1: Turn on "Warn before launching Classic." via System prefs

2: Uncheck OS X Safari's "Open Safe Files After Downloading" in Safari prefs.

3: Uncheck both Classic Quicktime's "Enable Audio CD AutoPlay" and "Enable CD-ROM AutoPlay"

To do this:

Launch Classic via the System Pref's and check "Show Classic Status in Menu Bar"

In the "9" menu, select Apple Menu Items>Control Panels>Quicktime Settings>AutoPlay

Uncheck (turn off) both "Enable Audio CD AutoPlay" and the "Enable CD-ROM AutoPlay"

Quit Classic.



This will make your computer less prone to exploits.

Apparently a web site can download a volume with a application right to your computer just by visiting it.

The novice could open the application and launch destructive code or it could auto-launch taking advantage of Classic Quicktimes Auto launch feature, as the AutoStart worm did.

Most likely this exploit has been fixed, but having a volume and a application within easy reach of a novice can't be good.

thanks for the advise. but out of curiosity what does #1 do?

damn i forgot, we are as prone to attacks as windows is now.

iJon

Originally posted by iJon
damn i forgot, we are as prone to attacks as windows is now.

iJon
I read something recently that was saying that exact thing. I dumped it in the yard and the flowers are growing much stronger now.

This is not a remote exploit like what happens in Windoze where a .exe just runs on one's computer all by itself, this is more of a human response exploit, a con.

A lot of conditions have to be in place for it to work, but the power of the exploit lies that it automatically targets a lot of mac users and will probably find a few victims.

What we need is adjustable downloading security feature in Safari.

And a administrative option for the novice users.

Originally posted by slipper
thanks for the advise. but out of curiosity what does #1 do?

If you have Classic's "Warn before running Classic" option turned on, it adds a layer of security by warning you that Classic has launched.

Thus you can say WTF?

I would like to see a "Do not run Classic" option in the System pref's.

Originally posted by Horrortaxi
I read something recently that was saying that exact thing. I dumped it in the yard and the flowers are growing much stronger now.

Well, you certainly aren't referring to Richard Forno's report, comparing OS X to windows in exploitability... I dumped that in my yard and everything died. Then my house burned down. Then I developed leprosy. Shouldn't have eaten those tomatoes in my garden after the veggie-plague hit.

Just kidding... I live in an apartment and I don't have leprosy. But that article did make me sick.

Dan

Good tips, thanks.

what about in the internet explorers preferences, uncheck "auyomatically decode macbinary" and "automatically decode binhex"?

Is this still in Classic?

Originally posted by alset
Well, you certainly aren't referring to Richard Forno's report, comparing OS X to windows in exploitability... I dumped that in my yard and everything died. Then my house burned down. Then I developed leprosy. Shouldn't have eaten those tomatoes in my garden after the veggie-plague hit.

That's the one. BS like that makes great fertilizer, I don't know what happened in your yard.