Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
Posted on January 28th, 2013 at 1:50 PM EST
There are almost as many anti-virus programs for the Mac as there are families of malware, and a constant question among Mac users is whether to use one and, if so, which one to use. Last November I began a project to test Mac anti-virus programs to see what malware they are capable of detecting. This document describes the second round of testing, in which I look at a total of 20 different anti-virus programs using somewhat different methods than those used in the first test.
Posted on January 20th, 2013 at 9:31 AM EST
Security researcher Adam Gowdiak has announced the discovery of two more vulnerabilities affecting the latest version of Java (Java 7 update 11). These are completely separate vulnerabilities from the still not yet fully repaired bug that caused the vulnerability prompting the latest Java update. Of course, it’s not exactly news, at this point, that Java is full of holes that hackers love to exploit. So why am I continuing to beat a dead horse? Primarily, because I continue to hear people dismiss concerns about Java’s security. Java is a sinking ship, folks… you can either hop in a lifeboat and get away or go down with the ship. The choice is yours.
Posted on January 16th, 2013 at 3:39 PM EST
Brian Krebs has reported today that Java may have fallen victim to yet another vulnerability, which may have been sold to malware creators already. There is no confirmation of this story, but given Java’s past, it wouldn’t be at all surprising. Especially since other reports have indicated that Oracle’s fix for last week’s vulnerability only removed one method for exploiting an underlying vulnerability that still remains in place. I’ve said it before, and it continues to be true: Java is holier than Swiss cheese! If you are still running Java applets in your web browser, in spite of everything that has happened over the course of the last year, you should take this as yet another warning. Find a different way of achieving those tasks and turn off Java in your web browser ASAP!
Posted on January 14th, 2013 at 9:27 AM EST
Oracle patched Java over the weekend, fixing the vulnerability that has caused such an uproar. Fortunately, upgrading is easy. Mac users who have Java 7 Update 10 or earlier installed should be prompted to upgrade automatically. If you choose not to upgrade, you will continue to be unable to use Java applets on web sites, and will be prompted to upgrade whenever loading a page with a Java applet and with Java enabled in Safari. Of course, Java should still be kept disabled in the web browser whenever possible to protect against future vulnerabilities!
Posted on January 12th, 2013 at 8:42 AM EST
Thursday saw the discovery of a new Java vulnerability (see New Java vulnerability discovered). Worse, the discovery of this vulnerability came at the same time as discovery that it was already being exploited actively to drop malware onto vulnerable Windows machines. Macs were undoubtedly soon to follow, since several prominent cross-platform “crime kits,” such as Blackhole, are known to have started using this vulnerability. Fortunately, less than 24 hours after this news broke, both Apple and Mozilla (creators of the Firefox web browser) had acted to protect users of their products against this threat. Read the rest of this entry »
Posted on January 10th, 2013 at 2:15 PM EST
Seems like it hasn’t been that long since we were talking about the last one of these, but the vicious cycle begins again. Brian Krebbs has reported the discovery of a new vulnerability that affects even users of the latest version of Java (Java 7 Update 10). Once again, users are advised to disable Java in their web browsers. Read the rest of this entry »
Posted on January 10th, 2013 at 9:34 AM EST
Yesterday, Lysa Myers posted some comments on Intego’s blog, in an article titled That Anti-Virus Test You Read Might Not Be Accurate, and Here’s Why, about my recent testing of Mac anti-virus software. Everyone is, of course, entitled to their own opinions, and this is a controversial topic. It is to be expected that there will be some disagreements whenever such testing is done. However, I do have some specific responses to her comments.
Posted on January 1st, 2013 at 10:32 PM EST
It has been 12 years since the advent of Mac OS X. There had been some malware for older Mac systems before that point, but none of those worked on Mac OS X. This “reset the clock” on the Mac with respect to malware. Further, the new Unix base of Mac OS X promised greater security than older versions of the Mac OS. So how has that promise stacked up at this point? Read the rest of this entry »