Wednesday, December 5, 2012

Mac Security Information Resource List

[Updated 2012-12-05 7:43 pm]
The purpose of this list is to point out Mac security information resources we can all use. I am adding the most directly useful of the Mac security web locations to my "Friends Of Mac-Security" list on the right of the blog page for your convenience. Please do NOT count on my blog as a summary of any of these resources. I have neither time nor ambition to meet that expectation. Instead please visit these all of these sites directly.

NOTE: Please add to my list via your comments. I will be updating this article with your suggests, giving you credit for your contributions. They are always appreciated.

This list is in no order of priority. I'll leave that to you. But I will start with my net friend Thomas Reed, with whom I collaborate. Together, with a group of writers, developers and others who work with malware, we attempt to keep a complete list of active Mac malware which we present on our perspective websites.

I) Thomas' Tech Corner

Thomas's terrifically useful website, like this blog, is entirely an act of altruism to the Mac community. He attempts to keep track of all the currently active Mac malware, as do I. We will be collaborating in the future to share our collected list of malware with out via both our websites. Thomas is also involved with anti-malware software analysis. I highly recommend his interesting article Mac anti-virus detection rates.
    n. The quality of unselfish concern for the welfare of others.
II) Brian Krebs: Kreb on Security

Brian wrote about computers for the Washington Post through 2009. We benefit from his, again altruistic, contributions to the computer security community via his terrific web blog. His work has been exemplary. He does not focus on Mac security. However, he's one of the very best independent resources on computer security issues, many of which are directly applicable to Mac users.

Brian also, like myself, has had a run-in with the Red Hacker Alliance as they used to be called. This Chinese hacker group is now simply called the Chinese government. Brian also points out that one of the former RHA members is now involved with, ironically and ominously, an Chinese 'anti'-malware company called 'Anvisoft'. Here's his article on the subject: Infamous Hacker Heading Chinese Antivirus Firm?
   n. An active effort to promote human welfare; humanitarianactivity. In this sense, it is an action, not merely a state of mind. [PJC]

Rich is the Mac security expert at venerable TidBITS. His correspondence has personally helped me learn a great deal about Mac computer security. He's a terrific fellow and great resource. Rich is not the only contributor to his Securosis Blog. Nor is his blog specific only to Mac computers. Like Brian Krebs, Rich is extremely knowledgable about the entire field of computer security and highly recommended for general knowledge.

Rich's Mac security specific articles typically turn up at the TidBITS website and in the weekly TidBITs newsletter, available for sign up HERE.

Rich is also a contributor to the Macworld Mac Security Superguide, available through TidBITS Publishing.

IV) MacWorld Security

I've been a paying subscriber to MacWorld magazine for nearly two decades (electronic version preferred). I very much enjoy other Mac magazines and websites. But I consistently come back to MacWorld as my best general Mac resource. Their writing is excellent. The magazine itself still lags a full month behind reality. But the website is terrifically up-to-date. Recently their website has gone through a hellish beta period of revision. However, it appears to have settled into usefulness again, including its Security website area. I would never count on MacWorld as any sort of definitive source of Mac security news. Much of it is second hand. None of it is provocative or particularly insightful. However, they keep track of the big issues and write about them effectively.

V) Topher Kessler at MacFixIt

Topher is another member of the Mac security interest group to which I belong. I used to be a paying member at MacFixIt and have been reading Topher's terrific articles for years. He frequently writes about Mac malware and Mac security strategies. I've found his insights to be extremely valuable.

VI) Intego's Mac Security Blog

I've had a very positive relationship with the folks at Intego. I still prefer their VirusBarrier X6 to the alternatives I've tested and continue to be a paying user. Their Mac Security Blog has been the best commercial source of Mac Security news I've found. Lately the blog has been expanding in some odd directions that have concerned me. You may find my comments there stating so. Nonetheless, their Mac security reports have consistently been on target, timely and insightful.

I continue to wish Intego would publish a list of known active Mac malware! They won't, sigh. No one will. It's the usual 'secret malware', 'go get your own' competition within the commercial anti-malware industry that irks me to no end. And yet, Intego have gone out of their way to help me whenever I've had specific malware questions. I am extremely grateful for their work within the Mac community and look forward to their supporting them in the future.

V) The NakedSecurity blog at Sophos

The Sophos blog covers a lot of computer security news and issues. As such, you're likely to find their articles to be slightly more obscure for the average Mac user. Nonetheless, I find their articles to be timely and interesting. They dive deep into what's going on in computer security today. For example, they're a great place to keep up with the latest DIY malware kits, aka Exploit Kits and Hacker Tools. All of this is increasingly relevant to Mac users as the cyber criminals in China, Russia, Iran and elsewhere become more Mac literate and more desperate to abuse both users and LUSERS alike.


That's it for my quick Mac Security Information Resource List. Here are links to additional resources I recommend for those who wish to know more about computer security:

Steve Gibson's 'Security Now' podcast @TwIT.TV
The Ed Bott Report
Jeremiah Grossman's Whitehat Security Blog
• The Fishbowl: Dr. Charlie Miller's Weblog
Trail of Bits: Dino Dai Zovi's Blog
Adobe's PSIRT Blog

If you have other great computer security information resources, please post them in the comments!

Share and Enjoy,


No comments:

Post a Comment