Some security advice

Discussion in 'Mac OS X 10.3 (Panther) Discussion' started by Sailfish, Dec 16, 2003.

  1. Sailfish macrumors regular

    Joined:
    Oct 13, 2003
    #1
    1: Turn on "Warn before launching Classic." via System prefs

    2: Uncheck OS X Safari's "Open Safe Files After Downloading" in Safari prefs.

    3: Uncheck both Classic Quicktime's "Enable Audio CD AutoPlay" and "Enable CD-ROM AutoPlay"

    To do this:

    Launch Classic via the System Pref's and check "Show Classic Status in Menu Bar"

    In the "9" menu, select Apple Menu Items>Control Panels>Quicktime Settings>AutoPlay

    Uncheck (turn off) both "Enable Audio CD AutoPlay" and the "Enable CD-ROM AutoPlay"

    Quit Classic.



    This will make your computer less prone to exploits.

    Apparently a web site can download a volume with a application right to your computer just by visiting it.

    The novice could open the application and launch destructive code or it could auto-launch taking advantage of Classic Quicktimes Auto launch feature, as the AutoStart worm did.

    Most likely this exploit has been fixed, but having a volume and a application within easy reach of a novice can't be good.
     
  2. slipper macrumors 68000

    slipper

    Joined:
    Nov 19, 2003
    #2
    thanks for the advise. but out of curiosity what does #1 do?
     
  3. iJon macrumors 604

    iJon

    Joined:
    Feb 7, 2002
    #3
    damn i forgot, we are as prone to attacks as windows is now.

    iJon
     
  4. Horrortaxi macrumors 68020

    Horrortaxi

    Joined:
    Jul 6, 2003
    Location:
    Los Angeles
    #4
    I read something recently that was saying that exact thing. I dumped it in the yard and the flowers are growing much stronger now.
     
  5. Sailfish thread starter macrumors regular

    Joined:
    Oct 13, 2003
    #5
    This is not a remote exploit like what happens in Windoze where a .exe just runs on one's computer all by itself, this is more of a human response exploit, a con.

    A lot of conditions have to be in place for it to work, but the power of the exploit lies that it automatically targets a lot of mac users and will probably find a few victims.

    What we need is adjustable downloading security feature in Safari.

    And a administrative option for the novice users.
     
  6. Sailfish thread starter macrumors regular

    Joined:
    Oct 13, 2003
    #6
    If you have Classic's "Warn before running Classic" option turned on, it adds a layer of security by warning you that Classic has launched.

    Thus you can say WTF?

    I would like to see a "Do not run Classic" option in the System pref's.
     
  7. alset macrumors 65816

    alset

    Joined:
    Nov 9, 2002
    Location:
    East Bay, CA
    #7
    Well, you certainly aren't referring to Richard Forno's report, comparing OS X to windows in exploitability... I dumped that in my yard and everything died. Then my house burned down. Then I developed leprosy. Shouldn't have eaten those tomatoes in my garden after the veggie-plague hit.

    Just kidding... I live in an apartment and I don't have leprosy. But that article did make me sick.

    Dan
     
  8. Mala macrumors 6502

    Joined:
    Nov 19, 2003
  9. slipper macrumors 68000

    slipper

    Joined:
    Nov 19, 2003
    #9
    what about in the internet explorers preferences, uncheck "auyomatically decode macbinary" and "automatically decode binhex"?
     
  10. Mala macrumors 6502

    Joined:
    Nov 19, 2003
  11. Horrortaxi macrumors 68020

    Horrortaxi

    Joined:
    Jul 6, 2003
    Location:
    Los Angeles
    #11
    That's the one. BS like that makes great fertilizer, I don't know what happened in your yard.
     

Share This Page