Friday, April 19, 2013

Useful Mac Security Articles, 2013-04-19

--
On the right margin of the Mac-Security blog, I have provided a list of 'Friends of Mac-Security', They are useful sources of information for all Mac users interested in computer security.

I believe it will also be useful for me to point out specific articles relevant to Mac security. Here are a few articles I consider to be useful for today:

1) Dan Goodin @ Ars Technica:

Yes, “design flaw” in 1Password is a problem, just not for end users
It may very well be time for a new and improved hashing function.

I've recommended using 1Password many times. I've also pointed out the critical importance of using diabolical passwords. The single weakest link in any encryption scheme is the password you use to access it. This is the classic user vs LUSER problem.

Dan's article goes into some depth about how good quality encryption works, and sometimes doesn't work.

2) Articles about Apple's new versions of Safari for OS X 10.6, 10.7 and 10.8:

Apple adds site-by-site Java support to Safari for OS X 10.6
The latest version of Safari gives Snow Leopard users more control over what Java content is displayed.

Topher Kessler discusses the surprising and excellent action by Apple to provide new Java security to OS X 10.6 Snow Leopard users in Safari v5.1.9. Please also note that this same support is provided in Safari v6.0.4 for OS X 10.7 and 10.8.

Apple Safari Now Offers Per-Site Java Enabling

Joshua Long at Intego goes into further detail regarding the Java security added to Safari v5.1.9 and v6.0.4.

3) Thomas Reed discusses the current influx of adware on the Mac platform:

Yontoo: adware or malware?





Thomas' last article provides instructions for removing the ChatZum adware.


~~~~~~~~~~~~~

Note: I have made the choice to not follow or write about adware at this blog. Technically, adware is not dangerous and is only a meagre form of malware. Focusing on serious Mac security concerns takes enough of my time and effort. However, I will be providing useful links to articles about adware, such as those by Thomas Reed.

The circle of Mac security watchers to which I belong, many members of which are on my list of 'Friends of Mac-Security', keeps a close eye on adware. Therefore, my blog will be useful for at least a list of source information about ongoing problems with adware.

The best approach regarding adware is to treat it as Trojan horses, software that is inflicted upon victims by what I call 'marketing morons'. They are disrespectful people who are willing to use any method possible to shove their advertisements in front of our eyes, very much like spam rats. The fact that we users typically respond to this garbage with desires and actions of retribution is apparently beyond their comprehension. I put such people on the level of malware rats, therefore I will be referring to them as 'adware rats'. As with all 'rats', I actively recommend their avoidance and extermination. 

At its worst, adware will drastically slow down a computer. This is typically because the adware is poorly written, hogging both the CPU and the network. I've hunted down and removed adware on Windows computers, finding its removal to be greatly beneficial. Such adware is innocently installed onto computers by less security savvy users who found some software or other to be of interest, worth installing, and the adware tagged along as an entirely unintended infection.

On the Mac, semi-adware has had a spotty history. In my experience, installing the free DivX software has been a glaring example whereby it used to inflict the installment of Google's Chrome web browser without warning. Chrome, of course, is a method Google uses to surveil users across the Internet via Tracking Cookies. Therefore, I have zero interest in Chrome on my Macs. Instead, I use the Chromium browser which does not automatically inflict Google's surveillance upon users as long as they do not log into Google and they ALSO dump all Tracking Cookies, manually or automatically. One cookie control program I recommend is SweetP Productions 'Cookie' application, which works with a variety of web browsers. Alternatively, try using SweetP Production's free 'Safari Cookies' Safari extension. There are other Tracking Cookie control alternatives for most web browsers.

Summary

As usual, be careful to install only software you have verified to be safe. Three safe Mac software sources I enjoy using are VersionTracker, MacUpdate and of course Apple's Mac App Store. 

CNET, who own and run VersionTracker, has been known to inflict adware upon Windows users. However, CNET's adware has not, so far, been inflicted upon Mac users. Let's hope it stays that way, otherwise expect my personal retribution.

:-Derek
--

No comments:

Post a Comment