OS X Mavericks Update and Security Fixes

I recently wrote about the major security whole in the latest version of OS X – read my last post. It appears Apple has released the fix finally. Although the ‘fix’ comes not in a simple ‘patch’ but in an entire Operating System upgrade!

After several months of testing, Apple has released OS X version 10.9.2. The MAJOR (and very dangerous) SSL bug isn't mentioned in the release notes that appear in Software Update, but the bug is mentioned on Apple's security page for the update. Seems Apple is being their usual shity selves when it comes to security - hide or lie about it, sort of hiding the fact that this is so important.

To be a 'little' fair, this update does add some features but over all is really a bug fix of many major issues with the new Operating System. In Windows terms it would be called a full Service Pack.

As with any large Operating System upgrade/update you should of course back up your system – Use Time Machine or any other method I’ve described in previous posts.

Run the Software Update to update your system to 10.9.2 and if any other software shows updates available, select them too. If you’d like you can grab the full Combo update here.

If you have Mountain Lion it too has an update available - run Software Update to get it.

Please make sure if you run an Apple desktop or laptop computer that you update as soon as possible.

Be safe, Peace.

Add Gmail Contacts to iOS 5

Though many don’t realize it the process for importing your contacts to your iPhone from Gmail Address Book is quite simple. Getting them OUT of your iPhone can, depending on how their configured, be much more complicated. But that is for another post. I know that many supposed Mac techs and BigBox retailers will want to charge you plenty for this simple procedure, please don’t let them.

So here we are going to assume that your entire address book is connected to your Gmail account. To import/sync them we are going to use iPhone’s Microsoft Exchange configuration. So let’s go:

On your iPhone or iPad, open the Settings app.

Scroll down to Mail, Contacts, Calendars and select it.

Next, add a new account

At the add account screen you’re going to want to select the Microsoft Exchange option. This is how we are going to import your Gmail contacts.

Enter your Gmail address in the email field. Leave the Domain field as “Optional” and fill in your Gmail username (without the @gmail.com) and your password. You can leave the description but remember it so you know what it is later.

Click next, the form will update and now include a Server field. In the server field enter m.google.com. Click Next or Done.

It will confirm that you want to sync your mail, contacts, and calendars. Slide these to On for Contacts and Off for the others.  Here we were only concerned with Contacts, BUT you can also synchronize your mail and Calendar too!

Happy computing!

 

Edit: after doing this many times for clients and others I’ve found a guy who created a great video on the above steps! You can watch that here:

Sync Gmail Contacts to iPhone

iDevice updates and backups 04

I've written previously about backing up and restoring your iDevice.   I'd like to add a short update to that. Having recently dealt with a few people who have 'lost' their data (either just photos or all their settings) after updating to iOS 6. I thought I should re-iterate a few things.

First use iTunes to backup your device (including 'synching purchases) and make SURE you back up to your computer (and then iCloud if you choose) regularly; I'd recommend at least once a week. Read my previous post on how to use Apple’s iTunes method for that.

Second. As I mentioned before, I HIGHLY recommend using a third party application to copy off all your data; photos, contacts, phone logs, messages etc..

My choice to do that is DiskAid. With this application you can copy off all your data AND remove/delete older data such as photos taking up space. You can also copy all your contacts off (they are exported to a vCard format) that will then let import them into other applications like Outlook or other contact management software! I am always amazed that people will spend hundreds of dollars on a device and not spend any money on backing that data up. Folks most of you will spend more on dinner for two that the cost of this application.

I just got done freeing up 4GB of data on a iDevice that would not update because of 'not enough available space'. There were hundreds if not thousands of pictures on it. To selectively delete them individually would have taken a very long time. Using DiskAid we just copied the entire Camera Roll off to the PC and removed all of them from the device. By default this user has their pictures already uploading to Instagram too.

After freeing up that space we were successfully able to upgrade to the latest version of iOS. BAM dead simple. And now those pictures and files can be backed up from the computer to an external drive for REAL backup and peace of mind.

Have fun. Peace out.

Another Flashback Variant - 2nd in two days!

Hey Mac users who still haven't taken the hint and update your systems' security there's yet another version of the Flashback Trojan for you to enjoy.

It infects unprotected Macs in the same way Flashback.K did, through a Java applet exploit, and installs itself without the need of your password.
And, just as its predecessor, Flashback.K erases its footprints by deleting the Java cache and ensures its propagation by installing into the Java Update folder. You can read more here.

Apple released a Java patch in early April, as well as a Flashback removal tool, but clearly not all Mac users patched.

But many Mac users don't even qualify for the patch—it was only available to systems running OS X 10.6 (from 2009) and later. Mac users running OS X v.10.5 and earlier were advised to disable Java altogether. WTF!! However, it's quite possible that many users of these older systems just didn't get the memo and are still running insecure software.

Here is F-Secure’s site that has the checker and removal tool. Check that out too. And please update your systems folks.

Spring Data Backups and Recovery

So it’s spring. Time for some cleaning and maintenance for many around that house. It’s also a good time to check your backup plans and procedures for your digital data too. Or if you don’t have any make and apply some sort of plan.

You know those stupid commercials about not knowing when you will lose your data. Well THEIR TRUE. It is not a matter of ‘IF’ but when. There are many factors and events that can cause a loss of your important data: Things such as fire, flood, earthquake and other natural disasters. Power surges or outages. Theft of your primary system(s) failure of part or all of your system(s) and of course malicious software such as extortionware or virus’. Remember electronics like everything else WILL fail. And of course usually when you need it most or expect it least.

So please design and USE some sort of plan. I recommend a solution that utilizes technology to it fullest. And for that I recommend backing up you data locally to external/removable hard disk drive(s) (that can and should then be stored in a fire safe or safe deposit box!) along with a combination of some form of ‘cloud’ type of service. I’ll discuss both here.

Cloud Storage solutions such as Mozy, Carbonite etc. and other ‘Synchronization’ type of services such as; Dropbox, Box.net, iCloud, SkyDrive and many others offer a wonderful addition to ANY backup plan. And I use many of them and recommend them as an addition or supplemental solution. You can read my previous article here.

There are a number of things to consider with ‘Cloud’ services, things like:

Bandwidth and storage size - you will be backing your data up to the cloud, and it’s your Internet connection you’ll be using. You need to evaluate your internet connection (and ISP rules and limits regarding that bandwidth – some ISPs severely restrict the amount of data you can use per month!), and whether or not you need to increase your bandwidth speed and/or allotment.

Backup and Restore times – If you are backing up (or synchronizing) a lot of data, how long will it take for the backup and more importantly the ‘restore’ to occur? There are two methods for moving the data back and forth – one is to backup the ‘entire’ file(s) each and every time they are modified. The second is to just synchronize/backup the changed data (called delta or diffing).

Will the company be there when you need it?! -  Startups sometimes offer amazing prices for cloud storage but require a leap of faith on behalf of users that they'll still be around next year. It's possible that even established services could disappear overnight, but more likely the owners will tell you if the service is to terminate, and give you a chance to make other arrangements or retrieve data. Make sure to choose one with a LONG track of ‘being there’.

System Resource Usage – Some applications can cause your system to dramatically slow down while others are ‘lighter’ on systems resources and synchronize or back up when you are not using your system or at scheduled times. The best way to find out which works for you is try a few of them.

And of Course Security – This is not a small thing. You must make sure your account is protected by a very secure username and password AND that the service you use is very reputable. Also for backup services (vs just the synching type) do they offer ‘full file encryption’? How are your files AND passwords stored on that system – are they themselves encrypted? Are files encrypted before they are sent to the cloud storage provider and are they transmitted via a secure connection (https, sftp etc.)?

On a personal note I don’t put ANYTHING in the ‘Cloud’ that contains any truly sensitive information. I simply synchronize documents, photos and other files that I may not really want to have someone access but that I would still not be ‘harmed’ if they were somehow compromised and accessed. For these purposes – easy access to my documents and files from anywhere, and also collaboration with individuals or teams, the cloud reigns supreme; I can place working documents into many locations, access them from just about anywhere and even share them if I need to. I can also restore ‘lost’ or previous versions of documents and files fairly quickly and easily with these ‘cloud services’. Like I’ve mentioned many times previously, I am extremely careful about my personal security so I use cloud services as an ‘adjunct’ to my ‘real’ back/disaster plan.

I back up ALL my data using disk imaging. It is the only method that can reproduce, to an exact point in time, your existing system; Operating System, Applications AND files quickly and easily. Usually within less than a couple hours depending on the size of your image(s).

With disk imaging (or cloning) I have the ability to be up and running extremely fast. I can restore an entire system or individual files. No need to re-install an operating system and applications and then update them just to be able to access my files. External Hard Disk Drives (and spare internal ones too!) are still inexpensive and getting cheaper all the time!

I have written many times previously [read here and here and for Macs here ]about the prudence and wisdom of having backups of your digital data. And by backup I mean that your data exists in TWO places at once and is able to be accessed or recreated from either source quickly and easily. For this I believe the best solution is to use Disk Images for both Windows PC’s and Mac OS X systems.

Please read my other articles (linked above) and get and work a backup plan. For my Windows operating systems I use and recommend Acronis and for Apple OS X systems I recommend Carbon Copy Cloner. Both provide a superior solution to those built into either OS.

Peace, and good luck.

OK Mac guys here we go again!

There’s Another Mac Trojan Spreading Via Microsoft Office documents and email attachments. The Trojan apparently spreads through infected Office documents, and it's in "active stage", which means that it searches through documents on infected machines.

Please note that this is a very sophisticated and malicious attack that not only 'infects' your machine but also installs a 'bot' to control it, scan through your system, and take what ever it wants to! ALL WITHOUT YOUR INTERACTION AFTER THE FIRST INFECTION!

The attack vector utilizes several vulnerabilities. The Java whole that Apple finally just fixed last week. And a Microsoft vulnerability that MS patched 3 years ago. (but they may update that patch too).

Please folks keep your Operating System, Applications and security software up to date and don't be one of those poor naive bastards that thinks this cannot happen to you.
You can read more here and here

Windows AND Mac System Security News 04-12-2012

For OSX users:
Apple just released Java for OS X 2012-003, an update to the Java implementation in OS X. The update removes "the most common variants of the Flashback malware." Check that out here. You should definitely update your Java NOW!

For Windows users.
It's even scarier again. Trend Micro has found some scary ass Ransomware.

You can and SHOULD read the scary details here.

From TrendMicro’s blog, here is some of the details.

"We have encountered a ransomware unlike other variants that we have seen previously. A typical ransomware encrypts files or restricts user access to the infected system. However, we found that this particular variant infects the Master Boot Record (MBR), preventing the operating system from loading. Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code. Right after performing this routine, it automatically restarts the system for the infection take effect. When the system restarts, the ransomware displays the following message:

This message prompt informs affected users that the PC is now blocked and that they should pay 920 hryvnia (UAH) via QIWI to a purse number (12 digits) – 380682699268. Once paid,they will receive a code that will unlock the system. This code will supposedly resume operating system to load and remove the infection. This particular variant has the “unlock code” in its body. When the unlock code is used, the MBR routine is removed.

Bottom line PLEASE keep your security software, Operating Systems and Browsers (including and especially browser plug-ins like Java, Flash etc.) up to date and patched.

Peace.

Mac Fanboys and Girls let the terror start

OK now the terror starts for you fanboys (and girls). My last article told you of this Mac Trojan. Now it's apparently infected at least 600,000 users so far (read here) and it's terrifying everyone! It's written in an unknown language, doesn't even need your password to compromise you!

It's written in an unknown language, and doesn't even need your password to compromise you, and.

For instructions on how to check for and remove you can AND SHOULD go here

NO system that is connected to a network is EVER safe. It can only be made more secure. Don’t ever think you Operating System is your security; it’s not – YOU ARE!

Be safe out there people!

[side note: I wonder how many calls I’ll get about this and how to repair the damage? The compromised system I can fix – your emptied bank account I cannot. Just saying.]

New Flashback Trojan Infecting Macs NOW

A new Mac Trojan that can now infect your computer from little more than a visit to a website AND requires NO PASSWORD TO INSTALL is making it's rounds and promises some scary things!

The exploit was patched in February for MS Windows systems, however Apple has yet to release one for OSX.
Read more about it here.

F-Secure has a method for checking for and removing the infection here.

So once again folks please do not be naive and think you are immune to attack simply because your Operating System is not MS Windows.

Be safe out there.

Jailbreak for iOS 5.01 now available

Looks like the Jailbreak for iOS 5.01 - the operating system on the iPhone 4S and iPad2 is Here now!! The tool is OS X only for now. But a Windows and Linux version are on their way very shortly. The tool works on the iPhone 4S running iOS 5.0 and 5.0.1 and the iPad 2 running iOS 5.0.1. But not any new Beta releases (most of you wouldn't have that anyways!).

You can read about it here.

A better How-To is here [note the part about the VPN connection at the end!]

What exactly is jailbreaking? Jailbreaking is a hack, or exploit, that brings added functions and features that were not imagined by Apple or restricted. Under recent revisions to the Digital Millennium Copyright Act last summer, the process has been legalized in the U.S. on smartphones and tablets.

Jailbreaking allows you to install apps through Cydia (which is, cleverly, Latin for a kind of worm that eats away at apples), which automatically gets installed when you jailbreak your iPhone. Cydia app store is really where all the real action is when you jailbreak. The simplest way to describe it is to call it an app store for jailbroken devices. Like Apple’s App Store, you will find some free and some paid programs.

Some questions often asked:
Q. Does jailbreaking affect the iCloud Backup?
A. No, it's still a legit iphone tied to a legit icloud account.

Q. What happens if I DO update from the wireless update?
A. Your jailbreak will go bye bye and you'll have to wait for them to update absinthe to re-do it. [We're talking about carier Over The Air updates here.]

About the 'Bricking your device' warnings many may read or hear: Without some very heavy-handed screwing up, you will not brick an iOS device. If something screws up along the way, chances are it will just be indefinitely detected as being "in restore mode" and you'll be prompted to restore your phone through iTunes. The only way you could really brick one of these devices is by flashing the device to the point where iTunes won't even recognize the device as an iOS device. You would have to try really hard to make that happen.

And if you want any more reasons than those I’ve given previously in my blog posts why you might want to Jailbreak you iPhoneiDevice you can check here.

Another OS X tool updated for Lion

The folks at Titanium’S Software have a new version of a great tool out for the latest version of OS X - Lion. The tool is called 'Deeper'. It gives you quick access to a number of Mac OS system options and tools that are normally buried in different utilities and menus. You can find the Lion version and versions that work on older OS X systems here along with Onyx for all versions of OS X.

As I have written about before, Titanium makes some great software. I put Onyx, a multifunction utility for Mac OS X, on every Mac I work on or own.  [Read more here]

The guys at Addictive tips have a super run down on how to use Deeper. You can read and should read about that here.

Also, all their software is FREEWARE!

Backups, system failures and peace of mind

Another week in the trenches. I had a primary server at our organization have a major failure. The SAS controller (which provides access to SAS type HDDs) died OR the motherboard to the server itself has an issue. Either way without another ‘like’ system that I can put the SAS card into to see if the issues is just the card or the motherboard I cannot access my drives – and they too may be very corrupted. The only machine I have capable of putting the card into is in production. And the cost of a replacement Dell Perc5i SAS card is nearly $200.00 US and could take days to get here. Plus I needed to have this system back up and running very quickly – the server in question runs all or our company financial, shipping and reporting software applications!

Since I have all my ‘data’ backed up to a server drive every night I was secure in the knowledge that we at least had the financial databases and ‘files’ available. But how to get a system back into production? Disk Imaging to the rescue!! I had a fairly recent full system image, created with my favorite backup software – Acronis, available. Yay! Just need a place to restore it to.

Since my organization now has a VMware ESXi/vSphere SAN and cluster running I was easily able to create/import a new ‘Virtual Machine’ from the Acronis disk image very quickly and then just copy over the backed up data files from the night/early morning before. WORKED LIKE A CHARM! If I’d had an available server (Hardware wise) I could also have restored that image to it too.

I’m telling this to you to remind you - I believe in Images(Clones) for my backups, alone with periodic ‘file backups’. That way I’m protected against full drive failures/loses AND stupidity – accidentally erasing or overwriting files.
[Imaging or cloning is the procedure by which you create a backup that is identical to a bootable system either to another internal or external drive. This is the ultimate backup! Should your drive fail you can just ‘pop in’ your cloned drive or ‘restore’ that clone to a new drive and your are up and running.]

If you are not regularly creating full image backups you WILL be sorry! I have written numerous articles about cloning and back up.

PLEASE read here if you any kind of concern for you data.

For Mac images and cloning go here.

So of course this weekend I created two new images on separate drives for my home system(s). I can’t tell you the peace of mind you will get from knowing that the worst that could happen to your system is that you might lose a couple of days or a weeks worth of information. If your drive gets corrupted or fails or you get trashed by some virus, you could be back up and running within a very short period of time! No re-installing your Operating System and programs and ‘trying’ to find you data files. Just restore the image and BAM, you up!

What prompted me to start on this rant is that Apple has finally acknowledged it is having some major issues with some of the hard drives in some of their newer systems they have been selling. Looks like some of the drives just ‘fail’. OUCH! You can read about that here.

And although you can have your drive replaced – YOU WILL LOSE YOUR DATA! The Apple folk and/or kids the the ‘Genius’ bar will NOT re-install your system software or clone your drive for you!! Unless you have an image to restore you will have to re-install you System and applications. And unless you had at least some kind of backup to another drive (Time Machine type) your data (read pictures and music!) will be gone!

So folks, backup, backup and then backup again.

The cost of a couple of extra external drives and a little program setup is minuscule to the cost of losing you ‘digital life’. Right now Acronis has a special – only $29.00 US for their home product!! With Apple’s you can even get a way with out purchasing any software!

Be safe, be secure and gain some peace of mind.

Get your Cloud Data down to your machine

Here are some ways to get your 'cloud data' backed up locally.

I know most people look to the 'cloud' for their secondary backups (if they even have a primary one) but few people ponder what will happen if their information is lost or compromised in the cloud or the terms of service of the provider that holds that information changes to your detriment.

I am going to provide some information on how to get your data out of your web email, Facebook and some other services.

One thing I see quite often is that people cannot access their online/web mail service at an important time to find information or they lose or have deleted the information they need and have no way of retrieving it.

So let's start with web mail services. Today most people have very important information stored in their email; from plane reservations, business communications all the way to payment receipts. So in my opinion this is the first and most important place to start.

Get your mail downloaded locally.
For GMail. [My personal favorite!]:
Before you do anything, you'll need to enable POP3 and/or IMAP in Gmail, which will let you access your accounts on the desktop. To do this, head into Gmail's Settings and go to the Forwarding and POP/IMAP tab. Scroll down to the IMAP section and enable IMAP. Then save your changes, and open up your desktop email client of choice to set it up using the following instructions.

I use Outlook 2007/2010.

If you don't have Outlook you can also use Thunderbird (an open source application by the Mozilla folks)

There are also a number of other mail applications you can use to get your information - Apple Mail, Thunderbird, Outlook Express, LiveMail etc..

I like using the POP3 connections over IMAP for most of my connections.
POP mail service has been available MANY times when IMAP has NOT - for my Gmail, Hotmail and Yahoo. If the 'webmail' is not available online because of a service interruption then IMAP will most certainly too. This is not usually the case with POP. HOWEVER there is a big caveat with POP - you must make sure in the advanced settings or your mail client that you choose "to leave a copy of the message on the server"!!

But IMAP does have its advantages too.
So pick what will provide you with the most features you feel you will need - I suspect that would be IMAP probably be best for most people.

To set up POP with Gmail look here,  and find your client and follow the steps.
For IMAP go here.  and find your client or device on the list and follow the instructions.

If you'd like to read further about the differences between IMAP and POP you can read this here.

For Yahoo mail it is a little harder if you live in the U.S..
Yahoo wants you upgrade to a "Mail Plus" paid account to get POP and IMAP access directly. But you don’t have to! The best option is to use an application called YPOPs. I've used it in the past to get my Yahoo mail connected to Thunderbird and Outlook with out any issues.

If you have Window Live Mail or Apple Mail the client itself downloads your Hotmail/.Live or MacMail/MobileMe data to your machine by default. BUT remember this is an IMAP connection so if you delete something from you Live Mail client on the desktop it will be deleted on the server!

One important thin that may people miss is to get their CONTACT data out/backed-up from their mail clients. Something I also feel is very important.
For virtually all web mail clients that is as simple as going to the 'Contact' section and finding and choosing the 'Export' option. Those can then be exported into a format that virtually any Email client can import.
That should get you going with your mail.

Now to Picasa.
Simplest way is to install the latest version Mac or PC and then simply go up to the menu and use File ==> Import from Picasa Web Albums ==> Select All.
And Flickr
You can use Flickr’s Flash based web app here  just click on the 'start now' and follow the instructions.
Or you can use the open source application Downloadr . Downloadr is a photo downloader for Microsoft Windows. It provides a simple interface to download large sized images from Flickr to your computer.

Now to Facebook.
If you have Yahoo you can easily download/copy all of your contact out. You can follow this tutorial here.  One tip is that I would suggest setting up a 'temporary' Yahoo alias with NO contacts in it so that you do not end up with duplicates or mismatched merges. Then export those and import them into any application you choose.

Also Facebook now allows you to actually export YOUR data to a file! Following this VERY well written walk-through right here. I've done it and it works great! You may have to wait a while before you receive your 'confirmation email' and link but you will be able to get your stuff.

Finally there is an open source application Called MyCube Vault. MyCube Vault Backs Up Your Facebook and Google Data Regularly
Once installed, the app requires you to authorize it to each of the services you want to back up. From there you can tell the service where to store your backups and how often to save your data. If you're concerned about downtime or just wary of keeping your data in the cloud, it's worth a look.

I checked it out and it works well.
Windows version here

Mac version here

Well that is a long winded post and I hope some people will put it to use. Like backing up your local data don’t be the person who loses precious information because you were too lazy or couldn’t be bothered to learn something new.

Peace.

Apple Security news end of June 2011

Apple has released Mac OS X v10.6.8 and Security Update 2011-004 addressing a total of 39 vulnerabilities in OS X 10.5.x and 10.6.x.

Many are critical errors which could allow an attacker to take control of the system!

Please use the System Update. You can read the notice here:

And get the direct download here:

As usual I would remind you to also make sure you also update your Web Browser(s) and plug ins - ESPECIALLY Adobe Flash and Adobe Acrobat!

Another serious Web Browser hole

Contexis Security has found a BIG problem with WebGL implementations on Windows, Mac and Linux have numerous vulnerabilities which allow malicious web pages to capture any window on the system or crash the computer, according to research from Context Information Security. They actually demonstrate how to steal user data through web browsers using this vulnerability!

The report comes right on the heels of Microsoft's denunciation yesterday of the security architecture of WebGL and announcement that it wouldn't be seen in Microsoft products any time soon see here .

Sheesh! IE 9 is proving to be WAY more secure that FireFox and even Chrome! But until I can get the Firefox Extensions I use (or comparable) in IE I’m still a FireFox guy.

So let's fix that:
To Disabe WebGL in Firefox 4

1. Type about:config in Firefox address bar and continue on through past the warning dialog.

2. Type "webgl.disabled" (no quotes) into the Filter box then Double click Webgl.disabled entry and turn its value into “True”.

3. Restart Firefox browser, WebGL is now disabled in Firefox 4.

To disable WebGL in Google Chrome you will need to:

1. Rright-click your Google Chrome shortcut or from your Windows menu on your desktop, click ‘properties’ and add “-disable-webgl” to the Target Shortcut box

2. Restart Chrome

As always please keep your systems, Web Browses and their plug-ins, Anti-virus/Antispyware software, and applications (especially Adobe products!!) up to date and fully patched.

And try and be vigilant about security and always ‘on guard’.

Latest Mac Malware news 06-04-2011

The Mac Trojan/Malware 'MacDefender' now calls itself 'Mac Shield'.

The malware keeps changing names and looks but still is relatively the same as before. However it is still infecting loads of machines and is, in my opinion very dangerous; it lures users into providing sensitive financial information to thieves.

Sophos for Mac will remove it. (free) Get it here.

So will Virus Barrier Express from the Apple App Store; here. also free.

Here is my previous article too.

More OS X utilities

While this is an early Beta, I am very happy to see one of my favorite tools now available on OS X - CCleaner.

I have been using this for some time on ALL of my Windows machines. In fact I have it scripted for all my users - every time they login CCleaner is run. This helps keep any lurking nasty's in temp folders from being able to be run – since they are removed.

This early Mac version does not of course have as many features as the Windows version yet but looks real promising. Have a try. I hope you find it useful.

You can get it here

You should also have (if you don’t already from my previous posts – Onyx

You can get that here

Apple releases fix for MacDefender Trojan

Ok OS X folks. Looks like Apple finally is releasing a 'fix/update' for the MacDefender Trojan.

The update provides a File Quarantine definition for the "OSX.MacDefender.A" malware and Mac OS X 10.6.7 will now automatically update the definitions on a daily basis. The update will also search for and remove MacDefender and its known variants.

The knowledge base article is here 

and the actual download is here

Please update your systems.

My previous article is here.

MacDefender Trojoan Strikes Again!

Apple and Mac folks I'd like to welcome you to the Windows world of malicious and pernicious attacks - even 'drive bys'. For over two decades I and the rest of the security world have been trying to inform people that NO networked system is safe from attack. Because of the sheer number and percentage of Windows machines vs. Mac and Linux machines, they have been the most easily targeted and exploited target. But that is changing! With the spread of OSX on the desktop and the realization by the malicious software vendors that Mac people are VERY EASILY duped and exploited because of their false sense of security, they are coming on strong and fast!

I recently wrote about the new Mac Trojan out and how to defend against it and remove it – read here. After 25 days Apple finally did put a notice and instructions on how to remove it. BUT only after telling their technicians AND users that 1st it didn't exist and then that they would not provide help!

Mac malware authors have released a new, much more dangerous version of MacDefender trojan variant:

"Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind."
Please read this from ZDnet

Apple is promising an update to OS X "in the coming days" that will detect the malware and its known variants, remove it, and remain in order to warn the user if they download it again. But don’t hold your breath!

I've spent years worth of time dealing with people who have been 'sold' on the false idea that "Macs don't get viruses or hacked". Wrong wrong wrong! OS X is built on a '*nix' core - one of the oldest operating system architectures in the world. How could you NOT think that there are exploits around that are just waiting to be ported to the newest derivatives? What type of systems do you think the hackers/crackers where getting into in the 70's and 80's?
I fault Apple a great deal for this. They have been literally selling the LIE that Macs are not susceptible to hacks for years. AND people believe them!

Again welcome to the world of Windows PC responsible computing. Be careful or get burned.

Please practice safe computing folks.

Mac vs Windows Personal Computers - PC’s

People very often ask me about the differences between Apple products and Microsoft’s.
My usual answer is this simple - one sells hardware (Apple) the other software (Microsoft). Both provide Operating systems that run PC’s (Personal Computers where the abbreviation PC really comes from!); Apple’s Operating system is OS X, Microsoft’s is Windows 7 (both latest). Both are fantastic. But there are many other distinct differences in the philosophies that drive each company.
I just spend another good bit of time trying to explain this to a few folks so I thought I'd pass on some of my points.

Microsoft does software primarily (yes there are some good hardware products by Microsoft like the Xbox and K’nect) - operating systems and applications and let's just about anybody 'build' the hardware 'around' that software. In fact Microsoft was the premier software provider that helped Apple really get started in the 80's.
Heck after Apple ousted Steve Job's and nearly imploded, it was Microsoft that, along with the 're-hiring' of Jobs literally saved the company with loads of cash and promises to continue software development for Apple!! Without Bill Gates, today’s Apple probably wouldn’t exist! Lets go back to Aug 6th, 1997 …Read here and Read here.

Apple is primarily a hardware seller. They tightly, and I mean very tightly, control the hardware that they allow their software (OS) to run on. In fact it is against the licensing agreement for OS X to run it on anything but Apple hardware! This helps Apple deliver hardware (with the associated software OS) that is usually of fairly good quality. But of course at a premium price.

Apple is great at 'user interfaces'. The iPod and iPhone are simple and very easy to use, very intuitive. With such a large following the iPhone(and iPad now) also now have many great applications. The iPod took a technology that had existed for while and made it unbelievably user friendly Same with the iPad. Again simplicity of software interface to pretty hardware. Something that is sometimes missed is that ‘prettiness’ and the price people are willing to pay for it.
Apple has an awesome marketing department.
Apple 'Fan-boys' far out number any others.

My primary systems are MS Windows machines and servers of course. But I also run some Linux servers and a few Apple desktops. And I have been intimately working with all of them for decades (Linux being a 'build/port' of Unix that has been around for over 30 years). And my knowledge is simply not just web surfing or printing pictures. I have and do continue to use all of these in business production environments - digital pre-press, medical fields, financial fields, government and many other industries. [I also won't even go into the 'more stable' argument I often here from some fan-boys because I'm sure they have never RIP'd a 300+MB file on a Mac vs a PC or had to crunch massive digital files. Suffice it to say all systems crash but in my personal experience it has been Mac's that do so more than any other under heavy processing]

Before you jump on me; I have had apples since my first Apple IIe. I still have lots of Apple hardware. So don't call me a hater. I just don't like being 'locked' into items or forced to spend loads of cash for hardware upgrades just to keep my software up to date.
As an illustration of that point.
"If you took your car in for service and they welded your hood shut, you wouldn't be very happy,"- Apple shutting owners out of their iPhones.
http://goo.gl/HDmNY

Another VERY important thing for many to consider is the cost of hardware of each system. Apple systems do and will cost you a HIGH premium over similar Windows based systems. AND Apple is very good at making sure you will have to replace your system every few years! I am not kidding. If you have an Apple machine that is over 3 or 4 years old there is most likely no way you could run the latest version of their OS (OS X Snow Leopard). If you have a ten year old Windows PC sitting around you could still put Windows 7 on it and also upgrade most of the hardware too!!

However please remember the 'best' product is one that will do what you want it to (or minimum you will accept) and provides the user experience you desire.
That's it!

Technology is only a tool, a means to an end. Not the end in and of itself.

If you have been using a Mac or Windows PC and it works for you stick with it unless you have some other overriding need to switch. The learning curve for Windows 7 and OS X is very short now days compared to the differences of even a decade ago.

If you are primarily just going to be browsing the web, looking at photos and some simple office type application work you will do OK with either one.

Now some entertaining illustrations: