Some security advice

[Sailfish]

1: Turn on "Warn before launching Classic." via System prefs

2: Uncheck OS X Safari's "Open Safe Files After Downloading" in Safari prefs.

3: Uncheck both Classic Quicktime's "Enable Audio CD AutoPlay" and "Enable CD-ROM AutoPlay"

To do this:

Launch Classic via the System Pref's and check "Show Classic Status in Menu Bar"

In the "9" menu, select Apple Menu Items>Control Panels>Quicktime Settings>AutoPlay

Uncheck (turn off) both "Enable Audio CD AutoPlay" and the "Enable CD-ROM AutoPlay"

Quit Classic.



This will make your computer less prone to exploits.

Apparently a web site can download a volume with a application right to your computer just by visiting it.

The novice could open the application and launch destructive code or it could auto-launch taking advantage of Classic Quicktimes Auto launch feature, as the AutoStart worm did.

Most likely this exploit has been fixed, but having a volume and a application within easy reach of a novice can't be good.

 

[slipper]

thanks for the advise. but out of curiosity what does #1 do?

 

[iJon]

damn i forgot, we are as prone to attacks as windows is now.

iJon

 

[Horrortaxi]

Originally posted by iJon
damn i forgot, we are as prone to attacks as windows is now.

iJon

I read something recently that was saying that exact thing. I dumped it in the yard and the flowers are growing much stronger now.

 

[Sailfish]

This is not a remote exploit like what happens in Windoze where a .exe just runs on one's computer all by itself, this is more of a human response exploit, a con.

A lot of conditions have to be in place for it to work, but the power of the exploit lies that it automatically targets a lot of mac users and will probably find a few victims.

What we need is adjustable downloading security feature in Safari.

And a administrative option for the novice users.

 

[Sailfish]

Originally posted by slipper
thanks for the advise. but out of curiosity what does #1 do?

If you have Classic's "Warn before running Classic" option turned on, it adds a layer of security by warning you that Classic has launched.

Thus you can say WTF?

I would like to see a "Do not run Classic" option in the System pref's.

 

[alset]

Originally posted by Horrortaxi
I read something recently that was saying that exact thing. I dumped it in the yard and the flowers are growing much stronger now.

Well, you certainly aren't referring to Richard Forno's report, comparing OS X to windows in exploitability... I dumped that in my yard and everything died. Then my house burned down. Then I developed leprosy. Shouldn't have eaten those tomatoes in my garden after the veggie-plague hit.

Just kidding... I live in an apartment and I don't have leprosy. But that article did make me sick.

Dan

 

[Mala]

Good tips, thanks.

 

[slipper]

what about in the internet explorers preferences, uncheck "auyomatically decode macbinary" and "automatically decode binhex"?

 

[Mala]

Is this still in Classic?

 

[Horrortaxi]

Originally posted by alset
Well, you certainly aren't referring to Richard Forno's report, comparing OS X to windows in exploitability... I dumped that in my yard and everything died. Then my house burned down. Then I developed leprosy. Shouldn't have eaten those tomatoes in my garden after the veggie-plague hit.

That's the one. BS like that makes great fertilizer, I don't know what happened in your yard.