Hi to Mac Security fans. I have been enjoying a hiatus away from this
regular post thanks to nice weather, lots to do, and nothing at all
happening with Mac Security. Happy one and all. But I figured I should
pop in once in a while to at least provide some peripheral news and let
you know I am still lurking around.

__________________________________________________ ________
An OFF TOPIC aside I decided to write to those concerned:

I wanted to post to let the kind people who wrote me know that I am
reinstating humor. During my break I realized that I write this periodic
thread for FUN. If it isn't fun any more I don't want to do it. The one
guy who ranted at me about not allowing fun in threads posted at
comp.sys.mac.system needs to take the stick out of his anus. Mac users
are fun people. We aren't sadomasochists, beaten down my our computer
and operating system. We celebrate our freedom, and make fun of those
who constantly oppress us. There is no better way to combat obnoxious
people than to laugh at their behavior. So expect me to be toss in
whatever satire or stupidness that comes to mind as I write. Consider
this my mini-manifesto. Bite me or kill file me if you don't like it.

Oh, and one more bitchy comment: Anyone can quote anything they like
from anywhere in their posts, according to copyright law and essay
writing conventions, as long as they provide proper credit to the author
as well as a reference to where the source material can be found. This
is called an 'attribution.' In critical writing this information is
found in footnotes. Hopefully you all know what those are. In scientific
work (which is what I like to do) the attributions are either provided
within the text (which is what I prefer) or at the very end of the
article. So please, no more nonsense notes to me about it being illegal
to quote someone. Go read a book about writing. What's illegal is
plagiarism. Look it up if you don't know what it is.
__________________________________________________ _______


1) Where shall we start? How about FUD (Fear, Uncertainty and Doubt):

Symantec have been busy pumping out the FUD this past week. I was amused
to find that they gave slaps to both Microsoft AND Apple.

Now of course we know why Symantec and McAfee write this stuff. It's to
scare people into buying their software. In the case of Windows their
anti-virus software actually does something useful. In the case of Mac
OS X it is absolutely useless if not downright detrimental to your
system due to consistent bugginess. Symantec haven't had a reliable
version of Norton Anti-virus for Mac available for years. As for McAfee,
it was just revealed that they have been hiding a fat security hole in
their enterprise level software. So who really deserves the criticism
here? The OS makers or the anti-virus makers?

The Symantec FUD directed at Microsoft has been regarding the
questionable rewrite they have done of their networking code in Vista.
Perhaps such FUD is useful in that it prods MS to do its job for a
change, improving security in Windows. The article linked below makes it
clear that this has already occurred. On the other hand, I think MS are
justified in saying that security problems in Vista beta 2 don't
necessarily indicate security problems in Vista Golden Master. We'll
see. Read about it at CNET:
<http://news.com.com/Symantec+sees+an...a/2100-7355_3-
6095119.html>

And what did Symantec come up with this time to FUD Mac users about?
Basically nothing. They attempt to take credit for bringing attention to
one of the recent MOSX 10.4 vulnerabilities Apple announced. Yawn. They
also mention a proof of concept piece of software for this vulnerability
that I personally have never seen referenced anywhere. I have to wonder
if Symantec are lying, or they wrote the POC themselves. Whatever. It
all turns out to be a total waste of time and attention for Mac users.
Somnambulists can read the article here:
<http://www.symantec.com/enterprise/s...g/2006/07/maci
nenterprise_mac_os_x_virus.html>

As usual, my grand conclusion is that we should all expect that one day
there will be nasty-ware for Mac that actually does something bad and
that can self-propagate. So, go get some form of ClamAV, install it and
keep it up to date with virus definitions. It's totally free. And if
you're going to share files with Windows users, its a good idea to toss
those files at ClamAV to see if they are infected.


2) Mac Security Arrogance vs. Linux Security Arrogance:

I was at a presentation last week of Ubuntu Linux. It's kind of cute,
and I like how Gnome has been cleaned up from its earlier days. But what
struck me was how the presenter went beyond the pale saying that Linux
was malware proof. Yeah, right. If you've read any of my Mac Security
posts and scanned the included Secunia reports you know this is
nonsense. After thoroughly confusing the mainly Windows user audience, I
spoke up and pointed out the arrival of Social Engineering on the
security scene, which has noting-at-all to do with how safe an operating
system may be. Wetware error will always be present whenever computers
and humans interface. ('Wetware' refers to humans). I also pointed out
that Linux as a whole has plentiful vulnerabilities reported every
single week. This is not even remotely the case with Mac OS X. The
presenter was not very pleased with me. He tried to weasel his way out
of his predicament by saying that these vulnerabilities were spread
across several different versions under the umbrella of 'Linux'. Yeah,
but so what? I can still read! Ubuntu has vulnerabilities reported just
as often as any other version of Linux.

Clearly there is just as much an element of ignoring security in the
Linux community as there is in the Mac community, if not more. At least
in the Mac community we have a tiny legacy of about 50 malware from our
Classic Mac OS past. We veteran Mac users all had the free Disinfectant
utility to kill off most of the malware, and many of us ran into a worm
or two that traveled on multimedia CDs. We know that malware happens.
The Linux folks, or at least the guy I met, live in a bubble believing
it ain't ever gonna happen. That's dangerous, and I don't have to invent
any FUD to make my point.


3) 3rd Parties And Apple To The Rescue:

Thankfully there is a strong group of security conscious users and
developers in both the Mac and Linux communities. ClamAV comes out of
the Unix/Linux community. Thanks to Mac developers there are two
different GUI ports of ClamAV for Mac OS X (that I know of), ClamXav and
Tiger Cache Cleaner.

Also, thankfully, we have Apple keeping an eye on Mac security as well
as a slew of 3rd parties whom Apple credit for their help in each
security update. If you would like some official wording from Apple
about Viruses, travel over to their 'Get a Mac' site:
<http://www.apple.com/getamac/viruses.html>

> By the end of 2005, there were 114,000 known viruses for PCs. In March 2006
> alone, there were 850 new threats detected against Windows. Zero for Mac.
> While no computer connected to the Internet will ever be 100% immune from
> attack, Mac OS X has helped the Mac keep its clean bill of health with a
> superior UNIX foundation and security features that go above and beyond the
> norm for PCs. When you get a Mac, only your enthusiasm is contagious....

Actually, '114,000' is a nebulous number. Apple attribute this number to
Sophos. The virus tracking systems are plentiful and incompatible. I
have seen as many as six (6) names for the same virus because every
company wants credit for naming it. The numbers I have read for Windows
'malware', which includes viruses, varies from over 150,000 down to
80,000 depending on the source. Certainly each vendor knows how many
malware definitions they have in their program, but the list is
apparently never the same between vendors.
===========================

Thank you for reading. That's enough chit chat for today. I will
hopefully be back later this week with the usual Secunia report sort of
stuff.

Share and Enjoy!

:-D

--
Fortune Magazine, 11-29-05: What's your computer setup today?
Frederick Brooks: I happily use a Macintosh. It's not been equalled for ease
of use, and I want my computer to be a tool, not a challenge.
<http://money.cnn.com/magazines/fortune/fortune_archive/2005/12/12/8363107/>
[Frederick Brooks is the author of 'The Mythical Man Month'. He spearheaded
the movement to modernize computer software engineering in 1975]

In article
<derekcurrie-4D482F.02450319072006@syrcnyrdrs-02-ge0.nyroc.rr.com>,
Derek Currie <derekcurrie@mac.com.invalid> wrote:

> We aren't sadomasochists, beaten down my our computer and operating
> system.

But some of us are sadomasochists, beaten down in other ways--and some
of us aren't. <g>

--
Stop Mad Cowboy Disease: Impeach the son of a Bush.

In article
<derekcurrie-4D482F.02450319072006@syrcnyrdrs-02-ge0.nyroc.rr.com>,
Derek Currie <derekcurrie@mac.com.invalid> wrote:

> We aren't sadomasochists, beaten down my our computer and operating
> system.

But some of us are sadomasochists, beaten down in other ways--and some
of us aren't. <g>

--
Stop Mad Cowboy Disease: Impeach the son of a Bush.

In article <michelle-21E1A8.08350419072006@news.west.cox.net>,
Michelle Steiner <michelle@michelle.org> wrote:

> In article
> <derekcurrie-4D482F.02450319072006@syrcnyrdrs-02-ge0.nyroc.rr.com>,
> Derek Currie <derekcurrie@mac.com.invalid> wrote:
>
> > We aren't sadomasochists, beaten down my our computer and operating
> > system.
>
> But some of us are sadomasochists, beaten down in other ways--and some
> of us aren't. <g>

I am a pseudomasochist.. I like it when people pretend to beat me.
<rimshot>
</rimshot>

In article <michelle-21E1A8.08350419072006@news.west.cox.net>,
Michelle Steiner <michelle@michelle.org> wrote:

> In article
> <derekcurrie-4D482F.02450319072006@syrcnyrdrs-02-ge0.nyroc.rr.com>,
> Derek Currie <derekcurrie@mac.com.invalid> wrote:
>
> > We aren't sadomasochists, beaten down my our computer and operating
> > system.
>
> But some of us are sadomasochists, beaten down in other ways--and some
> of us aren't. <g>

I am a pseudomasochist.. I like it when people pretend to beat me.
<rimshot>
</rimshot>

In article
<kurtullman-747433.11451519072006@customer-201-125-217-207.uninet.net.mx
>,
Kurt Ullman <kurtullman******.com> wrote:

> I am a pseudomasochist.. I like it when people pretend to beat me.

That literally got me laughing out loud. It's going into my email sigs
list.

--
Stop Mad Cowboy Disease: Impeach the son of a Bush.

In article
<kurtullman-747433.11451519072006@customer-201-125-217-207.uninet.net.mx
>,
Kurt Ullman <kurtullman******.com> wrote:

> I am a pseudomasochist.. I like it when people pretend to beat me.

That literally got me laughing out loud. It's going into my email sigs
list.

--
Stop Mad Cowboy Disease: Impeach the son of a Bush.

In article <michelle-6E3BE0.09005219072006@news.west.cox.net>,
Michelle Steiner <michelle@michelle.org> wrote:

> In article
> <kurtullman-747433.11451519072006@customer-201-125-217-207.uninet.net.mx
> >,
> Kurt Ullman <kurtullman******.com> wrote:
>
> > I am a pseudomasochist.. I like it when people pretend to beat me.
>
> That literally got me laughing out loud. It's going into my email sigs
> list.

My work here is done...

In article <michelle-6E3BE0.09005219072006@news.west.cox.net>,
Michelle Steiner <michelle@michelle.org> wrote:

> In article
> <kurtullman-747433.11451519072006@customer-201-125-217-207.uninet.net.mx
> >,
> Kurt Ullman <kurtullman******.com> wrote:
>
> > I am a pseudomasochist.. I like it when people pretend to beat me.
>
> That literally got me laughing out loud. It's going into my email sigs
> list.

My work here is done...