Mac Musings

Meltdown at Low End Mac

Daniel Knight - 2001.08.08

It's hard to say which is worse - the heat and humidity outdoors, the power drain for fans and air conditioners that has our uninterruptible power supplies screaming like banshees, the constant influx of spam (we're still getting "Snow White" and SirCam emails daily), or the absolutely unreliable Internet connection that must be reset dozens of times per day.

Keep the Windows Shut

Thank goodness for air conditioning. The 90ºF heat in Grand Rapids, Michigan, may be the lowest in the state as I write this on Tuesday afternoon. It's still another ozone action day - not that I do much driving anyhow, working from home. Our lawnmower is electric, so it never runs out of gas and is pretty quiet (for a lawnmower), but who wants to cut the grass in this heat and humidity?

As for the screaming UPSes, at least we have them to keep the network and server going during brownouts and power outages.

Please Shut the Windows

There's nothing we can do about the weather - and spam seems to fall in the same category. As they say, "Everyone talks about the weather, but nobody does anything about it." Spam isn't quite that bad (did you hear about AT&T WorldNet and their adoption of anti-spam, antivirus management on their mail servers?), but as long as there are Windows users who unthinkingly open attachments and marketers who think there's gold in email marketing, Snow White, SirCam, and unsolicited commercial email will remain a bane.

Shoot, I've even received spam on my EarthLink account, an address that I've never posted anywhere on the Web and only used for at most a half-dozen messages. I do seem to get less spam to my address than to older accounts, but I suspect that will change over time.

Open Windows a Nightmare

But it's the unreliable Internet connection that's driving me batty. It started Friday or Saturday, and I originally thought it might be heat-related, but it corresponds too well with the Code Red II worm. The symptoms: the activity light on my cable modem and router are blinking constantly, even when I disconnect the router from the home network. If I unplug the router, the modem loses its IP address and activity stops.

Code Red II & Cable Modems

You may be asking how it's possible for a virus/worm to do this. The basic mechanism of Code Red was to seek out IIS servers by randomly generating IP addresses, seeing if an IIS server responded, and infecting the remote server. Then both infected servers repeat the process.

Code Red II is more calculating. It specifically attempts to find IIS servers with IP addresses close to that of the infected machine. According to one article, the way Code Red II is written makes it 4,000 times more deadly than the original Code Red.

Of course, I don't have an IIS server on my network, but the Code Reds don't care. Between them they are probably sending out packets to every IP address on the Internet on a regular basis. But it gets worse with cable modems. Because all the cable modems in a neighborhood share the same hub, a packet sent to any address in that cluster is broadcast to every address in that cluster.

That's why cable modem users are having their Internet connections slammed these days. The only solution is for every Windows IIS server to be disinfected and have the necessary security patches installed to prevent reinfection.

That sounds like a denial of service attack. All those packets coming into the router eventually overwhelm it to the point where we can't see it on the network. The solution: unplug the router, then plug it back in. If that fails, unplug the cable modem and router, the plug both in again. If that fails, there's nothing more to do but try again.

Using the monitor built into the router, I see it's receiving about five times as many packets from the outside world as we create the network. And they're smaller packets, which isn't what you expect when downloading Web pages and files from the Web.

I'm beginning to suspect this may have damaged my Hawking Technology router. I'd switch to my SMC router, but it stopped working during Macworld Expo and needs to be repaired. I went to that Hawking site today with hopes of maybe being able to update the firmware on this router, but you need a Windows machine to run the installer. If it weren't for bad luck, I'd have no luck at all.

I'm hoping to find some way to set the router or cable modem to reject this traffic, but no luck there, either.

Broken Windows

Windows. You can't live with it, but you can't live without it, either. I was planning on writing an article about the disservice we do our children if we don't expose them to Windows, since that is the dominant operating system in use in businesses, schools, and homes. By exposing the kids to Windows, they can discover for themselves how well or how poorly it compares with the Mac OS.

I still lean that way, but I think Microsoft does us all a disservice by selling Windows in the first place. If Windows had been designed to propagate worms and viruses, it couldn't do a better job than it already does. Visual Basic makes it easy to create email worms that spread like crazy and viruses that can take down the operating system or even damage the hardware. That's why Snow White and SirCam email keeps showing up in my mailbox. (As of Wednesday, I'm slowly downloading the oversized SirCam spams via modem - this is excruciating!)

And the supposedly more secure, more robust, professional version of Windows is directly implicated in the Code Red and Code Red II worms. Windows 2000 running IIS without Microsoft's security patches is ruining the Internet for people around the world as it attacks routers and non-Win2k servers in its relentless search for more IIS servers to infect.

Thanks to Windows, I spend too much time every day deleting unwanted email and trying to get my Internet connection working again. We're all being held hostage to Microsoft's incompetence, whether we use Windows, the Mac OS, Linux, OS/2, BeOS, or any other operating system. Sure, Microsoft eventually gets around to finding and patching the bugs (63,000 in Win2k according to their own research), but then they leave it up to users and network administrators to learn about and install those patches.

What About Mac OS X?

At least one consultant calls OS X the most insecure operating system on the market. Of course, he has a vested interest as a security consultant, but I can't imagine how he could compare any OS to the ubiquitous variety of Windows and not call Windows the least secure OS available.

Mac OS X is the fastest growing OS on the planet, something you can say about any new OS which goes from no users to a bunch of users. I'm sure the security experts and hackers will find security hole in OS X, but since it is likely to remain a minority platform (Steve Jobs would be thrilled to own 10% of the market), it won't be as attractive to malware programmers, nor will the effect of any virus or worm be nearly as widespread as with Windows.

Best of all, the Mac OS (classic and X) includes a software update feature. Users can tell the computer to check for updates every day, on specific days, or on the same day every week. When security flaws are found in OS X, Apple will be able to fix them and put them in the queue with the next software update. Within a week or so, most OS X users will have a more secure OS.

Contrast that to the way things work in the Windows world. Most of the security problems are found by experts, either security consultants or hackers. Most of the problems are first addressed, at least in public, with postings from security experts and updated to the antivirus programs. Then Microsoft might get around to releasing a patch - and if you're on the right email list, they'll let you know when it's available and how you can download it.

The Macintosh way, automated system updates, is much more elegant and transparent to the end user. It has the potential to take an already stable OS and make it more secure over time without tech notes and manually installed patches.

Mac OS X won't change the weather, but Apple has the mechanism in place to keep making it a better, more secure operating system - just the opposite of Windows XP, which is still in beta and already being compromised by the Code Red virus.

Maybe that's what it will take to end these Internet meltdowns.