Typical Mac User Podcast Forum - Latest Comments in TMUP 142: We Talk Apple Security with Paul Assadorian

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

georgestarcher — Mon, 18 Aug 2008 20:47:18 -0000

I agree right now. Data loss that I have seen in four years of being a switcher i would say has mostly been bad drives not malware. I would just ensure I was doing best practices. After all no matter how tall the walls of Troy are. If you leave the gate open they don't have to use a horse. Plus remember most malware these days is not about data loss as it is data theft. They don't want to screw things up so much you notice.

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

typicalmacuser — Mon, 18 Aug 2008 11:08:20 -0000

Again was not meant to be scary. Really I'd say it's in the less than 1% of anyone I've ever heard of. So right now it seems downright silly to worrie about this. However, that means that this is exactly the time to become aware and to keep being aware, this way when (not if) the time comes that mal ware and other bad stuff hits the mac in a a significant manner. We will be ready.

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

ForumCat — Mon, 18 Aug 2008 09:21:21 -0000

Hey guys, thanks for the feedback. I have to say that the episode did rather scare me. (Scaredy Cat ;-) )

There was no indication in your podcast of how big a problem malware on the Mac is. I find it hard to get any estimates on this and would have valued the information. To say that a problem is "real" does not help much.

The risk of smoking cigarettes killing me is "real". The risk of the Earth being hit by an asteroid is also "real". Without numbers though the words "slight", "real", "negligible" don't actually mean very much.

In a recent poll of my friends (about a hundred in total) about 50% of my Windows using colleges had lost data due to malware, none of my OS X using friends had. This is of course anecdotal and is of little use. Surely large scale surveys have been done though and it is this kind of information that is of real value.

Anyway, thanks for the great work. It was not my intention to criticise a great podcast that has brought me a great deal of pleasure since it first came out.

Mr Cat

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

typicalmacuser — Sun, 17 Aug 2008 11:25:17 -0000

I have to agree with what George has written above. Mr. Cat, as I stated very clearly at the beginning of the episode my goal is not to spread fear, uncertainty and doubt. We clearly run on one of the most secure OS's available. The number of people who have actually lost data is negligible for now. However everything that was said during this episode is accurate and could be applied to any OS. So I don't know a number , and refuse to pull one out of my but. If I find one I'll share it. Thanks for the honest comments

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

georgestarcher — Sun, 17 Aug 2008 09:18:39 -0000

Well that is hard to say. Mac users don't report incidents to any central source. And since most don't run any malware detection software there is no other method for actually identifying the source of issues for the typical user and reporting it to many of the common sources of malware statistics. The risk is not theoretical but real. It may be slight at this time but it is increasing. By following the best practices of not running as admin, installing software from known good sources, using strong non default passwords and keeping patches up to date you are going to mitigate most common threats for now.

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

ForumCat — Sun, 17 Aug 2008 07:10:09 -0000

Hi Victor

I have listened to every TMUP from episode one. This security edition was interesting but I thought it was missing one key question. We know that there are risks to any computer system what I really wanted to know was how big the risk is on OS X.

How many Mac users have actually had data lost to virus activity? Is it 10% of the user-base for example? Is it less? If so how much less. Theoretical risk is all well and good. What I really want to know is how many users actually get hit by malware.

I hope that you can come up with some figures to help me with this.

Mr Cat

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

georgestarcher — Sun, 10 Aug 2008 21:41:54 -0000

I have never used them. Their site and product listing looks interesting. For myself I just SSH everything back to my home. For work we have internally supported VPN solutions. I am in the process of recording a screencast series for TMU on SSH setup and usage. Uploading several clips to Victor's macpro media storage drive right as I type this actually.

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

TMUP Fan — Sun, 10 Aug 2008 20:06:04 -0000

Thanks for the answer. What do you think of semi-VPN services like WiTopia.net ?

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

georgestarcher — Sat, 09 Aug 2008 09:19:59 -0000

My opinion on why a lot of "Standard" functions being missing is this. The interface and interaction experience on the iPhone/iPod touch are completely different beasts from a phone full of buttons. Apple is very particular on wanting a method of interaction to work within what they have setup. It is not like we can press option delete buttons for a cut for example. They have to figure out a simple and repeatable touch way to accomplish this. Now this doesn't explain lack of MMS I think that is more an issue of prioritization of features and perhaps they will get to it. And that may apply to some searching as well. Keep in mind on iCal events. Even if you had a search the default sync is one month back for events. You have to change that in the Settings-Mail, Contact, Calendars. I agree on the deletion. For videos you can press and hold to the right of the name, slide left and get a delete option. They should allow that for other files too now that we have apps downloading and may need free space.

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

georgestarcher — Sat, 09 Aug 2008 09:10:51 -0000

Hi There, you are not the norm. Paul was referring to folks whom log in to web sites but never log out. When you log in and before you close the web browser your session is typically cached as logged in until you close the web browser completely. This is what Paul was referring to. Any malware can then access deep link pages or account information taking advantage currently authenticated session. You are taking clearing it out to an effective extreme. For the casual user simply pressing log out is usually enough. And even better if they close the browser completely before changing from a sensitive site to casual browsing.

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

Magnus — Fri, 08 Aug 2008 17:01:54 -0000

Thanks for a great podcast show Victor!

I Have som e things I think would be great to hear more about in your podcast.

First, Mobileme.

I put a Filemaker file on my idisk to be able to, just as the adds before the releas said would be possible to do, work on a file at home, complet it at work and being able to view the changes on whatever Mac I like to use.

Now, I use the mountfunction, meaning I create a diskimage of iDisk on my Mac and open the file from there. Then I work on the file and then close it (Filemaker files dont need to be "saved").

Then i "sync" using the little wheel in the finder window at the idisk icon. Then, when going to another Mac, I sync the diskimage which I also have there - and it should then have the updated file - it should be visible with the changes made.

Well, it doesn't. Some files like xls or rtf files are there and work fine. But Filemaker files - no. Not updated. And it really annoys me, isn't this exactly what isdisk should be able to help me with?

Second, iPhone
On the field, working as a weddingsinger (!), I wanted to find the phone number of the organist in a church. I know I out his phone number in my iCal a year or two ago. I didnt put it in Adressbook, but rather just as a note in iCal at some date - however I dont remeber the date.

I then find it impossible to find that note due to the lack of a searchfunction in the iPhone. My God! It should be a searchfunction in Mail, iCal, and even more - ofcourse some kind of spotlight version to search everything in your iPhone. Shouldn't it?

Whats more, I had a .jpg picture in my old Nokia phone that I wanted to send a friend. Not only is it impossible to get the picture to my iphone via Bluetooth which is terrible - but even when I got the .jgp over to my iphone after a long road of complicated steps - I cant send it to my friend as an MMS - I have to mail the picture.

And that meant in this case that the picture didnt reach my friend until 2 weeks later as my frind was on vacation and could use mail until he was home.

In this world we live in now, this really should work on "the most advanced smart phone in history" - dont you think??

What in the world makes Apple cut away these simple functions that REALLY would make the iPhone compateble with all the other brands of smartphones that are out there?

And why, why, why cant i search for and subscribe to podcasts on iTunes - directly from my iPhone?? Is it just becasue it doesnt give any profit to Apple as podcasts normaly are free? Seems greedy!!!

And why cant I delete songs or podcast that Ive already seen and dont want there anymore - right on the iPhone?

I do love Mac and have a bunch of them (!) but lately with all the new things coming from Apple, I find they are going backwards in many respects - the issues above is just some of the things that spekas for that statement.

I'd love to hear you talk about this on your show, mayabe with some of the experts you often invite.

And by the way- keep up the good work you do - you really glue me and a lot of people out there to the podcast, thanks a lot.

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

TMUP FAN — Thu, 07 Aug 2008 17:31:44 -0000

LUDWIG
One option is to create a NEW ADMIN account, then change your old admin acct with everything in it to a STANDARD ACCT and continue to use it.

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

Ludwig — Thu, 07 Aug 2008 15:35:19 -0000

Victor/Paul, I have a question. I'm convinced that creating a secundary account in order to leaving the Admin account at peace for safety reasons is a good option. So I went ahead and created one. But of course, it appeared completely blank, since all my data are in my original Admin account. My question is: how can I get those data (docs, music, photos, bookmarks...) into my newly created secundary account? And can I thus remove them from the 'old' Admin account? Thanks so much for all you do and enjoy your Mac life!

Ludwig

Re: TMUP 142: We Talk Apple Security with Paul Assadorian

TMUP Fan — Thu, 07 Aug 2008 14:05:10 -0000

So, Victor, in the security segment, DotPaul was talking about how a user's credentials can be hijacked from Safari (or another browser) by malware that forces the browser to visit often visited secure sites while the malware captures the credentials over WiFi. At least that is what I thought I heard.

I'm fanatical about using Safari or Camino as my only browsers for visiting sites where I log in with credentials. Why? Every time I log out, I go the menu option to RESET Safari or Camino. Every time. And I don't let the browsers store log on info, however they do it. That's EVERY TIME, home, work, or the rare visit to a public WiFi site.

I go one step further when visiting public WiFi (not often, I assure you). I keep a separate "Standard" User Account just for public WiFi. So (in theory) neither my regular "Standard" user account with "real info" nor my Administrator account are exposed to WiFi hijack.

Are those major steps toward safety? Or am I still at risk from those particular vulnerabilities?