Byte by Bite

Mac attacks increasing

by Marv Dealy

That’s changing, according to the SANS (the SysAdmin, Audit, Network, Security) Institute (www.SANS.org). Paul Roberts of Macworld Daily News writes that SANS is talking of a “steep increase in critical security holes in Mac OS X and in previously undiscovered (‘zero day’) vulnerabilities in web browsers.” (http://www.macworld.co.uk/news/index.cfm?NewsID=14516&Page=1&pagePos=4)

What’s driving the Mac attacks? Some say Apple’s recent ads boasting how their OS X is virus-resistant are waving red flags in front of the bulls. One researcher said it reminded him of when Oracle said their database was unbreakable and within a week a researcher pointed out multiple flaws in the software. SANS sounded the alarm in November saying hackers were increasingly attacking applications such as browsers, email programs, productivity programs and media players.

Safari, Apple’s web browser, allows files you’ve downloaded to open as soon as the download is complete, and, if that download contained malicious code, your Mac could be tricked into running that code. To prevent automatic opening of downloaded files, make sure your Mac is not running in administrator mode by default.

Roberts says: “Rohit Dhamankar, project manager for the SANS Top 20 and a lead security architect at TippingPoint, a division of 3Com, says ‘You’ve got zero-day (vulnerabilities) reported in Mac OS X and (Apple’s) Safari browser. People can browse websites with a Mac and get infected.’”

Whew. Read that again, Macheads – you can get an infected machine by merely surfing a malicious web site. Let me hasten to assure you that it’s still a lot safer to surf around the Internet with a Mac than it is with a WinTel computer.

David Miller quotes Mike Sweeney (owner of Packet Attack, a security services company) in an article at Asia.Internet.com: “Windows was designed for personal computers, before the broad public adoption of the Internet. OS X is based in part of BSD, which is one of the most secure Unix types of operating systems, and designed for use in a networked environment.”

Miller continues: “Sweeney and others believe that Mac security could be compromised by users who are blissfully unaware of the threats that lurk online. Apple users tend not to worry about whether they should or shouldn't open e-mail attachments or if they should click ‘OK’ on dubious pop-ups. They trust their Macs.” (http://asia.internet.com/news/article.php/3604446)

If you’ve been cruising along without a prophylactic on your mouse you need to learn about how to safely surf the Internet. You can start by reviewing the reviews at MacReviewZone – a list of 47 different reviews comparing dozens of anti-virus and anti-spyware programs specifically for the Mac at http://www.macreviewzone.com/html/reviews/magazine/software/virus_and_security.php

Reviews include standards such as Norton AntiVirus 10 from Symantec and Timbuktu Pro 8.5 from Netopia, both of which received 4.5 out of a possible 5 mice from readers’ reviews. Also included are reviews of older products such as Anti-Virus 3.87 from Sophos and Virex 7.5.1 from McAfee.

To protect your Mac from bad guy software like Trojans, keystroke loggers and spyware you might want to obtain a copy of MacScan from www.Macscan.Secure.com – free to try for 2 weeks, then $24.95 to buy. I bought a copy and ran it on my home-office PowerBook and was relieved to find nothing on a full scan. I haven’t run scans on the office Macs yet, but am hopeful I’ll find little problem there, as we don’t automatically run in the administrator mode on a Mac, they’re all behind hardware firewalls and they do run Norton AntiVirus.

On a lighter note, if you’re a Machead who’s been annoyed to find that online casinos use software that’s not compatible with your Mac, rejoice. To the rescue rides MacOnlinePoker.com and other, such as CompatiblePoker.com. According to Gene Koprowski of MacNewsWorld.com, the explosion in online poker playing has paralleled that seen on TV, where tournaments seem to be on constantly on one channel or the other. (http://www.ecommercetimes.com/story/entertainment/50267.html)

Koprowski quotes “one Mac Internet player” as saying: “there are really only 3 good Mac compatible Internet poker rooms. The ones I prefer are PacificPoker-Mac.com, FullTiltPoker.com, and PokerRoom.com because their software works really good on the Mac. Those are really the only sites that have good traffic and are trustworthy.”

Speaking of trustworthy, how do you know that casino site you’re visiting won’t just rip you off? The London-based independent standards organization eCommerce and Online Gaming Regulation and Assurance (eCogra) is known for its “Play it Safe” seal, awarded to more than 75 online poker rooms and casinos, it shows the web site has passed tests for game fairness, operational efficiency and integrity, according to Koprowski’s article.

Internet Gamblers Can Afford It

The American Gaming Association – a Washington, D.C. casino trade-group – released a survey showing that people who use the Internet to place bets tend to be affluent and educated and claim the findings will help in the effort to legalize online gaming.

An article in the Pahrump Valley Times from Brendan Riley of the Associated Press quotes Frank Fahrenkopf Jr., AGA president, as saying that well, gee, Great Britain is moving toward legalizing online gaming, the United States needs to play catch up. (http://www.pahrumpvalleytimes.com/2006/05/10/news/gambling.html)

The advocacy group’s study of 522 Internet gamblers found that 41 percent had incomes greater than $75,000 annually, and 12 percent had incomes under $35,000. The study also found two thirds of gamblers were men and nearly half of respondents said the biggest draw of Internet betting was the convenience.

55 percent in the study said that they believe online gambling companies were trying to find ways to cheat, and fewer than 20 percent knew or would admit that online gambling is illegal in the United States.

You’ve Got Pink Slips

Some 1,300 employees at AOL customer support call centers in Ogden, Tucson, and Jacksonville, Florida received word they’d been downsized.

With a decline in subscribers – AOL lost over 850,000 subscribers last year alone and has seen calls for support decline by 50 percent in the past two years – AOL is focusing more on advertising, and announced a 26 percent rise in advertising from its Web site.

Read all about it at the San Jose Mercury News (http://www.mercurynews.com/mld/mercurynews/business/14543737.htm)

For the 34 faithful readers that made it through to the end of today’s column, remember that these are reposted on the UnionDemocrat.com and the links there all work. Additionally, we eventually get around to posting them at www.throck.com/articles.html