What’s going on with Macintosh security?

The latest figures I’ve read say there are perhaps a half-million infected Macintoshes still floating around out there, an improvement from the high of 600,000 that I was seeing a few weeks ago, but probably not what Apple had hoped after releasing its most recent fix.

I argued three weeks ago that the end of the innocence was either here or very near. I’ll argue now that it’s gone: There are now 250 known Macintosh OS X viruses in existence. In 2003 there were none. Read more

Easier deep Firefox SQL optimization

Last year I examined ways to optimize Firefox’s SQLite databases. I’ve since found I like it better when I just put the Firefox profile in a ramdisk, but that may not be an option in all cases.

If you don’t want to go the latter route and would like to avoid the command line jockeying, give Speedyfox a look. And even if you’ve put Firefox in a ramdisk, this program can be useful. You won’t notice any speedup inside a ramdisk, but SQL optimization saves storage space, which is always at a premium inside ramdisks. Read more

Macintosh malware continues to evolve

Security experts have long warned that [Apple’s] delay in delivering Java patches on Mac OS could be used by malware writers to their advantage, and the new Flashback.K malware confirms that they were right. — PC World magazine

Last week I argued that a Macintosh-based botnet currently being distributed via Word document would likely change distribution methods, perhaps to a PDF document, in order to spread itself more effectively.

That, to my knowledge, hasn’t happened, but today I learned of the above example of Mac malware doing exactly that, jumping from Java vulnerability to Java vulnerability. Read more

End of the innocence for Mac security

Antivirus vendor Kapersky has identified a new trojan horse targetting Macintoshes.  It spreads a botnet based somewhere in China via an infected Microsoft Word document, typically sent as an e-mail attachment.

The spin is that if you don’t use Word on your Mac, you’re safe. That’s true–this week. But going forward, it’s going to take more than that. Read more

Deep Firefox SQL optimization

I was looking deeper into Firefox optimization, and I found Adventures in Firefox-places.sqlite. It’s a pretty intense analysis that goes beyond the usual simple, in-browser SQL vacuum that I’ve mentioned in the past. It was written with Mac OS X and Linux in mind, which is fine, but if you run Windows, you might want to do the same thing.

It has two benefits. It speeds up Firefox, and it reduces the amount of disk space your Firefox profile occupies. The two things are related; smaller databases are quicker and easier to navigate than large ones. As for why you should care about the amount of disk space it takes up, well, on an SSD every megabyte counts.

Read more

RIP, Dennis Ritchie

Dennis Ritchie died this weekend, aged 70. You may not know who he is, but if you’re reading this, you’re using something he invented.

Dennis Ritchie was, among other things, co-creator of Unix and the C programming language. Even if you run Windows, Windows was heavily influenced by Unix, and a lot of programs you run were written, if not in C, in its successor, C++.
Read more

And now it’s Apple’s turn

It’s been a weird month for technology. And as always, Apple had a way to get people to stop talking about anything else, though it’s not the news Apple wanted do deliver this week. I can only think of one bit of news Apple would want to deliver less.

Steve Jobs is stepping down as CEO. He’s becoming chairman, but perception is everything. Especially with Apple. I don’t think any company in recent memory has leveraged perception the way Apple has.

Read more

Um, no, software shouldn’t have kill switches or time bombs in it

So,  ZDNet is advocating that Microsoft use a kill switch to render existing Windows XP computers non-functional. Then he relented and said maybe an expiration date would be sufficient.

John C Dvorak is attacking the idea, with good reason. Dvorak is right.
Read more

The solution to paper passwords

I know your passwords are either written down or insecure. I know it just as surely as I know New Year’s Day is January 1.

I know because passwords have to be incredibly complex to be secure, and I know because the typical person has to juggle half a dozen of them, or more. Think about it. Your work account. Amazon. Ebay. Paypal. Facebook. Your bank. Your personal e-mail. Your credit card. Your online billpay service.

I know you’re not going to memorize a half dozen gibberish passwords that look like 5E%c2.3730pK$0/.

So you have them written down somewhere, which is OK, or you have them all set to the same thing (hopefully not “popcorn”), which isn’t OK. Even if you’re using 5E%c2.3730pK$0/ as your password.

A secured piece of paper works fine until you lose it, or you’re out somewhere and don’t have it.

The solution is a product called Lastpass. Software legend Steve Gibson talked about it at great length at http://www.grc.com/sn/sn-256.htm.

Basically it’s a program, which can run standalone or as a browser plug-in, that stores passwords securely. It mathematically slices and dices the data so that all that’s stored on LastPass’ servers is undecodable gibberish, but, given your e-mail address, your password, and a printable grid you can keep in your wallet, you can decode your password database from any computer, anywhere you happen to be.

There’s a lot of nasty math involved in cryptography, and I won’t pretend it’s my best subject. Gibson goes a lot further into the details than I want to get into. As someone who knows enough about cryptography to get CompTIA Security+ certification, and someone who’s read the official CISSP book chapter on cryptography twice, it sounds good to me.

An additional feature is the ability to store things you need rarely, but when you need them, you need them desperately. Things like your credit card numbers, driver’s license number, and your kids’ social security numbers.

There’s a free version of Lastpass, and a premium version that works on mobile phones and mobile software like Portable Firefox, which costs $12 per year.

The free version runs on Windows, Mac OS X, and Linux, which covers more than 99% of the computers out there today. And it runs in every major browser.

When you go to run Lastpass, it will import your stored passwords from your web browser(s). And it will give you a rating, based on how secure your passwords are and how often you re-use them. It will generate secure, random gibberish passwords for you and help you visit sites and change your passwords. Along the way it grades you, helping you to increase your security.

It can synchronize too. So if something happens and I have to change my Amazon password and I’m at work, my wife gets the changes, so if she needs to get into Amazon, she doesn’t have to do anything different.

It makes good security an awful lot less painful. I can pretty much say, without reservation, knowing nothing about you except that you use a computer, that you need this.

A better, faster Firefox for Windows

Compiling Firefox for modern-ish (Pentium 4 and newer) CPUs is relatively common on Linux, and presumably on Mac OS X also, but not for Windows. On Windows, Firefox assumes you have a first-generation Pentium CPU, since that’s the slowest CPU that will boot Windows XP.

Enter Pale Moon.Pale Moon is compiled to use the instruction set in newer Pentium and Athlon 64 CPUs. In layman’s terms, this results in about a 25% increase in performance, which is significant.

Also significant is that the current version is based on 3.6.3 of Firefox, before Firefox broke Farmville, people started laying eggs, and they started breaking Firefox to keep Farmville working.

I couldn’t care less about Farmville and other stupid Facebook games; I just want Google Maps to be fast.

And in my quick tests, Pale Moon is fast. It loads faster than the standard Firefox build. It renders complex pages like Google Maps faster.

I’m not ready to make it my default browser yet, but so far I like what I see. It at least narrows the performance gap with Chrome, while retaining the user interface and keyboard shortcuts I’ve been using since those pre-release versions of Netscape I was using in 1994.

Experimental, optimized Firefox builds have come and gone over the years. Hopefully this one sticks around a while.