Folks, we don't want to send you off into your weekend all alarmed and stuff, but we just wouldn't feel right if we didn't remind you one more time that this latest Mac OS X security hole is the Real Deal™. It's understandable if you're still playing the part of a skeptical villager, given how often people have cried wolf by playing up Mac security flaws that turn out to be all theory and no practice; that executable-code-in-MP3-ID-tags one, for example, was pretty nifty and definitely clever, but apparently a little too academic for anyone to bother exploiting for real-- and yet there was all sorts of hubbub over someone having finally found a major Mac OS X hole, the sky was falling, life as we knew it would never be the same, yadda yadda yadda.

Or what about security flaws that aren't flaws at all, like that Trojan that was just an executable AppleScript with a custom icon slapped on top? It's not a security problem with the operating system if someone lies to you about what a program does, just like it's not the architect's fault if someone tells you that jumping off a skyscraper's roof won't kill you much. But of course, the media loves grasping at every straw it can find in hopes of convincing people that Mac OS X is no more secure than Windows-- which is sort of like saying that sand is no less wet than water, but hey, whatever fries their bacon.

But this Help Viewer vulnerability, well, like we said, it's genuine, and easy enough to exploit that a sleep-deprived monkey with attention deficit disorder could do it. Indeed, WIRED reports that tossing together an exploit is so gosh-darned simple that "malicious script kiddies" are falling all over themselves to do it, and the "outburst of scripts and applications designed to exploit the hole" since it became well-known on Tuesday has prompted Secunia to upgrade the severity of the hole from "Highly Critical" to "Extremely Critical"-- which is, of course, just a little ironic, since the sudden proliferation of exploits is a direct result of Secunia having publicized the flaw in the first place. Ain't it always the way?

Anyway, it's worth mentioning that the two-part exploit to which we originally linked may have implied that you need to download a disk image before your system can be messed with, which is not at all the case. For a clearer picture of what's going on, check out Richard Bronosky's harrowing demonstration-- no disk image involved, and just visiting the page causes Terminal to start spewing data on your disk usage. Basically, if someone knows the location of a script on your hard disk, they can throw together a web page that'll cause it to run automatically. That's probably not all that dangerous, since scripts that ship as part of Mac OS X aren't likely to be destructive in any way, and Bronosky wasn't able to execute UNIX commands with command line arguments, so you can't send, for example, the UNIX command to delete all files, etc.

So the disk image part of the equation just provides the Bad Guys with a convenient way to stick evil scripts onto your system in a known location-- which is a pretty important step if they're trying to do something seriously evil, of course, but control freaks will hate just knowing that the Help Viewer bug alone gives people a certain level of access to what's happening on their systems. If you're anything like us (heaven help you), you still get the screaming mimis just knowing that random people can, for example, minimize all your Finder windows. (If you visited Bronosky's page first, you may need to quit Help Viewer before that link will work, but you get the idea.)

Well, good news: faithful viewer jeffNOTjon informs us that Apple has finally moved past the "We Take Security Very Seriously™" stage of its investigation. Security Update 2004-05-24 (for Panther; there's also one for Jaguar) is now available for your Help Viewer-patching enjoyment, and while it claims to deliver "a number of security enhancements," we strongly suspect that that number is "one." In fact, the update's list of updated components consists of, well, Help Viewer (plus Terminal for Jaguar), so you can be pretty sure of what this thing does. Apply it, and start working on rebuilding that Wall o' Mac Smug you've been sitting on top of for all these years.

You know, for the most part, we like to think of ourselves as pretty shrewd students of human behavior, but we admit that there are still certain segments of the population whose actions and motivations confound us. In particular, we sort of wish that Jane Goodall had spent a few years studying Enterprise People in their native habitat, because frankly, those guys baffle us. Mind you, we're not talking about Spock, Bones, and the guy in the red shirt who snuffs it within fifteen seconds of beaming down to the planet's surface; we mean "enterprise" in the context of big business IT and the like. The few Enterprise People with whom we've come in contact have exhibited behavior so alien to our own that we find ourselves desperate for an Animal Planet hour-long special to explain just what the heck they're thinking. (Like, what was with those haircuts?)

Lucky for us, then, that Apple has devoted resources to the study of this fascinating species, even if it is just in hopes of siphoning a bunch of cash from those juicy enterprise IT budgets. While the company hasn't generally shared its findings with the scientific community yet, it has dropped a few helpful nuggets of info to the public on occasion. For instance, Macworld UK reports that Apple UK's managing director Mark Rogers recently described the company's Xserve RAID product as "the iPod for the enterprise market," and that single simple statement actually reveals quite a lot about these creatures whose ways are so different from our own.

For one thing, Enterprise People apparently have really big pockets.

Seriously, think about it; the Xserve RAID measures 5.25 inches by 17 inches by 18.4 inches, so anyone who's going to lug around something that's almost a full cubic foot in volume just so he can listen to music all day clearly must have an appropriate wardrobe capable of accommodating its bulk. Moreover, given that the Xserve RAID weighs "60-100 pounds depending on configuration," Enterprise People possess either superhuman strength and exceptional physical endurance, or little enough mental acuity to grasp that stuffing a big honkin' RAID server down their pants is perhaps not the best way to carry their music around with them-- unless, of course, Enterprise People also have really extensive music collections and require high-speed access to any of 875,000 songs at any given moment.

Also, given the Xserve RAID's need to draw 300 watts of power while in use, we can infer that either Enterprise People are stuffing another enormous pocket with a fully-charged, heavy-duty uninterruptible power supply, or they never venture out of range of a single wall socket. (Or they're using a Really Long Extension Cord™.) Indeed, the more we think about Xserve RAIDs being used as portable music players by Enterprise People, the less suitable they seem for the task. For instance, there's no audio jack, so we haven't a clue what these people think they're actually listening to in the first place.

We suppose it must all come down to cost savings; while they would be far more portable and functional as portable music devices, the 88 iPods necessary to store as much music as a top-of-the-line Xserve RAID would cost four times as much money-- unless, of course, you factor in the additional costs that accompany the Xserve RAID choice, such as hernia operations, hospital stays, and the like. Hmmm, let's see, now... reduced functionality and higher long-term costs in exchange for a smaller up-front expenditure; sounds a little like the practice of outfitting large companies with fleets of cheap Wintels and then eating a fortune in support costs and downtime in the future. Fascinating. Whoever said that Enterprise People weren't at least consistent?