in those sessions you rarely see at WWDC (except from Sal Soghoian  who always manages an epic, enlightening and endearing WWDC presentation)

WWWDC, is an Apple Developer Relations event. The conference is toeing the corporate line and has a *necessary* agenda about not just what but how. Apple isn’t typically inclined to get into matters of content and entertainment goals. They are there to teach and evangelize ways of working that advance the platform in specific ways. They are there to sell and teach at the same time. Apple’s WWDC audience is overtly the developer community and covertly the press and Wall Street. That’s not to say WWDC doesn’t have ‘fun’ but it’s always a managed sort of fun.

QuickTime Live! was special to me because the general thrust of the sessions was much more self-critical, self-effacing and, in many cases, driven by the theme of ‘project post mortem’. “Here was a project I worked on and here’s what I learned that might spare you some heartache” was the undercurrent of most of the sessions (and all of mine). People were honest about their experimentation. Presenters were keen to teach *and* learn.

QuickTime Live! (at its best) happened at The Beverly Hilton in LA and combination of Paul’s brilliant management setting the above general tone of the sessions and a quirk of architecture led to what I have called the “lobby bar phenomenon”.

The ‘lobby bar’ was just a bar with an adjacent ‘conversation pit’ where attendees used to informally convene share projects, ask advice, boast of success or admit failure. It was located in a way that, like Moscone West’s floor lobbies, all traffic had to flow past it.

The interaction in the lobby bar was social and it encouraged people to engage as peers. Yes there were parties. Yes there were Krispy Kreme Donuts in in the mornings but what happened there was an almost continuous collaborative conference session with fluid topics driven by what was just presented in a formal session moments before and what the community shared enthusiasm and interest in as it happened to just pop up. The communities and conversations formed around shared areas of interest and experience and they happened across industry, national and cultural boundaries.

QuickTime Live! was a profoundly special experience for me because it fostered meaningful community, knowledge sharing and a deep sense of camaraderie in the attendees. People I met taught me things, introduced me to people I later hired to consult on projects I was working on and, I hope, learned from the sessions I presented.

The QuickTime Developer community didn’t just go to see the latest toys and tools. We didn’t just go to take or teach a class in a technology or tool. We went to move relationships from virtual spaces (list-servs and web sites) to real face to face interaction. We went to spend time with like-minded people we liked and respected. We went to teach, learn and collaborate and have fun working. I do mean working. While there were parties at QuickTime Live!, they were hardly the main point.

We went with questions and came home with ideas.

The Macworld|iWorld I enjoyed this year embodied that spirit. You could feel it in the sessions, at the tables in each floor’s lobby at Moscone West. You could feel it at the musical performances, the art exhitions and at the sessions.

I saw people seated around tables in the lobbies really talking to each other. Saw them not just resting their pounding trade-show-feet or post Cirq Du Mac hangovers but talking, sharing, introducing each other . I ran into old friends, was introduced to new ones, connected with the faces to match the Twitter handles. I saw small companies showing their products. I was able to make designers and developers of those products smile genuinely when I told them what I loved about their products or react to what they demonstrated with feedback and ideas. I was able to ‘do some business’ on the show floor. I was able to discover new things. I wasn’t getting yelled at by Power Computing. I wasn’t getting ‘spun’ by Apple.

My session, though more sparsely attended than I liked,  had people with great questions.

I was there too briefly. I wanted more.

The way I see Macworld|iWorld evolving based on what I saw this year will move even more toward my QuickTime Live! ideal. I am really looking forward to next year!

Disclosure: I have been an attendee and usually speaker at Macworld Expo every year but one for close to twenty years. I was a speaker at all but the first QuickTime Live! and even did a ‘day keynote’. I’ve watched Macworld Expo show go from happening twice a year on the left and right coasts (and Japan and UK) to just once a year in San Francisco. I was there for the move from Boston to New York and back to Boston. I have been involved through at least two different management entities being in charge. I have had the good fortune to work pretty closely with Paul in the past and even served on his Macworld Expo Customer Advisory Board. I have ‘skin in this game’ and I care but I mean it… Macworld|iWorld was and will be something special.

The timing is terrible for me to have the time to write a proper post. In short, SOPA and PIPA are a bad thing for freedom and the Internet and the American public needs to make sure neither become law. I may not have time to write a long post but I made the time to call my reps.

For now, some links:

SOPA Resistance Day begins at Ars

LA Times:Where’s my Wikipedia? SOPA, PIPA blackout coming

Mashable: Why SOPA Is Dangerous

Why SOPA Threatens the DMCA Safe Harbor

No Flying Cars – Technology wins and losses – Harvard Law School Blog Post

Call, speak to person, don’t just click some online petition. Call, write a paper letter. Be impossible not to notice.

[NOTE: See Peter from Intego’s comments below. I am electing only to respond to his correct observation that I’d conflated two security issues in this post and amend the post accordingly to address the valid elements of his critique. See prior comment thread here: http://blog.jonalper.com/2011/intego-untrustworthy/ for why I feel it both important to make the corrections Peter’s comment demand and that I not engage in discussion with him about the remaining content of this piece. Note that the updates below continue to reveal my original error alongside the corrections marked between [UPDATED] and [/UPDATED].

When you sell ‘security products’ you have a a responsibility to exercise an over-abundance of caution in how you communicate with your customers and potential customers. Failing to do this makes you part of the problem and, again, I think Intego is falling far short of that standard.

The issue, as I see it, this time starts with the headline “New Version of DevilRobber Trojan Found In Three Mac Apps” of yesterday’s Mac Security Blog.

The headline implies you might find this nasty malware and be in jeopardy in software you’re likely to be using today. The headline implies typical Mac users are at present risk without an anti-virus application.

Au contraire mon frère, you’re not. As of now, you’ll only find yourself infected with DevilRobber.D if you use BitTorrent to try and pirate software.

Deeper still, the unwritten message is “you need our product to protect yourself” is just not true in this case. To be fair to Intego, this implication is a ‘sin of omission’ rather than a overt misdirection but, as I keep trying to say, I think the core problem is Intego falling short of a very high standard of communication and behavior that I believe comes with selling ‘security’ products.

Why do I pick on Intego? Aren’t all of these antivirus companies are basically a protection racket? Well, it’s pretty simple. Intego is a Mac shop and, having met and chatted with several Intego team members, I think they’re basically good people and they ought to do better. I expect this silliness from the “My super zippy PC TV ad” companies. I don’t expect this from a “Mac Company”.

Here are four simple truths Intego’s article either only indirectly addresses or completely ignores.

1) They found an ‘in the wild’ exploit on a BitTorrent tracker of pirate copies of three Mac titles.
2) Mac users who don’t use BitTorrent to pirate their software are, so far, immune as far as we know.
[UPDATED Points three and four below are not relevant due to my error pointed out by Peter in the comments]
3) Mac users who use Preview to read PDF’s rather than Adobe Reader are immune.
4) Mac users who use Adobe Reader can configure Adobe Reader to block the attack with a preferences setting now.
[/UPDATED]

Worst of all, from a marketing perspective, (the likely motivation for the misleading headline and, indeed, the whole point of their blog) Intego don’t even seem to give themselves full credit for the fact that they already blocked it with existing virus definitions.

Here’s the same post re-written by me as if I worked for Intego:

New Variant of DevilRobber Trojan found in altered MacOS apps distributed via BitTorrent

Intego’s malware researchers have found a new variant of the DevilRobber Trojan horse, which they first discovered in October. The latest variant – DevilRobber.D (there have been two others in between) – has been spotted in three deliberately altered Mac applications (Writer’s Café, EvoCam and Twitterrific) distributed via BitTorrent trackers.

The original developers’ distributions are not infected. (The files you can download directly from the developers’ sites are clean.) The malware has only been found in altered files distributed via BitTorrent trackers. If you use these applications, and have purchased them from the developers, you do not have infected copies of these applications.

[UPDATED *** As Peter from Intego correctly pointed out in the comments, I foolishly conflated the DevilRobber Trojan with another security issue with trojans distributed via PDF and exploits of the Adobe security flaw in Reader. The Links below relate to the PDF issue and *NOT* to DevilRobber]
For more information about this exploit please see:
Adobe’s Security Bulletin: http://www.adobe.com/support/security/advisories/apsa11-04.html
Topher Kessler’s article for C|Net’s MacFixit: http://reviews.cnet.com/8301-13727_7-57338524-263/security-threat-in-reader-and-acrobat-poses-threat-to-macs/
[/UPDATED]

For more information about this exploit please see:
http://www.thesecurityblog.com/2011/12/devilrobber-gets-an-updated-version/

http://nakedsecurity.sophos.com/2011/10/29/devilrobber-mac-os-x-trojan-horse-spies-on-you-uses-gpu-for-bitcoin-mining/

VirusBarrier X6 definitions addressing the previous versions of the DevilRobber Trojan successfully blocked this new variant (and two others) but we have updated our definitions to specifically block this new version as well.”
-30-

If the headline is too long or insufficiently sensational for your marketing guys to sign off on, split it up: New Variant of  Mac DevilRobber Trojan Found and then lead the article with “Three Mac Apps altered to payload the Trojan have been found on a BitTorrent Tracker”.

My prior rant re: Intego’s behavior is here:  http://blog.jonalper.com/2011/intego-untrustworthy/

[UPDATED Due to my conflation of DevilRobber with the Adobe Reader vulnerability and this story: http://www.thesecurityblog.com/2011/10/mac-trojan-posing-as-a-pdf-file/ the irony is far less thick in this post but PLENTY thick if you look at that link.] (The irony that that last rant addressed a behavior that socialized users to trust a file described and badged as a PDF that was really an application and that now we’re seeing an actual PDF Trojan is not lost on this writer.) [/UPDATED]

Here’s the deal. If you sell security products, I think you have to:

– Tell the truth about the level of risk.
– Tell the truth about what your product can do to protect from specific attacks.
– Tell the truth about what alternative measures users can take to mitigate risk.
– Fall all over yourself to protect the reputations of legitimate developers unless and until they distribute infected files or ship software that creates an attack vector.
– Be ‘low key’ about how you characterize risks so users can be confident in the maturity of your products and your business practices so they either buy your products (good for you and your customers) and follow good practices to reduce their risks even without your products (good for everybody).

[UPDATED Again, due to Peter from Intego pointing out my conflation of two issues, this not relevant to the post though still true.] As a final note, yeah, it sure seems like Flash and Acrobat are getting exploited pretty regularly lately. Maybe not leaving these plug-ins enabled in our browsers would be a good idea. [/UPDATED]

– Jon