DealsOnTheWeb Daily Deal: OneCall's Weekend Sale - 20 Great Items at Great Prices All Weekend Long
TMO Reports - DVForge Nixes Virus Prize Contest
by , 6:15 AM EST, March 28th, 2005
Within 12 hours of announcing an open contest to successfully create and deploy an "in the wild" active virus for Mac OS X, Mac and iPod peripheral maker DVForge Inc. canceled the campaign saying it was ill advised and fraught with legal concerns.
The contest -- titled the Mac OS X Virus Prize 2005 -- was to have awarded a US$25,000 prize to the first hacker who could infect two Macintosh computers owned by the company. Announced early the morning of March 26, the company canceled the program in less than 24 hours.
"During the first several hours after making the public announcement, I was contacted by a large number of Mac users and Mac software professionals who shared their thinking with me about the contest," said Jack Campbell, Chief Executive Officer of DVForge. "I have taken their advice very seriously, and have made the difficult decision to cancel our contest. I have been convinced that the risk of a virus on the OS X platform is not zero, although it is remarkably close to zero.
"More importantly, I have been convinced that there may be legality issues stemming from such a contest, beyond those determined by our own legal counsel, prior to announcing the contest. So, despite my personal distaste for what some companies have done to take advantage of virus fears among the Mac community, and my own inclination to make a bold statement in response to those fears, I have no responsible choice but to retract the contest, effective immediately."
The catalyst for the contest was a report released early last week by anti-virus software vendor Symantec Corp. that said the Mac and Mac OS X was becoming an increasingly bigger target for viruses and hacker attacks.
"It is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems," the report stated. "Symantec believes that as the popularity of Apple's new platform continues to grow, so too will the number of attacks directed at it."
The report was met with skepticism across the Internet. Mr. Campbell called the report "complete nonsense" and challenged "any malicious coder" to prove Symantec's claims.
"There are a number of fundamental safeguards against virus attacks that keep the OS X operating system without its first in-the-wild virus," Mr. Campbell wrote. "The 'small number' of Macs has nothing to do with the lack of virus incidents. It is the architecture of Apple's operating system that protects its users from these bugs.
"I happen to believe that Apple should be offering this prize," he wrote. "But, since they have not, I will. On behalf of knowledgeable Mac users everywhere, I am putting my money where my mouth is."
To win the contest, the person coding the virus had to infect two G5 Powermac computer systems owned by the company and submit an e-mail notice with a transcript of at least 32 contiguous characters of code included in the virus, a brief description of the functionality and symptoms of the virus, and contact information. If the virus matched the description and actually worked, Mr. Campbell promised a $25,000 prize.
After canceling the contest, Mr. Campbell went out of his way to distance himself and his company from giving any impression that it was endorsing the development and distribution of computer viruses -- a U.S. federal crime punishable by up to 20 years in prison.
In a carefully worded statement, Mr. Campbell explained his reason for the contest and denied it was a publicity stunt.
"We have seen hundreds of people write to us condemning us for 'putting the entire Mac world at risk,'" he wrote. "If an in-the-wild virus is coming, anyway, I say let it come...I believe that this overstated virus threat is costing our platform hundreds of thousands of new users."
Saying he still feels the contest was the right thing to do, Mr. Campbell said, "the contest was only canceled because I was convinced on Saturday morning that there was some minor risk of federal law violation in continuing."
Observer Comments
If he felt that he could get in trouble with the law, that's one thing, but short of that I see no problem with this kind of thing.
The one thing I'd change, though, is that you should have to develop a fix for the hack you've created in order to collect the prize money. So even if your prize winning virus got out, there would already be a way to stop it.
Other then those 2 issues, I'd say this kind of thing is actually good for the platform in the long run.
Mon Mar 28, 2005 11:25 am Subject: "The catalyst for the contest was...."
I seriously doubt this. IMHO this guy deserves no publicity and his motivation is circumspect.
Do a little research on Mr. Campbell, say, at MacInTouch, and form your own opinion as to his motivation.
http://www.macintouch.com/mactable.html
Mon Mar 28, 2005 11:31 am Subject: the difference
Previous "hack the computer" contests were exactly that - find a path in and alter something (usually a file) to prove that you were there.
This "contest" explicitly stated the creation of a virus, which has a very definite meaning, including the ability to self-replicate and spread to other machines. The creation of a virus is in direct violation of the Federal Computer Abuse Act of 1994 (18 U.S.C. Sec. 1030).
Soliciting, and then offering to pay for, the creation of a virus would not be looked upon favorably by any court in the U.S., and I can't imagine any other country would either.
Mon Mar 28, 2005 11:51 am Subject: ***hat, yes - but ...
My knee-jerk reaction is to call this guy a whole bunch of explitives, and even after reading his reasons for doing this, I still think he's looking for publicity and recognition.
Still, there has always been the lingering statement - "Mac OS X hasn't been hacked because the hacker community hasn't really tried yet."
Now, I personally don't buy into that, but it's hard to refute a statement that really can't be refuted with hard evidence - only (what I consider to be very persuasive) circumstantial evidence.
Do we think it would be worth it for such a challenge to be issued? Would the results yield a benefit to our platform that made the risks worthwhile?
I think that that challenge has already been issued by the vocal Mac community that has been practically engraving a stone invitation to the hacker community, but maybe it will take someone like Campbell to raise that invitation up.
I have always been very suspicious of anything that uses "The ends justify the means" as the rationalization for activity that is inherently wrong, but part of me feels like it would be good for a Mac OS X box to either survive or fall prey to just such a challenge. Am I just as much of an ***hat as Campbell for thinking this?
Mon Mar 28, 2005 12:46 pm Subject: As Brutno observes
Mon Mar 28, 2005 4:10 pm Subject:
QuoteGuest wrote:
In the days before Mac OSX, a contest was set up by a Swedish company which they named Crack A Mac. That was back in 1997 and the prize was 13.500 US dollars. The challenge was to get into their server (Mac) and plant content on their web pages, so it wasn't exactly the same as creating a virus, but still interesting, perhaps?
You can read the story here: http://db.tidbits.com/getbits.acgi?tbart=02166
It was also completely unsuccessful. And that was with OS9.
Mon Mar 28, 2005 11:38 pm Subject:
QuoteIntruder wrote:QuoteGuest wrote:
In the days before Mac OSX, a contest was set up by a Swedish company which they named Crack A Mac. That was back in 1997 and the prize was 13.500 US dollars. The challenge was to get into their server (Mac) and plant content on their web pages, so it wasn't exactly the same as creating a virus, but still interesting, perhaps?
You can read the story here: http://db.tidbits.com/getbits.acgi?tbart=02166
It was also completely unsuccessful. And that was with OS9.
It's probably of note that Mac OS 9, like all Mac OS's prior, has a number of 'features' which make it difficult to remotely exploit in the same kind of way that Windows and UNIXes can be. First and foremost is the lack of a common shell environment. Though most Windows exploits seem to not use it, one of the first things to attempt when trying to break into a UNIX environment is obtaining a useable shell on the machine. Also notable is the lack of many, if any, listening servers running on a stock OS 9 computer, a feature it shares with OS X (which runs none unless specific services are enabled), and in contrast to Windows, which has a nasty habit of allowing services that shouldn't really listen externally to do so (LSASS, anyone?). People with UNIX systems often have to explicitly close mostly-useless services like daytime and echo which are potentially exploitable.
Symantec's fearmongering aside, we do need to be realistic about the potential threat of malicious software. I do not foresee some huge influx of malicious software, but it is likely to happen someday, and we need to be prepared.
Perhaps because of the difficulty of direct remote exploitation of vulnerable services on OS X, we should be wary of potential social engineering attacks. Consider, for example, the Bagle worm on Windows (at least, I think it was Bagle that did this). In order to be infected, you must receive and read the infected email, open the attached .zip file, use the provided password to decrypt the file, and then run the worm. Despite this convoluted process, this was a relatively common worm, meaning people did fall for it.
Similar attacks are possible today on OS X machines. Without going into too much detail, be aware that when asked for your administrator password, the program to which you give it will potentially have full control over your computer. Be sure you trust the program that is running, and the data it is using.
Symantec's warning may be overblown, but we shouldn't be complacent as a result.
Jason
… offered $2500 (that could be doubled under certain conditions …), then withdrew the offer, for very obvious reasons …
No risk, no pain … but quite a bit of gain : he gets free advertising on just about every tech site (Mac or not …) for his apparently shoddy businesses. Not a bad deal ! 
Con men always have great imaginations, and they usually can turn a pretty convincing discourse …
Recent Headlines - Updated Friday, July 18th, 2008
- Fri., 4:30 PM
- iPO Apple Store Spotlight - Bloomberg LP - Financial Information on Your iPhone
- 2:50 PM
- iPO Just a Thought - Seven Days (and Counting) Trying to Get an iPhone
- 2:15 PM
- AAPL Drops 3% in Afternoon Trading, Deferred Revenue Accounting Earning Attention
- 12:05 PM
- iPO Review - Jensen JiMS-525i
- 11:05 AM
- Apple in Art
- 10:40 AM
- iPO Free on iTunes - AtomTV, Black In America, Strange Days on Planet Earth, & More
- 9:15 AM
- TMO's DealsOnTheWeb.com - JBL On Stage II Speaker System w/RF Remote Control: $67.99 Delivered
- 8:20 AM
- StrangeCharm - Particle Debris and a New iPhone (2G)
- 7:30 AM
- TMO Quick Tip - Build Your Own Twitter Client
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
- OWC: Upgrade to a Larger Hard Drive, Add Additional Drives SATA for Mac Pro and G5s, up to 1.0TB in each Bay. 500GB from $90!
New iMac 800Mhz Memory 4GB $98, 2GB $50. Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: MacBook 1Gig $39, 2Gig $78, 4Gig $195! Mac Pro 2Gig $115, 4Gig $189! 500G Seagate SATA II $139! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Apple 15-inch MacBook Battery: $75 
New iMac Intel Core 2 Duo 2.4GHz 20-inch Al with Wireless Kdd & Mouse: $1199 
Overstock.com: $1.00 SiteWide Shipping - This Weekend Only 
J&R ComputerWorld's Weekend Sale - Save on TVs, Digital Cameras, Games & Tons More 
OneCall's Weekend Sale - 20 Great Items at Great Prices All Weekend Long 
