The Mac Security Blog
Mac OS X 10.6 Snow Leopard includes parental controls, which allow parents to choose some limits regarding what their children can access while using their Macs. Intego ContentBarrier is a fully-featured parental control program that offers many more options and features than Apple’s built-in solution. The following is a comparison of the two parental control systems, showing why Intego ContentBarrier remains far superior to Apple’s parental controls in Snow Leopard.
ContentBarrier is available in Intego’s Internet Security Barrier X6 suite.
We’ve prepared a document showing the features in ContentBarrier and comparing them with Apple’s built-in features. You can download this 1 MB document here.
Cory Doctorow, author and BoingBoing editor, is not fresh off the boat onto the Internet. Yet it turns out that he fell for a Twitter phishing scam. Cory writes:
I just fell for a Twitter phishing scam — it took the form of a direct message from one of my contacts, with the message “This you????” and a link to a site that prompted me for my Twitter password (which, like an idiot, I entered before noticing that the URL was twitter.scammysite.com; blame it on browsing with a tiny mobile-phone screen while in line at the coffee shop). You have been warned — stay away from anything that reads “This you????” or “This you in this video????” Hell, I think that a good rule of thumb is to ignore anything that uses multiple question marks for emphasis. Even if it’s not a scam, it’s probably too dumb to read.
The message was most likely not sent by one of his contacts, but that contact’s account was hacked (or that contact fell for the same scam, allowing the phisher to use his contact to trap others).
Doctorow is no neophyte, and this shows just how easy it is to fall for phishing scams. A moment of inattention, a bit too much multi-tasking, and you find yourself mechanically entering your password somewhere you shouldn’t.
It also explains why so many people fall for social engineering tricks like installing Trojan horses on their computers. They just get in a mindset where no red flags pop up, and they go ahead and enter the password that allows the malware to act.
Perhaps the best lesson here is that it is less knowledge of risks than inattention that can lead to successful phishing attacks. Be forewarned; every time a password request pops up on a web site, think carefully.
Quite favorably, we think.
You see, while Mac OS X includes some security features, most of them are far too limited to offer real protection. For example, we have shown that Apple’s built-in anti-malware feature is mostly useless (it only scans some files, and only for two Trojan horses; and its malware definitions haven’t been updated since it was released in August 2009).
Mac OS X also contains a limited firewall, whereas VirusBarrier X6 contains a powerful two-way firewall, which offers both presets for common uses and the ability to create detailed rules for those users who need customized protection.
Finally, VirusBarrier X6 provides protection from many of today’s most serious threats such as phishing and web threats.
So we’ve prepared a document showing the features in VirusBarrier X6 and comparing them with Apple’s built-in features. You can download this 903 K document here.
OpenOffice.org has issued version 3.2 of its productivity suite, which contains a half-dozen security fixes. In addition to a whole slew of new features, this version protects against a number of vulnerabilities. It’s not clear whether these vulnerabilities affect Macs, but users of this suite should still update to the latest version, by downloading it here.
The Mozilla Foundation has issue security updates for older versions of its Firefox browser, patching versions 3 and 3.5 to correct a critical vulnerability. If you’re running the latest version of Firefox – version 3.6 – you don’t have to worry, but if, for some reason, you’re running one of these older versions, you should update them now.
The Mozilla Foundation’s security advisory states:
Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Use Firefox’s built-in updater, or download a new version of the browser here. The new versions are 3.0.18 and 3.5.8, respectively. Note that this update also applies to other Mozilla Foundation software, Thunderbird and SeaMonkey.
Adobe has issued a security bulletin announcing security fixes for its Reader and Acrobat software. This follows a recent out-of-band update for Flash just last week. Adobe calls the vulnerability critical, and describes it as follows:
this vulnerability . . . could subvert the domain sandbox and make unauthorized cross-domain requests. In addition, a critical vulnerability . . . has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe says it does not know of any attacks exploiting this vulnerability in the wild, but the urgency of this release suggests that is is very dangerous.
At the same time, Computerworld reports that 80% of all exploits come through rogue PDF files. Citing a report from ScanSafe, they quote Mary Landesman, a ScanSafe senior security researcher, who says, “Attackers are choosing PDFs for a reason. It’s not random.” Landesman also says that attackers are using PDFs as a vector for attack because they are successful.
Intego has long pointed out that malware is not limited, as many Mac users think, to viruses alone. This is one reason why Intego’s new VirusBarrier X6 combines standard malware protection with powerful network protection features, allowing the program to stop new types of attacks. While other anti-malware software for Mac is limited to a signature-based approach in detecting malware, VirusBarrier X6 uses combined threat detection techniques to stop all types of attacks.