Free antivirus for Mac

Sophos recently made available a free antivirus application for Macintosh users. Haven’t tried it yet, but it looks promising and it fills a glaring gap.

For all you Mac users out there who think that “Macs don’t get viruses” – please wake up and smell the capuccino.

Grab the software from
http://www.sophos.com/products/free-tools/free-mac-anti-virus/

Malware infected, from the factory

2012: HP ship ProCurve 5400zl switches with infected flash cards

2010: IBM hands out infected USB sticks in a security conference.

2010: Dell ships replacement server motherboards containing a Windows worm.

2010: Olympus ships camera with infected memory card.

2010: Samsung ships smart phones with infected memory card.

2008: Samsung ships infected digital photo frames.

2008: HP ships Proliant servers with infected USB keys

2007: Apple ships iPods with the Troj/Bdoor-DIJ malware.

2007: TomTom ships malware-infected GPS SatNavs.

2006: McDonalds Japan hands out infected MP3 players as prizes

2005: I-O Data Device ships infected hard disk drives

2001: HP distributes infected printer drivers

2001: Microsoft distributes infected “security updates”

Know of other such incidents? (malware-infected hardware being shipped from high-profile vendors)

Leave a reply!

UPDATE 17 June 2012: See attrition.org’s Certified Pre-Owned for a more extensive list.

A glimpse into reality – the world’s response to wikileaks

They say you can see the true nature of people in a time of crisis. All sorts of organisations, from media outlets to governments, consist of people. So, what has the publication of low-secrecy US diplomatic cables taught us?

An Australian citizen is denied bail in the UK, because of a misdemeanor charge in Sweden. The charge, if proven to stand, would amount to a crime on the same level with *graffiti*. (jurisdiction? innocent until proven guilty? Habeas corpus?

Parts of the US government are blocking access to newspaper websites. Others are ordering or threatening their own personnel and university students not to read the leaked diplomatic cables.

“News contributors” on (predictably) FOX news (and politicians) are going on the record on national television, stating that Julian Assange should be assassinated.

If this is what gets shamelessly thrown out in the open, can you imagine what’s going on behind closed doors?

For more on the above: DemocracyNow! December 15th broadcast

Access to Justice

Quoting the Guardian:

As part of a scheme called “access to justice”, prison authorities are arranging for Assange to be given a computer so he can work on his case. The computer will have limited internet access.

Assange asked for one of his legal team to be allowed to bring him a laptop, but was refused – prisoners are not commonly allowed their own computers.

Intriguing.

“Access to Justice” sounds like “we’ll be happy to know all your passwords & contacts” to me. I’m sure Mr. Assange is smart & informed enough to know this, but other prisoners might not.

Bringing your own laptop raises the bar just a notch, but doesn’t offer any protection against an organised adversary:

Bit of a pickle, really.

How to close your PayPal account

Predictably, PayPal make it hard to close your account with them. Friends have been asking me how to do that, in response to the Wikileaks affair, so here’s how:

1. Login to your PayPal account: https://www.paypal.com

2. Click on “My Account”

3. Click on “Profile”:

4. Click on “My Account Settings”


5. Click on “Close Account”

6. Click “Continue”:

7. If you feel like giving PayPal feedback as to why you’re closing your account, you can do so in this page. Scroll down to the bottom of the page to find the “Continue” button.

8. Click “Continue”:

9. Click “Close Account”

10. Finally, PayPal is kind enough to do what you asked it to do  7 clicks ago. Congratulations!

Note: If the above steps stop working (because PayPal reorganise their website or changes some buttons) you should be able to find instructions by clicking “Help” in the PayPal website and then searching for “close account”.

Remove junk, win disk space, better privacy

A didactic run of the simple (yet mighty) CCleaner on a colleague’s laptop:

2,1GB of disk space reclaimed:

Thousands of cookies (most of them used to track your online behaviour) deleted:

Note to antivirus administrators: Please keep SEP under control, as it tends to aggregate a lot of junk:

This is not a thorough clean – there is a lot more junk and privacy-compromising stuff on this machine, but a CCleaner run is a dead-easy first step.

We are losing

The arms race between online criminals and people trying to protect you from them is in full swing. But seeing that well-respected security researchers are desperate enough to suggest using bootable Linux systems for online banking is quite scary.

Yes, there is no other way of defending against a large class of attacks.

No, real people should never have to go through this ordeal to not be ripped off.

If  conducting secure online transactions has come to require such levels of effort and sophistication on behalf of end users, it’s a dangerous cancer for the dream of online commerce which must be recognised and addressed.

Criminals have an easier task than defenders, as security is only as good as its weakest link. Regardless, we can and must do better than this – dumping the cost on end users must stop.

The commercial malware industry

Whenever I talk to people about the need to be careful (vigilant?) online, run antivirus software, install updates, use secure browsers/plugins etc I get invariably told I’m being paranoid.

“Why would anyone attack me?”

“I have nothing of value, they’re welcome to my collection of dancing pig animations – haha”

“I’ve been online for years and nothing bad has happened, so relax with the alarmist propaganda, will ya?”

Thankfully there are people like Peter Gutmann around to eloquently lay out the playing field and to show people that “If you have a pulse, you’re a target”. Hopefully, this material will also make people care that their computers, Hotmail accounts and broadband connections are being used by criminals to make millions.

(this is from 2007, but I recently came across it and was so impressed I just had to spread the word)

Ladies and gentlemen, the commercial malware industry:

Video: http://video.google.com/videoplay?docid=2566542832546263615

PDF: http://www.cs.auckland.ac.nz/~pgut001/pubs/malware_biz.pdf

This is how crooks make millions out of our complacency. Perhaps it’s time to start caring about computer security and keeping what’s ours, ours.

UPDATE 31/01/11: A more succinct online tutorial by Sophos on “How cybercriminals steal your money“.