Mac Security Status Report, Part I

--
Introduction:

As a non-expert at computer security, it's a bit silly to believe I can provide any comprehensive report of current Mac security. However, I don't see anyone else bothering. Instead I see a variety of niche groups and niche skill sets involved with Mac Security but not pulling the pieces together. I also hear incessant vacuous FUD attacks from frustrated sources who wish Mac OS X was even remotely as unsafe as Windows blatantly is. It's plain old propaganda, not unlike the worthless political rhetoric in the media attempting to divide people through the promotion of fiction and fear. :-P

Therefore, I'm not going to worry about the areas in which I have lack of insight. Instead I'm going to take a stab at it and do what I do best: Examine the overall system of Mac security, provide some relevant details, then offer my summary and conclusions. Never rely on only one source of information about anything. Lord help anyone who uses Fox News as their soul political information source. Equally, lord help anyone who uses my work as their soul Mac security information source.

I) A Critical Mac Problem, Inadvertently Provided Via My Pet Troll:

The IT Ignorance Factor

Every source of difficult information has its trolls. It's difficult for Windows users to face Mac OS X security facts. Mac OS X is the #3 safest operating system available. The two better operating systems are OpenBSD and FreeBSD. It is no coincidence that Mac OS X is built upon an Open Source foundation that is based in part on pieces of both OpenBSD and FreeBSD.

This upsets my pet troll very much and makes him angry. This month he calls himself 'Tom' the troll. He is an anonymous coward reader of the blog, unwilling to let anyone know who he is or his stake in propagandizing Windows over Mac. It's all entirely dull and predictable to me. Occasionally my pet troll attempts to post FUD commentaries into my blog. I take a look at them, laugh a while, then step back and consider what pieces of his dishonest propagandist point of view could be useful to me. This time he wanted me to listen to the 'woe is we' rantings of one Roger Grimes, a Windows apologist and security analyst paid by Microsoft. You can listen to this fellow yourself at:

SecureABit.com

Scroll down to episode #67 of their podcast. Most of the dull program includes commentary from Mr. Grimes.

This fellow pulls the usual pro-Microsoft, anti-Apple myth mongering and propagandist garbage. What is unique in my experience is his defeatist attitude regarding computer security. He says essentially that we're all screwed no matter what, but OpenBSD is the best we've got for operating systems, but darn it's too difficult to use for mere mortals, so use Windows. (o_0) Oh that makes (no) sense! He then tosses out 'The Grimes Corollary' that restates the 'Security Through Obscurity' myth. Been there, killed that, yawned.

However, I was able to pull out of Mr. Grimes' rants one useful comment. It is this: Enterprise IT technologists don't adequately, or in a timely manner, patch the computers under their care. They also allow their users to use simplistic passwords that are easily cracked. This is most particularly evident on Enterprise Mac computers. The reason why is simple: Enterprise IT technologists rarely bother to learn Mac security or enforce it. Therefore, Mr. Grimes tells his tale of enjoying visiting businesses that integrate Macs because so commonly the machines are not up-to-date with security patches and are using easily guessed passwords. I would assume he uses a dictionary attack program against them, which these days are extremely fast and effective. He also keeps track of all the reported Mac vulnerabilities and uses them against unpatched machines.

So here we have Macs, the safest GUI OS based computers available, being easily cracked via very basic techniques that anyone's granny could use. This is shameful. Mr. Grimes would like to blame the users for this state of affairs. But of course it is the IT technologists and the IT managers who are entirely to blame. Never, ever, expect a business user to be any kind of technology security expert. To do so is to literally invite into your business The LUSER Factor. I've covered this issue many times in the past. It is the main reason why Mac OS X has any malware at all and is the reason that nearly all Mac OS X malware are Trojan horses.

There is more going on in the Enterprise than just problems of 'the user', or what's 'between the chair and the keyboard'. In business the computer is a tool, and the tool master is the IT expert in charge of that tool. This leads me to create another descriptive phrase that I call The IT Ignorance Factor. This problem occurs due to a multitude of factors. I'll toss out a few of them:

A) The business does not provide adequate time and resources for adequate computer maintenance. IT people often pull out their hair trying to get biznizz types to comprehend technology. But the fact remains that not keeping computers maintained means directly damaging the company. There are multitudes of tales of woe. Here is one from today concerning the shockingly computer ignorant US federal government:

US embassy cables leak sparks global diplomatic crisis

If the government's IT 'experts' had been on the ball, this could not have happened. I strongly suspect that they were kept off the ball with the help of bad management. This is when IT technologists must become educators and stop the 'boss' from being an 'ass'.

B) Laziness. Clearly most IT technologists live in the Windows world. Why bother to learn that other platform if they don't have to. You've heard this illogic before.

C) Fear. It sounds odd, but many IT technologists have trouble enough dealing with Windows hell. They're scared to get involved with another platform, making things even more complicated, or so they illogically believe.

D) Arrogance. Most Mac users have met the know-it-all geek who is a gawd of Windows and sneers at Macs. Then of course when someone defends the Mac these stick-up-their-ass bozoids accuse Mac users of going all 'religious' or counter 'arrogant', ad nauseam.... Therefore, of course such creatures are not going to bother to learn or apply proper Mac security methods.

There are of course more excuses and failings involved. Post your faves in the comments if you like.

? ? ? ? ?

Thus ends Part I. Further parts of my Mac Security Status of 2010 will include a summary of all the current active Mac malware, a summary of the consistent types of security vulnerabilities in Mac OS X, and a summary of the non-Apple security threats against Mac OS X. I'll be covering the Koobface/Boonana worm, the 'Evercookie' technique and how to combat it, as well as further coverage of the ongoing foolish attempt by the US federal government to backdoor every computer data encryption method.
--

Update: Secunia Half Year Report 2010 & QuickTime Hell

--
In a previous article, entitled "Desperate Propaganda..." I had a rant-fest regarding a PC World FUD-fest regarding Apple security. The author, Preston Gralla, managed to spew out this line of deceit:

:-Q****** "The security company Secunia reports that Apple products have more vulnerabilities than those of any other company."

This was clearly taken as a hit at all Apple products. What was missing was any reference to the context of the source Secunia report, which you can read HERE. I knew better, having been an avid Secunia reader since 2005. In fact, the only Apple products noted in the report were QuickTime and iTunes on Microsoft Windows. Secunia didn't cover any other Apple products.

When I read through the entire Secunia Report I found nothing of relevance to Mac OS X except the fact that the Apple apps discussed are prone to the same problems on Mac OS X as well as Windows.

QuickTime Hell

In previous articles I've covered the major problems with QuickTime, the biggest culprit of Apple security holes. It is used in iTunes, thus making iTunes just as vulnerable. In summary, QuickTime stumbles over malicious ECMAScript (aka 'JavaScript') and coding errors that allow malicious buffer overflows.

Supposedly Apple has been overhauling QuickTime. The first peak at it has been QuickTime Player X. But as far as any user can tell, the QuickTime X project is stalled at version 1.0.0. What we have on Snow Leopard is entirely inadequate, incomplete and buggy. Serious QuickTime users are required to also install QuickTime version 7, the current version of which is 7.6.6.

Hopefully Apple will get back to work on revising QuickTime now that iOS 4 has been completed and released.
--

To: 'hip' Re: iMac_Sux.dmg

--
Recently a reader nicked as 'hip' sent me the URL to an evil crapware file entitled 'iMac_Sux.dmg'. Here is his full message with the exclusion of the URL for downloading the file:

Wanna crash an iMac?
Just mount this .dmg file, then have a look at what MassStorageCamera is doing.
It will be consuming all RAM and processors!!

I am not providing the URL in order to avoid being accused of distributing the thing.

Thank you 'hip'! I checked out the website where the file is located and enjoyed it. I particularly enjoyed the page quotations from The Hipcrime Vocab by Chad C. Mulligan. The insights are refreshing after living amidst the Neo-Con-Job / Tea Party / FuxNews / News Corp / Rupert Murdock Regime gibberish age within the USA where intelligent thoughts and verifiable facts are out of fashion.

I ran the .dmg and it did exactly as expected, without crashing my MacBook 2 GHz from 2006-11. It also auto-opened the 'CameraWindow' application that I installed for my Canon camera. I checked through the code within the .dmg and am going to 'guestimate' that the resource scripting near the end is instructing Mac OS X to treat the entire boot volume as a camera image volume. I was too bizy and lazy to dig further.

Clearly this is a very simple call being made within the .dmg that fools Mac OS X into thinking the opening .dmg volume is a camera. Fascinating. The fault of course is in MassStorageCamera for being allowed to eat your Mac alive. As I've pointed out previously, even Intego's VirusBarrier application has race condition bugs.

My POV: I've studied coding as well as code project management. Coding these days is typically for applications, etc., that are so vast that no single human being can comprehend them. The result is coding-by-committee which in and of itself is a guaranteed mess. There is also the eternal pressure of 'Do Less With Less' from clueless biznizz management and nagging clients, none of whom comprehend the escalating difficulties of coding. Then there is the basic crappiness of the archaic coding languages we still use these days. Anything based on 'C' coding is going to have plenty of problems if only from buffer overflows, the single largest coding plague of our day. We're also stuck with ECMAScript for Internet scripting (which incorporates LiveScript/JavaScript, the JScript abomination from Microsoft and the ActiveScript mess from Adobe). Java continues to FAIL to live up to the hype, causing its own security and memory problems. Then there are the eternal security holes in PHP and SMB on and on.

I'm not at all surprised that Apple missed the bug inherent in the 'iMac_Sux.dmg' file. I can easily see them being aware of it and tossing it on the back burner if only because it does not represent a security or major crashing problem. Similar CPU and RAM devouring buggy code has been around for many years. What sucks most is when system calls can crash the entire computer. Not having an iMac around to play with, I can't verify that this file crashes the machine. But I am going to guess that with current Intel iMacs it does not.

Dr. Charlie Miller and Dino Dai Zovi have the current best Mac hacking & cracking & pwning etc. book available for Mac OS X entitled 'The Mac Hacker's Handbook'. Both of them have Twitter accounts to follow. Both are very amusing to read. Dr. Miller is brilliant at coming up with methods for testing and breaking into Mac OS X. This past spring he won yet another Pwn2Own contest. He gave a presentation at Black Hat this last week where, among other things, he revealed yet-another security hole in Adobe Acrobat and Reader.

Here is a fun interview with Dr. Miller from March:

http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/

CONCLUSION: Expect security holes. Expect coding errors. There is no such thing as a perfect coder. There is no such thing as a perfect application or operating system.

I'll also add my usual coda: The only people I've ever heard or read saying that 'Macs never have security problems' are either NEWBIES or TROLLS. One of course never takes seriously the word of either of these species of human. It is well worth keeping track of Mac security. It is also well worth sorting out Mac security FUD from FACT.

BTW: Considering all of the above, what are the chances that humans will ever create Turing Test verifiable Artificial Intelligence? Not in my lifetime! No SkyNet worries.
;-D
--

Desperate Propaganda, aka FUD, in the Anti-Malware Community

--
We are living not only the 'The Age of Triva' as I call it, but 'The Age of the Marketing Moron'. Marketing Morons treat the customers and clients as worthless scum only valuable for their money.

Lately I have been wondering if biznizz skoolz deliberately teach their MBA candidates how to be effective psychopaths. Who is better at abusing other humans than a psychopath? I read this past week that an estimated 10% of biznizz executivez are psychopaths because it is such an in-demand mental illness for the creation and execution of biznizz ambitions. Imagine that. Variations of Bernie Madoff may be running your company. No wonder we're in a lingering economic depression.

[Note: I use the terms 'biznizz', 'executivez', 'skoolz' etc. whenever discussing deceitful aberrations from respectable forms of the subject. Deliberately distorted spelling is an enjoyable method of both sarcasm and laughter.]

Last week Intego pulled a FUD (Fear, Uncertainty and Doubt) move with their monstrosity 'Learn About Mac Malware'. This week it is being reported, by PC World, that Secunia have joined the anti-Apple security FUD circus. I'll decide that for myself in a future article. For now, it's of interest to take a look at the utter bullshite perpetrated by PC World. It doesn't get much more stooopid:

Security Firm: Apple Has More Security Holes Than Microsoft

The first sentence in this article gives away the show. This is FUD:

Here's another blow to those insist that Apple products are rock solid and unhackable

As I wrote to PC World:

No one says "Apple products are rock solid and unhackable" except YOU PC World. It is an invented club with which to slam and abuse Mac users. It's called desperate propaganda, aka FUD

I also wrote to PC World, and posted at FaceBook:

Facts (vs FUD) regarding Macintosh security:

Number of Mac OS X viruses: 0
Number of Mac OS X worms: 0
Number of illegal Mac OS X spyware: 1
Number of Mac OS X Trojan horses: 23

Compare that to the number for Windows and decide for yourself.

No one ever said Mac OS X was perfect (except trolls). But it remains the single most secure GUI operating system available. The only operating systems that are more secure:
- OpenBSD
- FreeBSD

And Mac OS X contains elements of both these operating systems. No coincidence.

Suggestion: Do your homework before posting about Mac OS X.

Here is a ticked-off post I made over at MacDailyNews regarding this FUD:

ANTI-FUD:

I receive EVERY Secunia report they publish via eMail.

Want to know what they publish every week? A GIGANTIC PILE of Windows vulnerabilities and extremely few Mac OS X vulnerabilities, as in about 1 (ONE) per month, at a guess.

This FUD attack 'by Secunia' [by PC World!] is made utterly hilarious by their own publications. Don't believe me. Go look for yourself:

http://secunia.com

Examine the home page. What do you see Highlighted there? Today:
- Microsoft Windows Shell Shortcut Parsing Vulnerability
- Apple iTunes "itpc:" Handling Buffer Overflow [That is SPECIFIC to WINDOWS ONLY]
- Microsoft Windows MFC Document Title Updating Buffer Overflow

Is there ANYTHING there related to Mac OS X? NO!

So what's with the FUD?

--> The fact that nearly the entire Anti-Malware Community lives off the security FAILures of Windows. Therefore, obviously, everyone MUST USE WINDOWS in order to keep them all employed!

? = Pure Adulterated PROPAGANDA

And no folks. There is nothing perfect about Mac OS X security. It just happens to be the most reliable of any GUI OS on the market. The only OSes with better security reputations are:
- OpenBSD
- FreeBSD

And oh look. Mac OS X contains elements of BOTH these OSes.

Hey FUD mongers: GET BENT.

Meanwhile, you can take a look at the Secunia report that inspired the FUD. It is a PDF file:

Secunia Half Year Report 2010

Seeing as PC World has no interest in factual Macintosh security information, and may well be spinning FUD regarding Secunia, I'm going to give the report a read myself. If I find anything of interest to Mac users, I'll post.

Share and Enjoy!
--

Intego Errors! Marketing Vs Fact, Money Vs Reality

--
Kids. Didn't I tell you the computer anti-malware community was 'unprofessional'? Here we go again.

For shame Intego! Publishing FUD to sell your anti-malware software. For shame!

I like the folks at Intego a lot. But this is the SECOND time they have outright FUDed the public for the sake of making sales of their indeed superior anti-malware software. Note that this is entirely in line with our current era of PROPAGANDA at the expense of both facts and reality. I DESPISE FUD! I DESPISE PROPAGANDA! If you check out my zunipus blog you'll see I'm well versed on the subject.

This very WRONG page of information was posted at the Intego website this week. It makes me want to gag. It's crap like this that inspires me to keep writing my own, independent, 'hey look at me I have a brain in my head', Mac-Security blog:

Intego: Learn About Mac Malware

The Post-Mortum:

I) This page claims to provide a "clear explanation of what types of viruses and malware are a danger for Mac OS X."

Bullshit.

There is nothing 'clear' about FUDing customers and confusing them with ignorant information. If you haven't already spotted the garbage on this page, read on.

II) The Mac picture provided on the page, with its arrows to various malware, includes the word "Botnet". This is WRONG. There is no such thing as a 'botnet' form of malware. A 'botnet' is the result of having many computers infected with BOT malware. The software that infects your computer is called a 'bot.' Not a 'botnet'. A BOT!

III) The paragraph entitled "MAC VIRUS" is WRONG. There are NO viruses for Mac OS X. There never have been any viruses for Mac OS X. So this paragraph must be proceeded with the word:

NO

The description of viruses by Intego in this wrongful paragraph is entirely inadequate. Read these instead:

Computer Virus
or
What is virus?

In fact there are dozens of pages on the Internet that have superior descriptions of computer viruses. Google "What is a computer virus?"

IV) Examining the wrongful "MAC VIRUS" paragraph we see two wrongful examples. They are NOT viruses. Here is what they REALLY are: PROOF OF CONCEPT malware. Did you see 'Proof Of Concept' listed as a type of malware in Intego's illustration? No. Why? Because they are only demonstration malware that are NOT released into the wild, cannot replicate in the wild, and are only created to prove a software security problem. They are HARMLESS to one and all except on test machines used for EXPERIMENTATION. Anyone telling you that Proof of Concept malware will ever appear on your machine at any time, except within an experimentation situation, are FUDing you. FUD = a classic form of propaganda known as FEAR, UNCERTAINTY and DOUBT.

You can read about FUD here:

Fear, uncertainty and doubt (FUD) is a tactic of rhetoric and fallacy used in sales, marketing, public relations, politics and propaganda.

If you'd like to read about Proof Of Concept malware, check these out:

Proof of concept

Prototype

What is proof-of-concept virus?

And for fun, here is what these two Proof of Concept malware actually do:

A) OSX.MacArena.A - Here is a quotation from 2006 from Kaspersky's Securelist.com:

"Macarena was the first attempt to create a virus for Mac OS X that infects mach-o format executable files. The virus only infects files in the current directory and only runs on Intel platforms, i.e. it does not pose a threat to machines with ppc architecture. These malicious programs are purely proof of concept code, i.e. they demonstrate that such programs can be created."

Darn. This thing can only self-propagate within its own current directory. Wow. So scary. It is NOT in the wild. It does NOTHING to harm your computer. Not-a-thing.

B) "OSX/Oomp-A or Leap.A" - First off, note use of two different names for the exact same thing, AND the total lack of conformity to the published malware naming standard. I'd be ticked off, except this is again harmless proof of concept malware, so who cares. Here is an article from Macworld, published in 2006, about what is ACTUALLY called the "Oompa-Loompa Trojan" by the first person to publicly describe it, Andrew Welch of Ambrosia Software:

Reports emerge of Mac OS X Trojan horse or worm

"Reports indicate that someone has let loose a �Trojan horse� or worm for Mac OS X users. The program is hidden within a package that purportedly contains screenshots of Apple�s as-yet unannounced next major revision to Mac OS X. Whether it�s a Trojan horse or worm seems to vary depending on the source of the information."

Do you see the word 'virus' in this description? NO.

"So-called Trojan horses are differentiated from viruses because they masquerade as a regular application or file and do not replicate themselves arbitrarily."

Ah! So NOT a virus!

"Anti-virus software maker Sophos takes issue with this description claiming this is the �first ever virus for Mac OS X.�

Traveling over to the Sophos page, what do we see in the TITLE of their article?

"First ever virus for Mac OS X discovered
OSX/Leap-A worm spreads via iChat instant messaging software"

So it's a 'worm', and NOT actually a virus. That's what Sophos are actually saying.

But I thought proof of concept OSX.MacArena.A was "the first attempt to create a virus"!!!

Are you getting the idea of how chaotic the anti-malware community can be?

And guess what folks. Ooompa-Loompa was made entirely INERT with the next Apple revision of iChat. So be scared. Be VERY scared!

And no, it's NOT a virus. No, it CANNOT replicate itself in-the-wild. This thing can only replicate via iChat within a LAN. That means it hasn't even got a clue what the Internet is. Got that? NOT-IN-THE-WILD at all. It can't get there. There was only ever ONE place it was ever found on the Internet, at that was in a forum at a Mac rumor website.

V) Then we move along to the wrongful paragraph about BOTs. I'm perfectly happy to ALSO call them by other malware names. But the ONLY bots for Macs exist in the form of Trojan horses. There are three of them: Trojan.OSX.iServices.A - C, which is to say that there are versions A, B and C. They have only ever been found, as Intego indicate, within the installers of pirated software. These include pirated copies of Apple iWork and Adobe Photoshop CS4.

Once Macs were infected, via these pirated installers, with the bots, the computers were then 'zombied' or 'botted'. Via communication over the Internet, these machines then joined into what is called a 'botnet'. In early 2009 there was a guestimate that the resulting botnet contained over 10,000 Macs, which indicates the popularity of pirated software. The only published attack carried out by this botnet that I am aware of was a DDOS, or Distributed Denial of Service attack. I've never heard or read about it again. But note that this malware is indeed still in-the-wild and can infect you.

VI) Then we get to the WORM section: Note how Intego don't list any for Mac. That's because THERE AREN'T ANY for Mac, except as Proof of Concept malware. Yawn. Therefore, this section also requires the removal of the 'YES' to be replaced with:

NO

The description of worms here is poor. Reading this stuff you'd think they were the same thing as viruses. They aren't. Read this from Wikipedia.org:

Computer worm

"Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer."

The main, if not only, point of a worm is self-replication. Whereas, the point of a virus is not merely to replicate but to DAMAGE.

~~~~~~
I know Intego are not going to be pleased that I've ripped apart this blatant propaganda / FUD piece. To be honest, I'm really miffed that I, a non-professional in the Mac malware field, end up having to point out these ERRORS and FUD. If dimwit security amateur me knows full well the bullshit in this Intego article, why the hell are the 'professionals' at Intego publishing it?!

My proposal:

Dear Intego,

FIRE your Marketing Manager. Dishonest marketing damages your company's reputation. Witness Adobe.

And please don't bother writing to me to attempt to explain the bullshit in your article! Just take the article down, remove it, kill it. Then get a serious professional at Intego, (I know they exist! I've talked to them!), to write a seriously HELPFUL, HONEST and INFORMATIVE article that misleads no one and educates everyone. THAT will bolster your reputation and sales. Not this FUD crap.

Where's my aspirin?
--

Intego VirusBarrier Version 10.6 Review:Part I

--
Let's start with the GOOD NEWS:

Intego VirusBarrier is the only anti-malware program I can recommend for Mac OS X. Its interface and features are unmatched by any similar program. The signature updates are regular and reliable. Intego stay right up-to-date with all Mac OS X malware. The program is 100% compatible with Snow Leopard. Ignore all reports to the contrary. For Mac users who want a top notch single-user anti-malware program, this is the only one. Nothing compares, except perhaps Sophos, which is only designed for network users.

The new VirusBarrier 10.6 version adds a bunch of new security features worth the upgrade price. Some features are redundant to those already in Safari and FireFox. The reverse firewall is the only new feature I care about. Reverse Firewalls stop dead any way to zombie your Mac. They also stop all software from 'phoning home'. I've been using Little Snitch for years and love it. The reverse firewall in VirusBarrier 10.6 is not as good as Little Snitch. But it's there and it's useful.

A new single user license for VirusBarrier costs $49.95 and protects two Macs. A new family license is $69.95 and protects five Macs.The 10.6 upgrade is potentially free for those who purchased VirusBarrier 10.5 on or after November 25, 2009 through April 13, 2010. See Intego for details. Otherwise, the upgrade is $34.95 for single users. A family pack upgrade is $59.95 for protecting five Macs. Every new or upgrade license includes a year's subscription of malware signatures.

Intego also provide an occasionally useful and intelligent Mac Security Blog.

Now the BAD NEWS:

1) Accompanying the 10.6 update is a new advertising campaign that makes several wrong and ridiculous claims consisting of what is traditionally called BULL SHITE or FUD. Enjoy:

"More and more malware is discovered every day. Macintosh computers face threats from viruses, Trojan horses, worms and more."

Incorrect! There are ONLY Trojan horses for Mac OS X. Period. The End. If you believe otherwise, you've been duped.

"VirusBarrier X6, the Lowest-Priced Mac Antivirus"

No. FREE would be 'The Lowest-Priced Mac Antivirus', and there are a few of those to choose from. See below.

"... simply visiting a booby-trapped web page can compromise your Mac."

This has never happened on Mac OS X in the wild or in a 'Crack A Mac' competition without an account user providing deliberate sabotage assistance. However it 'could' happen if a JavaScript or Java security hole wasn't patched in your web browser or operating system. (Readers of my posts know what contempt I have for the state of JavaScript).


I hope Intego have brains enough to dump the false advertising before they get sued. I despise FUD and would hate to have to put Intego on a par with Symantec, the renowned masters of anti-Mac security FUD and makers of easily the worst anti-malware for Mac.



2) Yearly malware subscriptions for VirusBarrier are required and expensive. $29.95 for one year. Yikes! A two year subscription is 50% off the second year at $44.90. If you're up for renewal and are using version 10.5, you might as well upgrade to 10.6 at $34.95 and get the included one year subscription, saving yourself $25.

3) Intego outright refuse to provide a list of malware detected and removed by VirusBarrier. That's idiotic and I've directly told them so. They don't care. Instead, I follow the imperfect but useful Threats Database provided by the PC Tools site, the makers of the up and coming competitor program iAntiVirus.

4) And of course, if you turn on the Real-Time Scanner feature, expect VirusBarrier to eat your CPU. So turn it off. You don't need it unless you're dealing with LUSERs, in which case all you have to do is prevent them from having access to an administrator account and password. It's seriously that simple.

CONCLUSION:

So what is VirusBarrier for? It protects you from LUSER behavior and lets you find and wipe out Windows malware you may be passing along to Windows users.

If you're a conscientious Mac user who checks the validity of all software you install, you don't need VirusBarrier to protect your Mac. There are less reliable free alternatives if you want to try them out, such as ClamXav and iAntiVirus. (Avoid MacScan, which is ultra-lame).

I'll be posting a detailed feature review in Part II after I test the new VirusBarrier 10.6.3 update.
--

Security FAIL:When Apple Deserves A *WAKE UP!* Slap

--
Apple are pulling an 'Adobe'. Got a security problem? Sit on it.

Even worse, there's already a solution! So are Apple either (A) OBLIVIOUS or (B) LAZY or (C) STUPID or (D) DGAS? Any one of the above is worth a good *WAKE UP!* slapping.

Here is the story, as presented by SANS in their NewsBites newsletter, Volume 12, Number 3. (Emphasis is mine):

--Proof-of-Concept Code Posted for Mac OS X Flaw
(January 8 & 12, 2010)
Proof-of-concept exploit code for a vulnerability in Mac OS X has been posted on the Internet. The buffer overflow flaw affects versions 10.5 and 10.6 of the Apple operating system and can be exploited remotely. The flaw lies in the libc/gdtoa code in a variety of software products. Apple has known about the vulnerability for seven months, but has not fixed it yet. It has already been fixed in OpenBSD, FreeBSD, NetBSD, Google and Mozilla.

http://isc.sans.org/diary.html?storyid=7942

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222300150

http://www.theregister.co.uk/2010/01/12/critical_osx_security_bug/

Why this inexcusable? Because Apple incorporates code from FreeBSD and OpenBSD into Mac OS X. IOW, it is almost as easy as CUT & PASTE to repair this security hole in Mac OS X.

So what does it take to kick Apple into action? Proof-of-concept code! Let's watch how quickly Apple respond.

Cranial Cogitation:
A lot of people get upset at hackers who FUD Mac OS X, myself included. The thumb-in-your-eye juvenile arrogance some hackers spew is worthy of revulsion. Nonetheless, hackers remain a critical part of the computer community. I look at hackers as part of the essential diversity of the natural world. There is no such thing as a monoculture in nature. Without diversity, any natural system immediately fails. Similarly, without hackers, computer security would FAIL.


So thank you to hackers who take their free time to demonstrate skills in order to improve our computer community. Thank you for kicking Apple in the bollocks when they need it!

The volley is to Apple...





--

The Anti-Mac Security FUD-Fest Is Fun For All! Rah! Rah! Rah!

--
Man, I am getting a lot of traction out of that moronic article at CNET, not worth reading HERE. For me, it really is fascinating to sit down and contemplate what is actually going on in computer security right now. Here are some of the elements:

I) 7ista, aka Vista Service Pack 7, is now insighting cacophonous riots of anger because its security is still terrible. A net acquaintance posted these URLs over at MacDailyNews:

Cybercrime Rises and Vista 7 is Already Open to Hijackers

Vista 7: Broken Apart Before Arrival

Department of Homeland Security �Poisoned� by Microsoft; Vista 7 is Open to Hijackers Again

Researchers show how to take control of Windows 7

That last article is about how to 'PWN' 7ista. Not good. Google provides a few hundred thousand similar complaints.

II) Meanwhile, the Anti-Mac Security FUD-Fest continues apace, thanks to our usual line-up of hacker pals. Mac OS X is already the best GUI OS for computer security, in part thanks to integrating the two best CLI OSes, OpenBSD and FreeBSD. The result: Mac OS X progresses forward to become BETTER than the BEST! That's good. Thank you Dr. Charlie Miller and friends.

III) So of course we get dumbass articles about how nasty bad and laughable Mac OS X security is, right? (o_0)

It's a strategy with many purposes, perpetrated by many sources. Figuring out the motivations behind the deceit is quite intriguing. Laughing at it all is fun! It lowers your blood pressure. Live longer and laugh at the clowns.


Here is yet-another post I made, this time at MacDailyNews.com, regarding the FUD-Fest and Microsoft. It sort of encapsulates it all:

Microsoft have put in place some modern methods of deterring hackers and crackers. They had to. They had the motivation. Their operating system is a bloated catastrophe of spaghetti code that is well beyond their comprehension. They can't fix it. They've made many attempts over the last 15 years and consistently failed. They gave up. Vista is the proof. 7ista is icing on the proof.

Should Apple add in these modern security measures? Damned right!

But is it a BFD? Will Mac OS X roll over and DIE? Will THE BIG ONE virus hit Mac OS X and make us all go running home sobbing to mummy? Of course not!

Apple's attention to security has been increasing exponentially over the last two years. This month's security updates were the most in Apple's history. But as is typical with humans, the house has to be on fire before you pour water on it and fix the cause. Mac OS X does not have a faulty electrical system that will burn the house down. Apple know that. We know that. So what's the motivation? Planning ahead takes extra prodding. Prod Apple and they respond eventually.

This is one reason I actually praise the Anti-Mac FUD-fest we've enjoyed since Symantec insighted it exactly four years ago. It has hurt no one. It has inspired Apple. We benefitted.

We the customers know we already had an incredibly secure operating system. It's based on the two most secure operating systems in existence bar none: OpenBSD and FreeBSD. So why not make it EVEN BETTER?!

Let's go MaNIaCaL!
Go Apple Go!
Add steal bar reinforcement to the castle walls!
Add boiling oil caldrons!
Put alligators in the mote!
Install the rotating knives!
Hire some Cenobites!

Conclusion: We win any which way you look at it. If users of the less secure operating systems can't deal with it, oh so sad for them.

As long as we keep our eye on the ball, which is keeping our computers as safe as possible, our progress toward better than best will continue. :-)

Rah! Rah! Rah!
Go! Apple! Go!
Yayyyyyyy APPLE!

Amusing, eh? Behind all the 'FEEL BAD DAMMIT!' garbage is not just a silver lining. The clouds are bogus, a theatre prop. Knock them over and there is the golden sun shining on all us Mac users.


OK, sober up! Enough euphoria! We have 21 Trojans to avoid. There continue to be security flaws in Apple stuff that deserve our attention. ClamAV still needs to further catch up with Mac malware. Mac OS X is not perfect, never will be. Be attentive.

For my next article I intend (for whatever that's worth) to provide another monthly summary of Mac OS X security patches. Bring your caffeine.

:-Derek
~~~~~~

BONUS EUPHORIA: SNOW LEOPARD

If you haven't read the news, check this out:

� Snow Leopard has built-in Trojan horse MALWARE DETECTION! Its database is auto-updating! Right now it only has two Trojan signatures, yawn. But expect improvement. And no, Apple didn't stick in someone else's anti-malware engine, least of all Symantec's (gag! gag! puke!! puke!!).

� Snow Leopard installs just fine over TIGER! I thought this had to be bogus, but I've read it from several sources now and they weren't just quoting each other. It's a fact that even Apple verified. So if you don't have Leopard already, get the $29 (or $24 at some stores!) Snow Leopard disk and go to it! Well, when you're ready. There are some application incompatibilities.

� Snow Leopard is FAST! That's faster than Leopard! Bless you Apple.

� Snow Leopard is SMALLER! Saving at least 5 Gigabytes of space on your Mac appears to be normal. Ever heard of that? Try that move Microsoft.

-> But of course note that Snow Leopard is for INTEL MACS ONLY.

More on Snow Leopard in a couple weeks once I've ripped it apart, with my CLAWS.
--

CNET hits an all time low: Anti-Mac Security FUD

--
I just read:

Snow Leopard could level security playing field

My response was:

This is the most shameful article I've ever read at CNET. I've been studying and writing about Mac security since 2005. All I can say is:

Elinor: YOU'RE FIRED ! ! !

For those interested in reality:

The anti-Mac security FUD-fest was started in August 2005 by Symantec. They were attempting to sell their worst-in-class anti-malware program Norton Anti-virus to Mac users who were smart enough not to buy it. MacAfee then joined in the FUD, but reversed course when their CEO pronounced that the best way to secure your computer was to Get A Mac.

After that point most FUD has come from hackers who have done their best to whip up a frenzy surrounding flaws they found in Mac related software, such as QuickTime, WebKit and Safari. But it is fair to say that they helped track down and patch several flaws in Mac OS X as well.

Meanwhile, the only malware that has shown up for Mac are Trojan horses, currently 4 types of 17 varieties. Trojans require user failure, not computer failure, in order to be installed and do damage.

In spite of the FUD-fest, the hype-mongers have been effective in forcing Apple to get serious about security, which previously they were not. So folks like myself actually thank Dr. Charlie Miller and friends for their help making Mac OS X even more secure than it already was. I have Charlie's book and I look forward to his continued useful work, and even his FUD foisting.

It's worth noting that only highly ignorant people still tell the tale known as 'security by obscurity'. It is easily disproven by anyone who can perform math, i.e. any 4th grader.

If you'd like to read Mac security facts and suitably laugh at the FUD, you might find my personal commentary and coverage of interest:

http://Mac-Security.blogspot.com

:-Derek Currie
--

Adobe Shockwave Player v11.5.0.600 & Apple vs. Java Insecurity

--
In its recent attempt to get serious about application security, last week Adobe released Shockwave Player v11.5.0.600 for Mac. Oddly, they released the Windows version a week later. I say oddly because Mac versions of Adobe software are almost always late. It's amusing to see a swap for a change. Now if only Adobe would release the many years delayed 64 bit versions of their applications. Hint hint Adobe.

MacWorld messed up today (6/24) and reported that the Adobe security bulletin about the Windows version 11.5.0.600 of Shockwave Player had anything to do with the Mac version. So I posted a reply comment, which you'll find below. After I posted my comment I visited the Adobe site to find any news about the Mac version. There isn't any. I did however learn that Shockwave Player is compatible with Mac OS X Tiger. That's good to know. I dug around in the installer package and found nothing there as well. If you find anything relevant to Mac security improvements in Shockwave Player v11.5.0.600, please leave a comment.

Here is my comment to MacWorld regarding Adobe Shockwave Player. It is also relevant to Apple's slow poke response to Java security problems:

A couple points:

1) The Adobe Security Bulletin (it's not a blog) is specific to the Windows version ONLY, which apparently was just finished and released. The Mac version of Adobe Shockwave Player v11.5.0.600 was released a week ago on June 16th. Adobe didn't post a security bulletin for the Mac version. And that means what?!

2) bousozoku sez: "Adobe seems to be the only company slower than Apple at taking care of security concerns."

Adobe's attention to security went into deep decline until this past month.

In the meantime, Apple have been improving their attention to security exponentially over the last couple years. It appears to be in response to both the moronic anti-Apple security FUD-fest instigated by Symantec in August 2005, and the White Hat focus on Apple security bugs and vulnerabilities. As is typical with Apple, drag them through the press and they respond.

Where Apple recently fell on their face was with regards to a slew of vulnerabilities in the mess known as Java. Apple were over 6 months behind in Java patches. Sadly, Apple's incredibly slow response to Java updates is consistent. Never has Apple had a serious Java team. Of course one reason is that Apple has to do ALL the work to provide Mac OS X Java updates. Sun provides nothing.

Meanwhile, despite Microsoft's outright hatred of all things Java, to the extent that they were found guilty in court of attempting to destroy Java via their J++ monstrosity, Sun Microsystems write and provide all Windows Java updates. Microsoft never has to lift a finger. That is the single sole reason Windows gets Java updates before Mac OS X. Hey thanks Sun. Sorry you're dead.

--

Microsoft Senior Security Architect Said WHAT?!

Someone needs a good spanking and a time out for bad behavior. He's considered to be a professional computer security expert, (so it's not me!).

This afternoon I was checking out the Intego Mac Security Blog and read about interviews ZDNet Australia had done with security specialists regarding the question "Do Mac Users Need Antivirus Software?" (They got the software category wrong as usual. It's anti-malware, not 'anti-virus'. I'll go down in history as the curmudgeon who chanted this fact to the grave, and nobody cared. Poor me). So I clicked over to ZDNet OZ, read their article and watched the video, found HERE.

In the video, note the fellow in the white shirt with a British accent. That's Greg Singh from RSA. As Intego point out, Singh is incorrect to say Mac users will have to get used to the degradation in performance caused by anti-malware applications. He could be talking specifically about Symantec's Norton Antivirus for Mac, in which case no one could argue with him. He also insinuates that Apple have said Mac OS X is not susceptible to 'viruses'. Oops, I think he got his Apples mixed up. He must have meant Apple Corps, the folks who make Beatles CDs. Yeah, I'd agree that Beatles recordings are not susceptible to viruses. **snicker**

Then there's the guy in the black t-shirt and hat reading 'ULTIMATE-DEFENCE". That's Rocky Heckman from Microsoft. He has the title of "Microsoft Senior Security Architect". I was freaked at what was coming out of his mouth. First he thinks BSD is something new to Mac OS X Tiger. He was born yesterday. Then he says that because BSD is part of Mac OS X, hackers are now realizing they can write 'viruses' for it, "and there have been a couple out there." He's from the Bizarro World. There are no viruses for Mac OS X. There are only Trojans, and he knows the difference. I wrote a ripping comment about Mr. Heckman over at the ZDNet OZ site. See below.

Then there's an Australian fellow in a white striped shirt with a big pad and marker hanging around his neck. I don't know his name, sorry. His odd statement, if you listen carefully, is that anti-malware products for Mac OS X are 'immature'. Based on what information? Based on ignorance. Very strange.

OK, so where were all these incorrect people when they were interviewed? The AusCERT 2009 IT Security Conference. The mind boggles.

Here is the concerned comment I wrote to ZDNet Australia regarding the statements of Mr. Heckman from Microsoft:

Microsoft Senior Security Architect Said WHAT?!

"Microsoft senior security architect Rocky Heckman said AV became necessary when Apple in 2001 decided to underpin OS X Tiger with the BSD operating system because it made Macs an easier platform to write malicious code for."

Why did anyone ask Mr. Heckman his opinion? We certainly have no reason to care. Windows is the single LEAST secure operating system, commercial or Open Source, available on the planet.

Why Heckman's opinion is lunatic:

1) Apple didn't decide to underpin Tiger with BSD. NeXT decided to underpin NeXTStep with BSD decades ago! Mac OS X inherited it when Apple decided to make NeXTStep/OpenStep the foundation for Rhapsody, which was then developed into Mac OS X.

2) The three most secure operating systems on the planet have been repeatedly proven to be:
A) OpenBSD
B) FreeBSD
C) Mac OS X
Mac OS X incorporates elements of both OpenBSD and FreeBSD into it's core OS called Darwin OS. So what Mr. Heckman it talking about is incomprehensible. He is either a blithering idiot or is pulling a FUD manoeuvre by telling the opposite of the truth in order to fool the public that black is white, war is peace, hate is love, the usual doublespeak routine from the book '1984'. Shame on Mr. Heckman.

This has to be one of the most dishonest statements from a Microsoft executive of all time. It's running neck-and-neck with Bill Gates' moronic statement that Mac OS X is exploited everyday, when it fact it is HIS operating system that is exploited every day.

Or maybe there's lead in the water over at Redmond. (o_0)

--

Java is DANGER! Apple is SLOW POKE!

--
One of my favorite jabs at the anti-Mac security FUD mongers is to point out that their FUD attack party, ongoing since it was started by Symantec way back in August 2005, has happily prodded Apple to get serious about Mac OS X security updates. I then extend them a hearty handshake and gleefully, maniacally, laugh.

However, Mac security mavens point out that Apple is still a slow poke. Damned right! There are a couple short articles over at Intego about an ongoing security hole in the current implementation of Java in Mac OS X:
-> Apple Hasn�t Updated Java to Protect Mac Users from Critical Vulnerabilities
-> Intego Security Memo: Java Vulnerability

To defenders of the faith, such as myself, this is annoying. First off, we get to be poked by the FUD mongers with the 'see, I told you' routine. Second off, I am so sick of the corrosion that has happened to the great and shiny image in the sky of Java being this ultra-safe, can't break into your computer, can't hurt you, technology. Yeah, and Sun is now no more. Justice is served. But we're stuck with the mess as a web standard.
*rolling eyes*
--

Before: My current POV on Mac security

--
Before what? Before I read this article on Mac security:

Mac OS Xploitation
by Dino A. Dai Zovi

When (more likely than 'if') I have changed my POV after reading it, I'll post an 'After'. I find this sort of thing amusing. Consider me eccentric.

One of the places I hang out on the net is the MacEnterprise list. It is run by the Mac OS X Enterprise Deployment Project. I've cross-posted between here and there previously. Here is my post this evening to the list:

On Mar 16, 2009, at 03/16, 2:12 PM, Allan Marcus wrote:

This paper is from the author of the Mac Hacker's Handbook . It's rather scary and concludes . . .

The conclusions were fairly standard "Mac OS X is scary insecure!" stuff. Before reading the article, here was my reply:

I'm going to give it a read through as I am interested in Mac security.

But I have to give a few bits of perspective from my current POV. I know I'll get contentious arguments to the contrary, but here goes anyway:

1) This sort of article, in part, amounts to FUD (Fear, Uncertainty and Doubt). It is extremely rare to find articles with a full explorative comparison between UNIX (which is what Mac OS X actually is, legally, officially, etc), Mac OS X (meaning the other stuff Apple put on top of UNIX), Linux and Windows. Empirically, Windows is the single least secure commercially available operating system on the planet. There are plenty of people who have a stake in its success, despite this blatant problem. Therefore, it is extremely popular among them and the people who believe their con-job to FUD every other OS at every opportunity. The result is chaotic disinformation leading to stagnation, aka the status quo. I don't believe you have to take a 'political' or 'religious' stance to understand that this is the case.

2) And yet the seemingly endless barrage of FUD, initiated in August 2005 by none other than Symantec, has done nothing but *GOOD* for Mac OS X. All the FUD mongers and earnest, honest security experts out in the field have driven Apple out of their security slumber. Apple's resulting attention to Mac OS X security has increased exponentially. This is one reason I value competition in the marketplace. It keeps the competitors awake and innovative. Does this mean Apple is in high gear to make Mac OS X security impenetrable? I don't think so. But I do believe they are now serious and alert.

3) Apple's most insecure program is QuickTime. Mac OS X has its problems, but QuickTime has been Apple's security bane. If you go through the list of security fixes since December 2006, when this problem became blatantly clear over at MySpace, you'll find this assertion to be correct. Microsoft has gotten slammed for its poor multimedia code. But QuickTime has had its share of very similar problems, without getting nearly as much attention.

4) I don't care what OS you talk about. Buffer overrun problems are consistently the horror of programming to this day. I like to slam Microsoft for still using ye olde DOS memory management under the hood. But programmed memory management messes are just as prevalent everywhere else. From my limited coding education, I have to point to the now antiquated programming languages we have to use. Remember how Java was supposed to have solid memory management, among other miraculous safety features? Forget it.

5) Despite what gets thrown about in the FUD mongering chronicles, the fact remains that Microsoft have perpetrated some outrageously insecure code. Examples: JScript remains one big reason 'JavaScript' is insecure these days. ActiveX scripting is another Microsoft 'Welcome Hackers!' security hole made for the Internet. Vista is not entirely immune to either of these lousy technologies.

6) There never was such a thing as 'Security By Obscurity' for Mac. It's a total myth, and no one foisting the myth has ever presented a sane argument in their favor. Anyone can do the math. We currently have eight (8) Mac OS X Trojan horses. That is the full extent of Mac OS X malware in the wild at this moment. We have a market share that is maybe 1/10th that of Windows. So how come Windows has a massively disproportionate number of malware in the hundreds of thousands, with thousands more every year? There is something more going on here than Macs having 1/10th or less market share. That's a big 'DUH' in my estimation.


So I say, Bring On The FUD!

Despite the fact that every single piece of current Mac OS X malware requires social engineering methods to break into a Mac, that does not mean other methods are not possible. There is plenty of evidence to the contrary. There is no harm to the Mac platform whatsoever by striking fear of security breaches into hearts of its users. It just makes the platform that much stronger. Just don't go out and buy rubbish anti-malware programs from the FUD meisters. Equally, don't count on the freeware to cover your butt. For example, I've totally given up on Clam providing any relevant protection for Mac OS X. It's not happening. Instead we currently have to train users to not fall for social engineering tricks, while keeping up with security updates and watching Mac OS X relevant security news. If a time comes to use anti-malware programs for particular situations, so be it. Right now I'd turn to Sophos and Intego for the best quality solutions.

Please remember, this is just my personal limited POV. Obviously, gather in many more perspectives and make the best educated security decisions you can for your situation.

Thank you for reading my blether-fest,

:-Derek

--

Symantec Massive Booboo, Again

I suspect this post will come off as snotty. But the fact is that Symantec have consistently been the #1 purveyor of anti-Mac security FUD since 2005. They pulled another FUD attack just this past month.

As ever, FUD is used as a propaganda tactic in order to frighten people into doing your bidding. Our current USA federal executive branch is using FUD to drive a war machine for the purpose of their special interests, as opposed to the actual interests of the citizens they are supposed to be representing. Their particular FUD phrase is 'The Long War' referring to the non-existant 'war' on terrorism.

What has been Symantec's purpose? They want to sell Norton Anti-Virus to Mac users. Not surprisingly their FUD started precisely at the time when it became blatantly evident that Norton AV was one of the single most buggy applications available for Macintosh. Needless to say, Symantec's efforts so far have been rebuffed. The usual response is that Mac users are deliberately ignorant about security. In actuality I think we can all agree that Mac users will very much become knowledgeable about Mac security at such time as it proves to be of actual importance.

Payback is a bitch. And Symantec pulled quite a booboo this past week. You can read all about it here:

http://www.pcmag.com/article2/0,2704,2229576,00.asp

To quote PC Magazine:

Update: Symantec Screwup Is 'Worse Than Any Virus'
12.06.07
By Chloe Albanesius

A routine update from Symantec Security Response wreaked havoc on a California company's clientele this week when it inadvertently tagged a program produced by Solid Oak Software as a virus and cut off the Internet access of Solid Oak customers.

. . .

Solid Oak customers including schools, libraries and personal accounts, were not provided with a recovery mechanism and subsequently lost Internet access. Solid Oak did not have an exact number of those affected, but it likely numbers in the tens of thousands, according to a spokeswoman.

Customers have had to re-install entire operating systems and software, she said.

. . .

This is the third time in less than a year that Symantec's Norton products have caused severe damage to computers running CYBERsitter software offerings, said Brian Milburn, president of Solid Oak Software, in a statement. "In my opinion, Norton products are worse than any virus I can think of," he said.

"We have thousands of users with no Internet access and all Symantec has done is to provide our mutual customers with a non-functioning support number that tell them to use on-line support," Milburn added. "The problem is even worse because [it's] the holiday season. Users are trying to order gifts on-line and they can't."

. . .

The situation is "embarrassing" for Solid Oak, Solid Oak's spokeswoman said. The company has been forced to pass along to customers instructions from Symantec, but nothing is working as of Thursday, she said. "People are upset," she said.

Solid Oak received an e-mail from Kevin Haley, Symantec's director of product management for Security Response, at 11 a.m. PST Thursday but no further instructions were relayed at the original time of this story's publication, according to Solid Oak.


Happily Symantec issued a solution this Friday.

Personal blether-fest related to the subject:

As I tell everyone, we are still in 'The Stone Age Of Computing.' Software development in particular is remarkably primitive, a PITA, consistently unreliable, and still requires drastic improvements in user-friendliness. Essentially, the software development task, using the crummy tools and coding philosophies we have at this time, is well beyond the comprehension of any one human being. And as usual, once you get into the process of coding by committee, you can break up a project into pieces, but getting the pieces to all be of the same quality and getting them all to work together properly is just about impossible.

A great example to watch right now is the progress of Mac OS X 10.5 Leopard. Undoubtedly it is the best OS on the market. But new bugs are discovered every single day. It clearly is suffering from what is called the '1.0' effect where the first publicly released version of any program is not-ready-for-prime-time. Why this effect happens so consistently is a complicated matter I may discuss some other time. Suffice it to say that it is expected and eventually works itself out. But nothing is perfect.

Much as I love Mac OS X Tiger, even at the 11th revision it still has bugs. Example: Have you noticed that even in 10.4.11 you still have the icons of some of the files in a folder disappear from time to time? It is because of flaws in the Finder. You can find a freeware tool called Refresh Finder to help overcome this nonsense at:

http://www.soderhavet.com/refresh/


CONCLUSION: Every software company consistently makes mistakes. It is part of our times. But it is particularly satisfying, in a mean-spirited kind of way I must admit, when a lying, fear-mongering company like Symantec fall of their face due to their own incompetence and arrogance. Let's hope we all learn from our mistakes and learn to treat each other with more understanding and respect.