What an incredibly rational policy. Not only do you charge $129 each year for an incremental upgrade, you force them to upgrade if they want their machines ot stay secure. Brilliant.
Will Apple just patch Panther?
Last modified: October 29, 2003, 12:27 PM PST
By Robert Lemos
Staff Writer, CNET News.com
Apple Computer's latest version of its Mac OS X operating system, Panther, patches security flaws that affect previous versions of the operating system, leaving security experts wondering if users will have to pay the $129 upgrade fee to be secure.
On Tuesday, Apple released an advisory indicating that the Mac OS X 10.3 upgrade includes more than a dozen "security enhancements," none of which appears to have been applied to previous versions of the software. Apple's Security Updates Web page doesn't list the fixes for previous versions of the operating system.
"It is not a friendly thing to tell your customers to shell out a lot of money to stay secure," said Thor Larholm, senior researcher for software security firm PivX Solutions. "It would be a dangerous precedent, if they did."
Apple declined comment.
Typically, companies that charge for software provide security updates for the software for a certain period of time. Microsoft provides support for its products for about five years and releases service packs every year that include all the enhancements to the software. Microsoft doesn't charge for the service packs.
"Imagine if Microsoft tried to charge for security fixes--people would go crazy," Larholm said.
Linux vendors typically work things bit differently, as so much of the software they distribute is produced by developers outside the companies. Red Hat, for example, charges about $40 for its desktop edition and provides a year of updates for free. After that, users either have to pay $60 a year to join the company's Red Hat Network and receive updates or subscribe to a free service, such as Ximian's basic Red Carpet service. (Ximian is now owned by Novell.)
Apple's plan falls between the two models, offering bug fixes for free but charging $129 for the update to the operating system--the third time the company has released a new version since Mac OS X debuted in March 2001.
The current set of vulnerabilities include a flaw in the operating system that causes applications to be installed with insecure file permissions. Other vulnerabilities could let a local or remote user crash the system.
Security firm @Stake found four of the vulnerabilities and worked with Apple to fix them in time for the release of Panther. The advisories seem to indicate that Apple doesn't plan to release fixes for earlier versions of the Mac OS X. Each advisory says that users should either upgrade to Panther or turn off the affected software component.
PivX's Larholm said that Apple would have to release some patches or risk angering its users.
"They have stated that they want to release a new version of OS X every year, but this is the first time they have hinted that they will not be supporting any particular OS X version for more than that year, and that they expect all their customers to upgrade their operating system on a yearly basis," he said.
Last modified: October 29, 2003, 12:27 PM PST
By Robert Lemos
Staff Writer, CNET News.com
Apple Computer's latest version of its Mac OS X operating system, Panther, patches security flaws that affect previous versions of the operating system, leaving security experts wondering if users will have to pay the $129 upgrade fee to be secure.
On Tuesday, Apple released an advisory indicating that the Mac OS X 10.3 upgrade includes more than a dozen "security enhancements," none of which appears to have been applied to previous versions of the software. Apple's Security Updates Web page doesn't list the fixes for previous versions of the operating system.
"It is not a friendly thing to tell your customers to shell out a lot of money to stay secure," said Thor Larholm, senior researcher for software security firm PivX Solutions. "It would be a dangerous precedent, if they did."
Apple declined comment.
Typically, companies that charge for software provide security updates for the software for a certain period of time. Microsoft provides support for its products for about five years and releases service packs every year that include all the enhancements to the software. Microsoft doesn't charge for the service packs.
"Imagine if Microsoft tried to charge for security fixes--people would go crazy," Larholm said.
Linux vendors typically work things bit differently, as so much of the software they distribute is produced by developers outside the companies. Red Hat, for example, charges about $40 for its desktop edition and provides a year of updates for free. After that, users either have to pay $60 a year to join the company's Red Hat Network and receive updates or subscribe to a free service, such as Ximian's basic Red Carpet service. (Ximian is now owned by Novell.)
Apple's plan falls between the two models, offering bug fixes for free but charging $129 for the update to the operating system--the third time the company has released a new version since Mac OS X debuted in March 2001.
The current set of vulnerabilities include a flaw in the operating system that causes applications to be installed with insecure file permissions. Other vulnerabilities could let a local or remote user crash the system.
Security firm @Stake found four of the vulnerabilities and worked with Apple to fix them in time for the release of Panther. The advisories seem to indicate that Apple doesn't plan to release fixes for earlier versions of the Mac OS X. Each advisory says that users should either upgrade to Panther or turn off the affected software component.
PivX's Larholm said that Apple would have to release some patches or risk angering its users.
"They have stated that they want to release a new version of OS X every year, but this is the first time they have hinted that they will not be supporting any particular OS X version for more than that year, and that they expect all their customers to upgrade their operating system on a yearly basis," he said.
Comment