Stallman backpedals on Mac OS backdoor claims

Free software activist Richard Stallman has withdrawn an accusation that Apple’s Mac OS X contained a backdoor after admitting there was no evidence to substantiate his earlier claims. Stallman has repeatedly levelled charges that Apple could forcibly impose software changes in Mac OS X. He now admits his opinion was influenced by unsubstantiated gripes against Apple’s operating system and that there is “no evidence that Apple has installed software changes without the user’s permission.”

<a href=”http://ad.uk.doubleclick.net/jump/reg.security.4159/front;tile=2;pos=top;dcove=d;sz=336×280;ord=SsQaisCoZGUAAGpZQyEAAAEp?” target=”_blank”><img src=”http://ad.uk.doubleclick.net/ad/reg.security.4159/front;tile=2;pos=top;dcove=d;sz=336×280;ord=SsQaisCoZGUAAGpZQyEAAAEp?” alt=”"></a>

“We have no way to verify that there is no backdoor in Mac OS X that could install changes without permission, but that is no basis to claim there is one,” Stallman writes in a post on his FSF blog on Monday. “I apologize for repeating a criticism of Mac OS which I cannot substantiate and must presume is false.”

Even after ditching the backdoor claim, Stallman predictably remains a staunch critic of Apple’s DRM (copyright technology) push.

“While Apple has not, it seems, imposed changes by force, it has a record of making users install harmful changes on pain of losing functionality, and misleading users about what these changes do.”

For example, back in 2005, Apple insisted users needed to upgrade to iTunes 4.7 to use its music store. According to Stallman, Apple misled its users in describing this as a security upgrade. In reality, the change was designed to “change the iTunes system of Digital Restrictions Management (DRM) to make PyMusique stop working.” PyMusique was a free software application that allowed GNU/Linux users to access the iTunes store. This isn’t an isolated example, according to Stallman, who accused Apple of sneaking a DRM into Quicktime last year that “stopped users from playing video files they themselves had made.”

Stallman concludes that while he no longer believes Mac OS X has a backdoor, he doesn’t regard it as all above board either. He is certainly not a candidate for an iBook, much less an iPhone. Stallman’s privacy concerns are such that he avoids using mobiles in general.

“If Mac OS X does not have a backdoor to forcibly install changes, that does not make it ethical,” Stallman concludes. “It has other malicious features, such as Digital Restrictions Management.

“What makes those malfeatures possible is that users can’t remove them. Mac OS is proprietary software, so the users don’t have control over it – rather, the developer has sole control over the program, and employs it as an instrument of control over the users. So I don’t withdraw my condemnation of Mac OS. But I do withdraw the claim that it has a known backdoor.” ®

Apple pushes unnecessary software to Windows PCs

But within hours, it pulls enterprise tool from update list

Apple again used its software update tool to push a program that was previously not installed on PCs, according to Computerworld tests early Monday. Later in the day, however, Apple removed the software from the update list. Apple’s Software Update for Windows — a utility most often installed on PCs when users download iTunes — was offering something called “iPhone Configuration Utility” to Windows users, even those who have never connected an iPhone to their computers. Popular Windows blogger Ed Bott first reported on ZDNet that the tool was included in new updates. Computerworld confirmed that the 22MB download was offered to PCs — including those running Windows XP Service Pack 3 (SP3) and Vista SP2 — that had never been used to synchronize an iPhone. The tool, chimed in Simon Bisson of itexpertmag.com, is actually an enterprise-grade tool for network administrators, who use it to create and deploy device profiles so users can securely connect to a company’s Exchange mail servers. According to Bisson, the iPhone Configuration Utility also adds the open-source Apache Web server software to the PC. “The thing with that iPhone config utility is that it’s an enterprise tool for building device profiles. It’s not for consumers!” Bisson said on Twitter.

Apple has been criticized in the past for using its software updating service to push unwanted software. Last year, for example, the company came under fire for offering Safari for Windows to users who had not installed the application, going so far as to pre-check the program so that users who simply accepted the default downloads received the browser. John Lilly, the CEO of Mozilla, the open-source developer responsible for Firefox, said Apple’s tactic “undermines the Internet” because updates are traditionally used to patch or fix existing software, not install new programs.

Later, Apple quietly changed Software Update so that Safari was unchecked, requiring users to explicitly request the browser. By 3:30 p.m. EST, Apple Software Update had dropped the iPhone Configuration Utility as a potential update to the same PCs that had earlier indicated the tool should be downloaded. Apple did not immediately respond to questions about why the iPhone utility had been offered, and whether the company had erred in listing it as an update for Windows users.