Recommended Mac websites?

[Mark F]

Looking for a few recommended web sites for the Mac and Leopard. There are many Mac sites out there but would appreciate getting the benefit of your experience.

Not really a photography question, but I am new to the Mac world and sometimes have questions that could be answered on a site's discussion forum.  For example, I am now looking for good anti-key logging software. On my PC I used Kaspersky but that company does not have a Mac version.  I would be surprised if this has not been discussed on the good Mac sites.

Thanks.

[Nick Rains]

Looking for a few recommended web sites for the Mac and Leopard. There are many Mac sites out there but would appreciate getting the benefit of your experience.

Not really a photography question, but I am new to the Mac world and sometimes have questions that could be answered on a site's discussion forum.  For example, I am now looking for good anti-key logging software. On my PC I used Kaspersky but that company does not have a Mac version.  I would be surprised if this has not been discussed on the good Mac sites.

Thanks.

www.mac-forums.com has a section called 'switcher hangout', useful for those moving to Mac from PC - I found it useful when I went dual-platform.

[francois]

No idea about anti-key logging software, but you might try to see if Intego has something (http://www.intego.com/).

Good Mac websites:
                             http://www.macintouch.com
                             http://www.macfixit.com
                             http://www.macsurfer.com
                             http://www.daringfireball.net
                             http://www.versiontracker.com
                             http://www.macupdate.com
                             http://www.macosxhints.com

HTH

[Chris_Brown]

I post all my computer hardware & OS questions at macgurus.com and have received excellent help & advice.

[Wayne Fox]

Looking for a few recommended web sites for the Mac and Leopard. There are many Mac sites out there but would appreciate getting the benefit of your experience.

Not really a photography question, but I am new to the Mac world and sometimes have questions that could be answered on a site's discussion forum.  For example, I am now looking for good anti-key logging software. On my PC I used Kaspersky but that company does not have a Mac version.  I would be surprised if this has not been discussed on the good Mac sites.

Thanks.

I know your question really isn't about the keylog issue, but can't help myself.

There currently are no known malicious keyloggers on the Mac. The only way one can get installed is if you give the computer permission to install it.  There are keyloggers designed to be installed for various reasons, but none that install themselves and send the data to an external computer.  I'm not sure why any company would spend time and money writing software to prevent/find it ... since it doesn't exist.  I suppose Norton or someone might, just because that is there business, but the market is pretty small.

I know when moving from the PC, it's hard to get comfortable with the idea that you don't need things like this , but the great majority of Mac users have no anti-virus or similar software running on their machines (we may be talking in the 99% range here).  There just isn't an issue.  It's  not just the fact that it's a Mac and OS X ... it's probably as much to do with Unix underpinnings.

We spend thousands of dollars a year trying to keep all of our PC's protected (about 500 of them).  To date, we haven't purchased any software to protect the Macs. (about 100 of them).

As I said ... challenging paradigm shift when moving from the PC.

As far as websites, some I check out frequently ... macosxhints.com, MacFixit.com, Macintouch.com, MacDailyNews.com

[Mark F]

Thanks to all for the recommendations.

Wayne, not to get into a real discussion here because I am in no way a computer expert (obviously), but I have read more than once that there are currently Trojan Horses out there written specifically for the Mac.  A recent posting on this : http://www.chaosmanorreviews.com/oa/2008/20080915_mail.php


Macs are clearly safeer than PC's but I do remember reading that while it may be  harder to write malicious software for the Mac (or Unix), it is not at all impossible and that the real reason more  viruses do not exist is that the installed base of Windows users is so much greater than any other. I guess the hacker types like to hurt as many people as they can for their efforts.

[Chris_Brown]

... but I have read more than once that there are currently Trojan Horses out there written specifically for the Mac... the real reason more  viruses do not exist is that the installed base of Windows users is so much greater than any other.

Windows users sometimes forget that the basis for Apple OS X is Unix and BSD Unix, where thousands of online programmers donated their time and expertise to contribute to the OS X code. Although it wasn't fully "open source", the speed and thoroughness of patches and updates has been attributed to the supportive open source community. Apple still has an open source community, albeit in a more limited capacity.

The paper that started it all is here, and one can conclude that the populous open source community can battle a few malicious hackers better than an internal department of mid-level managers working in cubicles.

[Wayne Fox]

Thanks to all for the recommendations.

Wayne, not to get into a real discussion here because I am in no way a computer expert (obviously), but I have read more than once that there are currently Trojan Horses out there written specifically for the Mac.  A recent posting on this : http://www.chaosmanorreviews.com/oa/2008/20080915_mail.php


Macs are clearly safeer than PC's but I do remember reading that while it may be  harder to write malicious software for the Mac (or Unix), it is not at all impossible and that the real reason more  viruses do not exist is that the installed base of Windows users is so much greater than any other. I guess the hacker types like to hurt as many people as they can for their efforts.

You said you didn't want to get into a discussion, so sorry.  I'm home, bleary eyed from working on pictures, and somewhat bored, so as a diversion I sort of got long winded here.

There certainly can be trojan horses created for any OS.  The famous trojan horse of greek mythology was an innocent appearing "gift" provided to the city of Troy.  The inhabitants of the city willingly opened its gates and brought the horse in ... with dire consequences.

This is a very appropriate name for a computer trojan horse.  A seemingly innocent program ( in the case from your link apparently a video of a celebrity) tempts  you the user to run it ... this is indeed the only way it works.  You must actually run the program on your computer.  On the Mac, not only must you run the program, but to do serious damage, such as erase your hard drive, you must also authorize it with your password.

The only possible protection is what the Mac does already ... require an administrator  level password to be entered.  There is no software program available that can prevent you the user from running a program that might be malicious.

As far as the myth that more viruses do not exist on the Mac (more meaning none) is because the installed base of users for windows is so much larger ... well that's pretty much just BS, and really isn't very logical.

Are hackers interested in market share?  Do they get paid because more people buy their program?

Hackers have plenty of resources when it comes to hacking PC's.  All the tools are out there including code and instructions.  Windows has a bunch of holes.  As a hacker you can download some code, make some changes, and release a new variant of a virus, or several other malicious things. Many of these hacker really aren't top notch ...pretty good, but not superb.

To discover a hole takes more skill, and to discover one that you can exploit takes  even more.  And beyond that, it requires a deep enough hole in the operating system that the code can execute and replicate without user action or intervention.

I'm not sure why hackers do what they do, but it certainly has more to do with "see how good I am!".   I find it pretty hard to believe that some pretty hard core and top notch hackers haven't tried really hard to crack OS X ... for a long time. (OS X was released over seven years ago).  But the fact is the design of the system just doesn't have the necessary holes.  A few potential holes have been discovered, but a security patch is issued so quickly that hackers don't have time to figure out how to exploit it.  It sounds simplistic, but viruses, worms, and malicious key loggers requires the consent of the OS.  

This isn't to say that someday, someone may discover some unknown hole to exploit, but to assume the reason there are no viruses is because no one is trying to crack the mac just sort of flies in the face of why hackers do what they do.  Suppose it were to happen.  What software program can you buy today that would prevent it?  None ... because to write a program to protect your computer from a virus, the programmer has to know what the virus is and how it works.

[Mark F]

Wayne, as I have zero expertise in this and you know what you are talking about I will accept what you say, 100%.

My point is that if in a moment of stupidity or temporary madness I do install, say, a key logging software program, I would like to have anti-key logging software already in place to stop ET from phoning home.

[francois]

Wayne, as I have zero expertise in this and you know what you are talking about I will accept what you say, 100%.

My point is that if in a moment of stupidity or temporary madness I do install, say, a key logging software program, I would like to have anti-key logging software already in place to stop ET from phoning home.

Read this article before you invest in security software!

[GregW]

This month, Macworld has prepared an updated security guide which is well worth reading.

http://www.macworld.com/article/135978/200...c_security.html

[AnthonyAdachi]

Looking for a few recommended web sites for the Mac and Leopard. There are many Mac sites out there but would appreciate getting the benefit of your experience.

Often overlooked is the value of learning Mac OS X's Unix underpinnings.

Also, while Mac OS X can be made much safer than Windows significant issues are present.

I would highly recommend the Rixstep web site and reading various articles there under "Learning Curve" and "Industry Watch" to learn more about Apple's implementation of Unix. As someone coming from Windows, you might find Where'd It Go II useful. Also, on that site Cookie Tin Tips I through V explain a bit about Mac OS X's version of Unix.


Macgeekery also is a good resource. This is a short article on Mac security tips.

On the Mac, not only must you run the program, but to do serious damage, such as erase your hard drive, you must also authorize it with your password.

The only possible protection is what the Mac does already ... require an administrator  level password to be entered.  There is no software program available that can prevent you the user from running a program that might be malicious.

Yes, giving away your admin password to a potentially malicious or poorly coded program is a key way in for people up to no good. Since, this gives the malicious or poorly coded program root access. In other words, access to just about everything.

And beyond that, it requires a deep enough hole in the operating system that the code can execute and replicate without user action or intervention.

However, it isn't always the case that getting root requires one enter an admin password at some point.

Is your system up to date & patched for this?...
Huge, Crazy, Ridiculous OS X Security Hole

ARGAgent: Finishing Up?

But the fact is the design of the system just doesn't have the necessary holes.

Unfortunately, there still are significant holes, leaving open the potential for exploit.

For instance, this vulnerability described in this article, "Of Sticky Bits & Preferences". Also, there are further links at the bottom of that page that may be worth your time to read.

Stupid Simple Root Exploit Remains in Mac OS X 10.5.5

I'm not sure why hackers do what they do, but it certainly has more to do with "see how good I am!".

True, organized crime and those involved with identify theft have become increasingly behind malware and site hacking.

A few potential holes have been discovered, but a security patch is issued so quickly that hackers don't have time to figure out how to exploit it.

Apple isn't always that speedy with the patches even when they've been informed about them. Some of this is touched upon in this article, ARDAgent on Snow Leopard

What software program can you buy today that would prevent it?  None ... because to write a program to protect your computer from a virus, the programmer has to know what the virus is and how it works.

Yes, that's something often clouded up by marketers and in reviews done by those who rely on advertising from such vendors to pay the bills. Anti-virus software and the like can only offer some level of protection against "know" viruses. One will find more value in doing safe surfing and email practices than purchasing anti-virus software.

Unfortunately, with regards to security it is not pure Unix under the hood. Apple has messed with the underlying Unix architecture causing potential issues to occur.

It pays to educate oneself about the underlying Unix architecture and the issues with Apple's implementation/modifications of it.

• Further reading.

Two PDF's overviews on how to secure one's Mac can be found here...
http://www.apple.com/support/security/guides/
http://research.corsaire.com/whitepapers/technical.html

Safety Rules
http://rixstep.com/2/20060325,00.shtml
Sudos & Sudon'ts
http://rixstep.com/2/20070320,00.shtml
Way Too Much Sudo Fun
http://rixstep.com/2/20070612,00.shtml
TTY Tickets
http://rixstep.com/2/20050521,00.shtml
Perimeters
http://rixstep.com/2/20060302,00.shtml
The Hackers Handbook — Afterword
http://rixstep.com/2/2/20070824,00.shtml
Oomp-A: Hardening the Arteries Against the Chocolate
http://rixstep.com/2/20060216,01.shtml

• Further web browsing security reading not specifically related to Mac OS X.

Clickjacking
http://securosis.com/2008/10/07/clickjacki...sis-and-advice/
Phishing for Clues
https://www.indiana.edu/~phishing/browser-recon/

Take care,

-Anthony

[Mark F]

Wow! A ton and a half of information. Thanks very much.

I downloaded and started reading the Macworld articles that GregW mentioned and there is a lot of information there too. But nothing about anti-key logging which is what I am really interested in at the moment.  Anthony, thanks for the site references - I will read those too.

Between getting my monitor properly calibrated and learning my iMac it's incredible how much time this computer stuff takes.  But its the tail end of the foliage season here and I am putting all of this aside for a couple of days to go out and do photography.