What software and functions do you miss in pre-OSX?

[Cory5412]

Many Thanks for the suggestion . Great ideas you have.

Now , for endangering everyone with OSX 10.4, please enlighten me . That is very interesting .

Well, for starters, 10.4 is vulnerable to shellshock, and various service reflection vulnerabilities. If somebody gets in -- and there are ways in -- then they can do anything with your computer that they could do with, well, any computer.

I've been attempting to explain about this for two or three years now. Basically, the value of a remotely compromised system these days isn't in the personal data that's on it -- it's in that computer's ability to mine bitcoins or send spam.

On Windows, this gets accomplished by installing a tool such as pushdo, which is essentially a framework that allows an attacker to install additional components on the machine to do tasks. Pushdo could be used to deploy bitcoin agents, or to deploy cutwail, a tool that sends spam and phishing e-mails.

A Mac or Linux computer can also do these things, and if you can get access to one of those systems, it's even easier because the mail server is already built in.

All of this generates the amount of spam and traffic on the Internet, reducing performance for everybody.

I think I would notice if my Mac was being used as a botnet or mail server.

You'd be surprised. This post is about a person whose NeXT virtual machine was configured as an open mail relay, and they didn't notice it was spewing spam until it had been doing so for potentially weeks, and only because of a very low RAM situation -- something most Mac OS X machines won't have. They don't go into it, but they really only notice because the whole machine was crashing due to the massive crush loads on one process. The implication was that it took them quite a long time to notice because, well, otherwise, the machine operated at its normal speed and responsiveness. 

For as often as I talk about how slow even the fastest of PowerPC macs, a good G4 (something like a single-CPU, 700MHz to 1.2GHz or so, maybe a gig of RAM) can almost certainly handle sending 3500 messages without the user at the keyboard noticing. Probably the one time you'd notice is if you did something else insanely resource-intensive, but even then, there's a good chance if you were only doing one resource-intensive thing at a time, you wouldn't notice, unless you were extremely well-attuned to the amount of time a task should take (in totally insane detail i.e. wow this frame should actually take six seconds less to render.)

If you go down to something a whole lot slower (something most of the PPC/OSX enthusiasts have moved on from, like a 400-600MHz G3 with 512MB of RAM) then you're slightly more likely to notice, but that class of machines was pretty frequently using nearly all of their resources with 10.3 and 10.4, so a crush load of dropping 3500 spam messages onto the mail queue might make you notice. maybe.

 

[markyb86]

Sensitive data worth hacking on 20 year old computers?

Ain't nobody got time fo dat!

 

[bhtooefr]

My line about using the machine "properly" is more in regards to safe operation of the Harley or the Corvette, because it's literally possible to kill someone if you use them improperly, which would obviously be far more harmful than a PPC Mac in a botnet.

However, some practices with the Mac that would be using them "properly" would be avoiding untrusted software installation, using strong passwords/passphrases, keeping the machine behind a firewall, and installing the latest software updates. Even following those procedures, though, partially because there are no more software updates for PPC Macs, combined with the huge attack surface of OS X, you are at extreme risk for your computer's resources being used against the internet by malicious actors.

Using an insecure Unix-based platform on the internet isn't like using an old Jaguar Mk2 on the road, it's like putting a gun safe with a broken lock outside, and storing firearms and ammunition in it, and expecting that someone won't use them in a crime.

 

[galgot]

Thanks for these detailled responses .

So, let say I have a Mac 10.4 online. I have the root passwd, and I know it's not changed. I know my user passwd , and i know is not changed.

I've updated Bash. I know what are the services running. 

How could this machine be used to send spam mails ? 

Note: It's not that I don't believe you if you tell it can be done, But please , so far all I read is things scary like "don't go online, it's dangerous"  or "you endanger everyone" and suggestion for cars and motorcycle shoppings. No explanations on how .

Edit: Btw not using a Jaguar Mk2 properly can be very dangerous too… or a fork , or even a teaspoon...

 

[tsundoku]

Sensitive data worth hacking on 20 year old computers?

Ain't nobody got time fo dat!

It has been explained very clearly and repeatedly in this thread that nobody is talking about old computers being broken into to steal data (sensitive or otherwise). I hope you will give other people the courtesy of reading their posts before replying to them.

 

[IPalindromeI]

And even then, if you were to look to see if your machine is compromised, look for what? Unless you're a Unix type, you probably have no idea what's going on behind the magic curtain. Not only are they likely to disguise and hide it, they might even use rootkits and hide it even from careful eyes.

Once a system is compromised, it can not be trusted. You don't know what they could have done.

 

[TheWhiteFalcon]

I'd argue that anyone running Adobe Flash (even on the latest and greatest operating systems) is a bigger risk than someone using an old version of OS X at this point.

Ultimately there's no substitute for user caution.

 

[Cory5412]

My apologies for the delay. It had taken a while to craft a reply, and then I had to step away for a few days to do some house things.

In the time since I wrote the post below, this article came out from Arstechnica. I link it simply to illustrate the point that things are always changing and even a server that looks secure might have been compromised, somehow. I expect to hear more about this incident in the not too distant future. I'll probably be grabbing the  report from Eset to look over as well.

User caution is very important. If you have a sufficient amount of it and you're taking all the other technical precautions Galgot mentioned (including some more, such as no Java, Flash, etc), just being careful and aware is a good idea. Unfortunately, that runs counter to what most Mac users, even enthusiasts of outmoded and unsupported OS X systems, tend to have the wherewithal to do. There's a huge perception out there -- and has been for a very long time, that Macs are totally trouble-free and that they're completely rock solid and that they are totally impervious to attacks of all kinds. That causes a really lax attitude and I'd say more often than not, the lax attitude is often what gets malware installed on Macs. This isn't just a problem on old Macs. (In fact, from a pure "malware" perspective, OSX/PPC is probably a lot less likely to get any "malware" than, say, a system running 10.8 or 10.9, and from a pure quantity perspective, there's less of it than on Windows, even with Windows 7, 8, and 8.1 each making Windows more difficult an environment for malware.
 
The thing is, even on supported systems from vendors that are really active with patches, you're really not ever "done" with security. You have to run patches, if you're really interested you have to find out what those patches are. Once a system falls out of official support, you need to manually start reviewing possible vulnerabilities and essentially look for things to patch or mitigate on your own.
 
A way to avoid all that is to simply put the system(s) on a non-routable darknet, which is basically my plan should I ever end up with another late PPC system running Mac OS X. It's a good way to reuse old (probably also insecure) LAN equipment, and you can configure your modern file server with two network interfaces, so you can still do things such as share files, telnet/SSH to your server form your old machines, use them to fetch your e-mail, and if that server is running some form of Linux or UNIX on it, you could use Firefox/Thunderbird etc to access public Internet resources using it.(1) 

To talk to the issue of rooting a box(2). A few months (almost a year ago?) somebody mentioned that they felt confident that they knew everything there was to know about Mac OS X 10.4 and 10.5. I didn't say anything about that particular point until shortly thereafter, some new types of reflection attacks were discovered, along with shellshock, and several other vulnerabilities of various types have shown up since then. Many of these vulnerabilities impact old code that has been around a while. (The shellshock vulnerability affecting bash had been around for over twenty years, for example.)

So, if somebody takes the time to essentially review every CVE between when the last security patch for 10.4.11 came out, harden it using typical best practices, and then start re-compiling or somehow disabling every impacted component, it could be a great resource for the community of people using those machines. (At least those who bother to look for that kind of resource.)

So, I can't specifically say today for sure what the risks are going to be down the line in the same way that before September 2014 I couldn't have told you that shellshock was going to be a thing, and with shellshock, it's possible to use DHCP flags to set the root password on a Linux system.

The point there is that even if you've personally audited the entire codebase, vulnerabilities have since been found. Some free operating system projects are involved in an effort to start continuously prune and polish all of the code, which is good and their work should improve everything for everybody.

Some components of Mac OS X (bash, in particular) have been updated by knowledgeable members of the Mac/PPC scene. To my knowledge, that's the only such thing that has been updated. This is because I simply don't have a personal interest in it, but as far as I know, no PPC-focused community (most of the MacPPC-specific sites I've seen so far individuals' blogs) has put together a security resources guide, not only with information about how to harden Mac OS X using what's built in, as well as what to replace and how to either compile new OS components from scratch, or providing installation packages.
 
(1) This is insanely tangential, but that would be a good way to use a whole lab of G3s or G4s running Mac OS X with a single faster system, simplifying account management, management and security of the Macs themselves, and providing an environment that is actually faster at rendering pages or running more updated versions of heavy software such as GIMP and OpenOffice.ORG.
(2) Actually, setting the root password on Mac OS X has long been considered a bad practice. The fact that Apple keeps root disabled is probably like the one thing that saved a few of the boxes of people who boast about Mac OS X security.

 

[68k family]

A DropBox client ?

Oh wait... they just killed it for OSX ppc ...

Yeah... Fantastic. My newest Mac is a PowerBook G4 1.67 ghz machine so before long I will feel like I am still using my 540c

 

[tanuki65]

In pre-OS X? Chiming out the clock sounds quite neat, and I do like seeing all the extensions that load up when you turn on your Mac after you install loads of software.

 

[VMSZealot]

The only thing I miss is the ability to install the OS by drag and dropping the System folder. A massive backwards step from the classic MacOS.

 

[tsundoku]

The original question was "which features from OS X (and presumably other modern operating systems) that are absent in Mac OS 9 do you miss?" but if you flip the question around to "which Mac OS 9 features do you miss in OS X?" I only have one word:

Finder.

Yes, still, 15 years later.