|Home » Industry Watch
CONSUMER WARNING: ROGUE FREEWARE
Download your software only from the website of the vendor. No exceptions.
APPLE PARK WAY (Rixstep) — It's really a shame to have to take time from fighting the pandemic - and the window-lickers making it worse - to address a software issue related to Grannie Tim, but here we go.
A number of websites have made illegal copies of our freeware and are using them in their own campaigns.
This is not only illegal, it's also dangerous.
In one such package we've found a .DS_Store file. Not only do we not package .DS_Store files, our systems don't generate them, as we don't run Apple's Finder. We run only our own Xfile (which is in all other ways infinitely superior).
Apple made a security system for their mobiles involving code-signing. This works OK on the mobiles as the iOS kernel can demand the presence of the code-signing section. Apple's desktop OS cannot do the same.
Removing Apple's code-signing is a trivial process, as we pointed out over ten years ago. The code for this is trivial. We have never published this code and likely never will, as tampering with someone else's code is unethical and most likely illegal. But it's a trivial process.
Tampering with a code-signed Apple desktop OS package, where the code-signing has first been removed, then inserting malicious code, then resigning the package: that's also a trivial process. The difficulty is down only to the malicious imagination of the hacker.
Apple's desktop OS cannot be secured with code-signing.
Rixstep's CLIX, however, as but one example, can.
CLIX uses a technology developed in-house. The working title for this technology has been 'Reverse Houdini' or sometimes just 'Houdini' for short.
The weakness with Apple's complex 'Gatekeeper' system is that it can easily be defeated on Apple's desktop OS because the kernel cannot demand the presence of the relevant header section (and consequently the seal itself).
We proved this with a realtime demonstration in our forum over ten years ago.
Yes, it's that simple.
So CLIX needed something better.
The solution - and it's not easy - took over half a year to design and develop.
There is no way an interloper can tinker with the CLIX binary and still expect CLIX to run - even if it's already launched. No way.
Apple can't do that.
The downside comes when software download sites don't limit themselves to linking to our software, but also make illegal copies for themselves (and also drop .DS_Store files into them, proving they're rather dimwitted and have been fucking around). Those copies can be 'pre-Houdini'.
We stand by our products. Of course we do. And we do not tolerate others making unsolicited and illegal copies for redistribution.
Download your software only from the website of your vendor. No exceptions and no redistribution. Our EULAs say so right at the top. You can't miss it.
SOFTWARE END USER LICENCE AGREEMENT
REDISTRIBUTION OR RENTAL NOT PERMITTED
This is not only standard text, it's there for your protection.
Name and shame? Not yet. We've been in contact with them all, but none have replied. We'll wait a bit longer.
Rixstep: Rixstep's Free Stuff
You've obviously heard of us, otherwise you wouldn't be here.
We're known for telling the truth even if it's not in our interest.
We're now telling you to beware Apple's walled garden. Don't get locked in.
What you've seen so far may be only the beginning of something far far worse.
Download our Test Drive and at least check out our free Keymaster Solo.
That's the first step to regaining your freedom. See here.