Just an update (and a bit of a rant ;)

08. January 2015 Just an update, Security 2

Happy new year everyone and thank you for your support, tips, samples and more over the past year.

I haven’t forgotten about this blog and I still keep my eye on any potential threats that require awareness. The past few months have just been very uneventful when it comes to Mac security. One issue I jumped on immediately was the recent NTP vulnerability but as I was writing the article I realized Apple pushed out this update to all supported Macs. With all clients being updated automatically I felt a post about the issue had little value. Flash player updates have been coming out at a fairly steady pace, every reader should know by now to update as soon as the system prompts for it so these updates also required no posting from my end.

Malware has not been an issue recently so there have been no AV test updates since October. Updating these tests every time a new piece of Adware is found would keep me busy full time so I wasn’t going to do that either. I also have been stretched very thin working on a lot of other projects that have been taking up almost all of my time. I would have made the time to report on anything significant but there have not been significant things to report on. One of the potentially big things I have been keeping my eye on since December is Thunderstrike. Currently still a proof of concept (PoC) but definitely something Apple needs to act on fast. Basically someone found a way to infect a Mac at the firmware level using a modified thunderbolt accessory. Once infected you can reinstall, replace the hard drive, install antivirus and other tools… it won’t help. The Mac belongs to the attacker as it controls the firmware and the firmware loads before anything else. More information can be found here and the original presentation can be found here (YouTube link). Other projects involving the exploiting of graphics cards (GPU’s) is something I also keep track of but not much has happened recently in that arena. Hacks of sites and services, exploits of certain software etc etc. I’m monitoring it all so I can report on it and let you know ASAP if relevant.

This post is to break the silence and to let you all know I’m still around, keeping my eyes and ears open every day and as soon as something post-worthy comes along you’ll definitely see an article 🙂

I have also been playing with OS X 10.10 Yosemite since it’s release. When it comes to security settings (firewall, filevault, etc.) not much has changed from the last version of OS X. Privacy is a different story though. Out of all the OS X versions I have used to date (all of them), there has not one been as eager to make outgoing connections like Yosemite. It feels like every mouse click warrants a connection to an external server! Spotlight being the worst offender as it now includes web search results and suggestions. I might post on all of the Yosemite issues soon.

For a long time I have been having a mental back and forth about antivirus software. I make up my mind about it only to change it a day later, then change it again, and again… Antivirus software has a purpose but it’s been one that has been getting less and less strong and relevant for a long time. Is it a good idea to deploy one? Yes. Should it be deployed as a catch-all solution? Definitely not. So why install AV? Because it can still catch malicious files if they are present on your system. But AV lags. You have to wait for the malware to be discovered, analyzed and for a signature file to become available so that your AV recognizes it. With more targeted malware attacks in the recent past this detection can take weeks, months or sometimes not happen at all. So should I still use an AV product? I’d still say yes, for now. As for most individuals, families and businesses it is still the easiest solution. The easiest solution always prevails with the masses. Will an AV stop you from becoming infected? Possibly. Even if it doesn’t there’s a chance it will catch the infection several days later after a signature update. So it’s better to have some protection than none.

Do I use an AV product? Yes, once in a while but I no longer have one permanently installed. I no longer do frequent scans or monitor certain folders on my system. I have long been experimenting with different applications and methods to protect my data and identity and AV software has been dropping in this list for some time. For monitoring my incoming and outgoing connections I exclusively trust Little Snitch. Software I have mentioned many times before. When it comes to online security and privacy I use Firefox in combination with fine tuned settings, several add-ons and a domain/IP block list in Little Snitch. VPN is also used daily. Data security is done by encryption locally, remotely, via email or while on the move with my laptop (basically whenever it’s possible). I stopped using Google and Facebook a long time ago and it has cut the phishing and spam by almost 95%. I do not use/trust cloud services, instead I set up my own OS X server which is secured the way I want it and can handle all of the functionality a cloud service could offer me. Passwords are stored in 1Password, I make use of long and complex password suggestions and rotate my passwords frequently depending on the importance of the service (banking more often than a forum account for example). Never using the same password more than once which is made extremely easy by 1Password and syncing the 1Password database to my phone only over the local network, not via iCloud or dropbox. I download my Flash Player directly from the Adobe website, not from a pop-up. Check for product updates for all my applications a few times a week which is a breeze thanks to applications like MacUpdate Desktop. I uninstall what I no longer need and I review my firewall logs whenever I feel like it and have some spare time. Customized Console Log Queries do all the filtering for me, I just have to take a peek and see if anything popped up that may be relevant. Applications and files I download come from their original sources, not websites like download.com, softpedia etc. Java, Silverlight and other internet plugins have been removed as I did not need them. Links in emails are checked by simply hovering my mouse over them to see if they may be fake, before I click them. An applescript keeps an eye on important folders like LaunchAgents, LaunchDeamons, Internet Plugins etc. and it notifies me as soon as a change is made to their contents as this may indicate a malware/adware issue. My search sites are Startpage, IxQuick and DuckDuckGo. Ok I got a little carried away here. I can go on and on but my mention of using an antivirus product is probably at the very end of the list in means to keep my data and privacy safe.

Doesn’t all of this take up a tremendous amount of time? Don’t you lose a lot of functionality and productivity? No and No. I get the same amount of work done, I have less distractions and simple things like some I mentioned take no time to do, it just becomes a habit. Pause a second before you click a link in an email just to see if the link is real, unless you have a serious spam issue this should only take a few seconds out of your day. The above list is just what first came to mind and is a mix of privacy and security related things. I have complete control, learn something in the process and have yet to become infected by anything. Antivirus has no added value for me.

My recommendation: Install Little Snitch and pay attention to the pop-ups it shows. You learn a lot about your system so it becomes very easy to spot anything out of the ordinary. If you run OS X 10.7 or newer, grab a copy of AdwareMedic. Run it, leave it on your system and run it once every week just to make sure no nasties got on your system. With the vast majority of pests for Mac being Adware, this application will find and remove them. The software is free, doesn’t track you or lose functionality after a trial period. The developer will take donations but donations are optional. Keep your system and applications as up to date as possible and use common sense. The chances of you needing an antivirus have just dramatically decreased.

Antivirus is not extinct yet, it has it’s uses, however the list of uses is shrinking. I have not made up my mind yet about AV. I no longer use it but I’m not willing to advise against it either. Until I make up my mind I’ll keep ranting on and updating the AV test when needed 🙂

I’ll continue to stay informed so I can inform you and as soon as my other projects finish I’ll have more time to post here. If something urgent does creep up in the mean time I’ll blow the dust off my keyboard and let you know immediately!


2 thoughts on “Just an update (and a bit of a rant ;)”

  • 1
    Scott on January 20, 2015 Reply

    I was wondering if there is a antivirus product that you have used/tested that you like. I see so many different test but all have different out comes. I keep trying different ones but don’t seem satisfied by either performance or detection rate. If you have a couple of suggestions on this I would appreciate it.

    Thanks,
    Scott P.

  • 2
    health care administration on May 30, 2015 Reply

    Great post.

Leave a Reply

Your email address will not be published. Required fields are marked *

*