Convergence Never Happened… What Did?

During Apple’s Q2 2012 Conference Call, Apple disclosed that it had once again done far better than most industry analysts expected. Apple’s stock soared in after hours trading climbing from a closing point of $560 to over $600 per share, before 02:30PM PST.

During the conference call Tim Cook, CEO of Apple, said something that caught my attention. “…Anything can be forced to converge… You can converge a toaster and a refrigerator, but those things are probably not going to be pleasing to the userTo ‘converge’ iPad and MacBook Air, would lead to too many tradeoffs. We’re not going there. We’ll do both; making each the best they can be…”

Mr. Cook’s statements struck me as being very Steve Jobs in nature, causing me to believe he may be even better programmed by Jobs than I had previously suspected. The statement also reminded me of a period, not too many years ago, when the technology industry was extremely excited about “convergence.

The word was used, overused, abused, and misused ad nauseam. Sort of the way “sustainable” or “racism” is used today. If the word had any actual meaning, it was lost in broad and continuous misapplication. Ask any two marketing professionals what convergence meant, and you’d get two very different explanations. Everything from the decline of “old media” and the emergence of “new media,” to the merging of computers and television. Some old timers still go on about the quaint and obscure idea of “Interactive Television and convergence.” Ask any two technologists about convergence and you’d likely have gotten a frown, a snicker, or a deep sigh.

Arstechnica.com states: “Convergence refers to a trend where some technologies having distinct functionalities evolve to technologies that overlap, i.e. multiple products come together to form one product, with the advantages each initial component.

Huh?

Wikipedia.com states: “Technological convergence is the tendency for different technological systems to evolve toward performing similar tasks. Convergence can refer to previously separate technologies such as voice (and telephony features), data (and productivity applications), and video that now share resources and interact with each other synergistically.

Hmmm…

I have one old computer science professor that says, “Convergence occurs when you mix different types of media on the same cable. Data, voice, and video.”  When I point out that it’s all just bits as far as the cable is concerned, he gets a dazed look.

Technology professionals understand that talking about television merging with computers is like talking about the horse merging with the automobile, vinyl records merging with CDs, or toasters merging with refrigerators. It seldom makes sense. It seldom makes things better. You can add a web browser to a cable set-top box, but it doesn’t improve the experience of television, nor does it make the set-top box a better computer.

Instead of convergence, what drives extreme change is that functionality previously handled by one technology is shifted to and absorbed by a newer more powerful, more flexible technology. The phrase that best fits is revolution. The new technology is better, so much so that there is actually divergence from the old technology and migration to the new technology, not convergence.

Consider the smartphone. Prior to the advent of the iPhone there were a smattering of devices called smartphones. These were cellphones with a few extra abilities typically so useless and difficult to master that the abilities went unused. We were seriously thrilled if we could keep our contacts and calendars in sync. Then Apple introduced the iPhone, and revolutionized the smartphone category.

“Smartphone” is an unfortunate name because it does a poor job of describing exactly what the iPhone (and copycat products) are. In fact they are small always on, always connected computers that happen to have a telephone incorporated. Some people will argue that this is an example of convergence. In reality the computer, a more powerful, more flexible technology than the mobile phone, has absorbed the telephony function.

The iPhone introduction was a black swan event. It was so much of a revolution that companies previously at the top of the mobile device category have since found themselves pushed into financial instability and technological irrelevance by the iPhone, for example Nokia and RIM/Blackberry. Other companies completely revised product and service directions in response to the iPhone, for example Google and Microsoft.

Since those early days of “convergence euphoria” very little convergence has happened at all. What has happened is the explosive growth of the Internet and personal computers, especially where different forms of media creation and consumption are concerned.

Some people like to talk about “new media” vs. “old media.” This actually makes no more sense than convergence. There is no new media vs. old media. Moving images are still moving images. Audio is still audio. Text is still text. What has changed is how that content is generated and deployed. When we talk about ongoing radical changes in content delivery, we are not talking about technology mergers, we are talking about the overthrow of conventional methodologies. AKA, revolution.

You will sometimes hear the phrase “democratization” used in relation to technology changes. Revolutionary technology didn’t just change the methods of media creation and consumption, it also greatly widened the door of who can create and consume media. Note that “who,” in this case, encompasses where, how and why. For example, Joe the mechanic can make a video about his Porsche expertise, edit it, and upload it to Youtube, where it can be seen by millions, all from his garage, using his iPhone. The changes that allow Joe to do this are not the result of convergence, they are the result of emergence. As new, more powerful, more flexible technologies emerge, barriers are broken and new users of those technologies emerge as well.

Back in the day when I would groan about the word “convergence” I would insist that there is one technology that is going to usurp all the others. If you take a look at all the existing forms of content delivery, they are all currently shifting to a single powerful technology, namely The Internet.

Television, radio, movies, telecommunications, libraries, magazines, and books are all moving to what we now collectively refer to as “the cloud.” (While there are very specific and technical definitions for what constitutes “a cloud,” we can forget enforcing them. The word is part of the mainstream vernacular now. It will never return to a precise meaning.)

As an example of revolution vs. convergence, consider the music industry. The music industry has all but been obliterated and re-conceived due to the Internet. Who still actually purchase sCDs?  When is the last time you were in a record store? What is a record label? Does anyone care? Who actually listens to top 40 radio anymore? Most of the younger people who purchase music buy it online, if they buy it at all, and they are increasingly buying it directly from the artists online, eliminating the bloated record label infrastructure of the 20th century.

They are extracting music from YouTube videos. They discover new music via friends and social media. Some use services like Pandora, Spotify, and Soundcloud.  Sure there are purists, and one can easily argue that nothing looks or sounds as good as a well made turntable, but that’s a very small slice of the music buying public.

Television is also being revolutionized by the Internet. In response, much of the television industry is clinging to an archaic business model, literally refusing to innovate, and instead attempting to shield their largely mediocre content from the choice dictated world of The Internet.

Well good luck with that. Welcome to the always on, always connected era. If you restrict your content to a specific hour on a specific night, viewable only via pay for TV providers, guess what? Fewer and fewer people will see it. The Revolution Will Not Be Televised. (Sorry, couldn’t resist R.I.P Gill Scott Herron.)

It is well documented that children are now growing up without television. At least television as it has been known. They watch Youtube, Vimeo, all sorts of video services, including conventional television content made available on the Internet. They play games, they even, (gasp!) read. The functions previously provided by broadcast television are being replaced by the Internet. Kids can tell you where to find content, whether it’s on HULU, NetFLIX, iTUNES or Youtube, but if you ask them on which television network to find “A Person of Interest” for example, they have no idea, if they even know the program exists. Television networks are as relevant to kids as music labels.

Furthering the shift even more, HULU, NetFLIX, and Youtube as well as many others are starting to experiment with original programming. New business models are being experimented with. I often wonder why CBS, ABC, NBC, FOX, etc. haven’t created iCBS, iABC, iNBC, and iFOX? Why are they not experimenting with original content for the Internet? Why are they not making it very simple to find all of their content online for viewing? Instead we are presented with half hearted efforts.

Presumably due to byzantine licensing requirements, utterly irrational conditions like being able to watch content on my computer, but not on my iPad sitting right next to it exist. Instead of making all content available, their various websites typically offer a prosaic brochure of their banal programming.  Is it because they have the same old washed up over paid executives running the networks? Come on TV people, evolve! Bang the rocks together!

A growing number of people are doing what is known as “cutting the cable.” I.e. they are dumping their pay TV services and opting for the Internet only. These are not just young people, and not just people trying to save money. I recently dumped my pay TV service  after accepting that I was paying for a service that was off most of the time.

I was paying approximately $150 per month for cable television and Internet service. When I cut out the television portion, I was able to use the difference to boost my in home Internet service to 50Mb/s down and get a 4G/LTE Personal Hotspot with 5GB/month data cap. So by getting rid of hundreds of channels of crap, I can afford among the fastest Internet speeds available in The United States both at home and while mobile. My consumption of media has completely shifted to new technologies, most notably The Internet. For a growing number of us, television is dead, long live the Internet.

Having the Internet much more suits my preferences and lifestyle. I like science fiction, science documentaries, and spy thrillers, that sort of thing. I despise reality TV, and I have no interest whatsoever in professional wrestling. Why pay for all that bilge? Instead I watch what I want, when I want, where I want, and how I want. This is paradigm shift. This is the mindset kids are now growing up with. The idea of gathering in the living room to watch TV at a certain time is fading.

If that isn’t enough to rock the TV Industry, a growing number of people are attaching ipTV boxes to their televisions, such as ROKU and AppleTV. These devices allow you to watch content from services such as NetfFlix or Hulu on your large flat screen TV. In addition, the functionality offered by ipTV boxes will be built directly into most new televisions. It’s already started. Many models of televisions from numerous manufacturers have built in ipTV capabilities, and everyone is waiting with baited breath for Apple’s entry into this market. I wouldn’t be surprised to see a new product from some vendor that only received content from the Internet. I.e. no TV receiver or coax connection. Just an HD monitor with HDMI inputs.

It’s not just music and TV. Clearly other forms of conventional content distribution such as newspapers, magazines, books, movies, and spoken word are also shifting to the Internet, and again, there is no convergence, no “new media” just a shift to the Internet.

If there is a new media form on the Internet, it is most likely social media. The Internet is now the chief medium that people from all over the world use to communicate on a daily basis. Through social media, we actually do, “keep in touch.”

Critics of social media say that it is no replacement for true human contact, and that is absolutely true, but social media doesn’t attempt to do that. What social media does is maintain some form of contact where if it did not exist, there would be none.

With FaceBook I see a constant stream of information from old friends that I’d lost contact with simply because of the way life works. I know that one has become an insanely great photographer, especially of horses. Others have started businesses and families. One has become a beekeeper and sells her own honey. No, this is no substitute for sitting down and having a drink with these people, but it’s better than nothing, which is what life normally leaves you with. So while some scoff, I submit the Internet is bringing us closer, actually keeping us connected.

I’m self employed. I live and work out of a loft in Downtown Los Angeles. On most days my commute is from bed to the sink to make coffee, and to my desk. It is possible for me to go weeks without seeing anyone I actually know. Most of my communications with  friends, associates, and clients are electronic. Were it not for the Internet, my lifestyle would not be possible. One of the things I miss however, is work chatter.

Twitter has taken the place of the proverbial water cooler for me. While I keep track of friends with Facebook, I monitor ideas with Twitter and for that matter Google+. Using Twitter and Google+, I follow people I wish I knew. I monitor the fleeting thoughts and notifications of people I consider to be important to my career and my view of the world. I follow people I find interesting. Twitter is the ultimate water cooler, and actually the ultimate news aggregator.

Social media isn’t completely new. There were of course the bulletin board systems, chat rooms, and message boards of the past, but they never reached the level of general acceptance that systems such as Twitter, FaceBook, Pinterest, Tumblr, or Instagram have. People are using these new systems not just as a new form of telecommunications, but as a method of documenting and sharing their daily lives.

Back to Apple.

If you’ve followed our favorite tech company over the years, you might’ve noticed something. Apple tends to periodically create technology revolutions. When they approach a product, they don’t look for someway to mash technologies together, or converge them. They look at the existing technology and determine that there is room for something newer, more powerful, and more flexible.

Apple’s run to the top of their game started with the introduction of the iPod. With the iPod Apple leveraged a new technology for music distribution. iTunes.

Recognizing that demand for mobile access to the “real” Internet with a full blown hand held computer was rising, brought about the iPhone.

Their most recent revolution, the iPad, is not a result of convergence, but a desire to create a device that allows people to do most of the daily things they do on the Internet in a better way than conventional computers previously allowed.

Each of these new technologies offered a newer, more powerful, more flexible way to use the Internet. This is one reason to believe that the next new innovation from Apple will be the much rumored Apple Television. In order for a new television to succeed, it’s going to have to provide an advanced and highly compelling new human interface as well as overcome the stagnant television industry business models discussed earlier. This new television is going to have to be more powerful and flexible, leverage the heck out of the Internet, and absorb the functions previously handled by conventional televisions. It will likely be a computer first, but offer a paradigm shift for gathering content from around the Internet. I’m betting it will be smart enough to simply say, “Record Entire Season of Person of Interest” to and it will do it, without you worrying about what network it’s on. The only question that remains is will CBS be smart enough to allow it to do so?

Apple Release JAVA Update – Removes FLASHBACK

SIX HUNDRED THOUSAND UPDATE:

Earlier this evening Apple released a new JAVA update for OS X 10.6 and 10.7. All JAVA users are advised to apply this update. Apple continues to aggressively work to dismantle the FLASHBACK botnet with the assistance of Internet Service Providers.

The Update information can be found here:

http://support.apple.com/kb/HT5242?viewlocale=en_US&locale=en_US

The update can be applied by using Software Update.

Java for OS X Lion 2012-003.

Summary

This Java security update removes the most common variants of the Flashback malware.

Products Affected

Java, Product Security, OS X Lion, Mac OS X v10.6

This Java security update removes the most common variants of the Flashback malware.

This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.

Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion.

This update is recommended for all Mac users with Java installed.

SIX HUNDRED THOUSAND

Last week a Russian computer security firm called “Dr. Web” reported a botnet of more than 600,000 Macs. In other words, based on Dr. Web’s findings, more than half a million Macs had been compromised by hostile software. Never mind the fact that “Russian Computer Security” is an oxymoron of sorts, this kind of security breach is unprecedented for the Macintosh platform.

A botnet is a network of compromised computers. Botnets can be ordered to do all sorts of destructive and disruptive things. They can be directed to gather personal and private information from infiltrated computers. They can be directed to send out endless spam. They can be directed to overload a specific website with spurious traffic, effectively bringing the site down. Such attacks are called DOS or Denial of Service attacks. Botnets are a very serious network security problem and until last week they seemed to be a Windows only issue.

Then out of the clear blue, an obscure Russian security firm discovers a rather substantial Mac botnet concentrated in the United States, but with slaves in several other countries. Bizarre to say the least. If I were Judy Dench, I might be inclined to pick up a secure line and say, “007, get off your well formed misogynistic ass and find out how the entire world missed the formation of a 600,000 strong botnet, except for a Russian security firm. Oh, and try not to kill too many people.”

The 600,000+ Macs were infiltrated by a recent variant of the FLASHBACK Trojan Horse. FLASHBACK has been around since September of 2011. As it has been detected, so has it frequently been updated. The initial FLASHBACK intrusion method was based on “social engineering.” In other words, the user was hacked, not the computer. The good thing was that if people noticed there was something out of the ordinary with the fake FLASH installer (situational awareness), they probably didn’t surrender their passwords and thus the FLASHBACK trojan was blocked. If the user did hand over their password the Trojan would proceed to release its payload into the victimized computer. This latest variant of FLASHBACK is different.

Instead of tricking the user into handing over a password, it exploits a security flaw in JAVA. It still attempts to acquire a privileged password, but it does not require it to compromise the machine. It was a bad flaw in JAVA.

JAVA is a programming language originally created by Sun Microsystems. JAVA programs execute on any computer that runs a JVM or “JAVA virtual machine.” Normally a program written for a Windows computer will not execute on a Macintosh and vice versa, however a properly written JAVA program is capable of executing on either.

Consequently, JAVA presents a challenging security problem in that it allows renegade programmers to create software that can elude standard system security measures. Running JAVA on a computer is a risk, however most people feel the benefits far outweigh the risks.  JAVA is now owned by Oracle since Oracle acquired Sun. JAVA is the chief programming language for Android devices.

Oracle doesn’t directly deliver Macintosh JAVA. Apple retains responsibility for delivering all patches and updates. I suspect that Apple does this because they’re unwilling to let a 3rd party be responsible for such a large security issue.

Once the target computer has been compromised, it essentially becomes a sleeper agent. The previously trusted computer is now part of an Internet based ring of malevolence, and most likely the owner has no idea.

It is interesting to note that this new version of FLASHBACK is not a virus, not a worm and it is not exactly a Trojan either. Nor is it a rootkit. It’s got elements of all of these things. The initial exploit is much more analogous to a “booby trap,” or “land mine.” It is important to understand the differences when judging the relative security of Macintosh vs. competitive systems.

{
See: What is a computer virus?
See: What is a computer worm?
See: What is a trojan horse?
See: What is a rootkit?
See: What is social engineering?
See: What is a Botnet?
See: What is a payload?
}
In order for the new FLASHBACK to seize control of your computer, all that is necessary is that you simply visit a website that has been compromised. So in effect, the creators of this malicious software lay traps by hacking websites on the Internet. These are not necessarily disreputable websites either. Websites as benign as dlink.com were reportedly booby trapped.

Actually I think a new analogy is in order here. To me this thing seems to lay in wait like eggs from an “Alien” movie. When you visit a hacked website, the alien delivery mechanism jumps out onto your computer’s face and shoves its virtual phallus down your computer’s throat and delivers its payload into the guts of your system. Subsequently you might think you’re ok, but you’re compromised. This thing is now set up inside of your computer, waiting for instructions. In the parlance of gamers worldwide, “You just got owned.”

Once in your system, the FLASHBACK malware uses a date based algorithm to generate a domain name. This has been done before with the old Windows Conflicker worm, but it’s no less impressive. The FLASHBACK malware then attempts to communicate with the generated domain name. If it fails, it just lays in wait, like a Russian Sleeper Agent. Did I say Russian?

If the master of the botnet decides to do something with his botnet, he will arrange for the generated domain to be available. He will have a server running to provide the sleeper agents with instructions. Pretty slick. If only these digital sociopaths would used their powers for good.

To sum it up, there are several aspects to this intrusion. First websites are hacked. Next when users visit a hacked website, their computers are compromised due to an exploitable flaw in JAVA. Finally, compromised computers become sleeper agents for the hostile botnet.

Sadly the spread of the FLASHBACK “ALIEN” could have been prevented or at least significantly mitigated. A patch was sent out by Oracle, the people who now own JAVA, back in February of this year.

Apple had all that time to get their version of JAVA patched and delivered. Instead they did nothing. Apple is notorious for dragging their feet this way when notified about security problems. Only after the 600,000+ impregnated Macs were reported did Apple put out the patched version of JAVA.

This week, Apple has indicated on their website that they will be delivering a FLASHBACK ALIEN detector and repair tool. “FLASHBACK Alien” is my terminology, Apple simply refers to it as FLASHBACK.

See: Apple’s “About Flashback malware

And… Apple is pissed.

Not only are they taking overt action against the malware, they are going after the creators using the only thing more scary that viruses, trojans, worms, and rootkits; Lawyers. On their website, Apple states: “Apple is working with ISPs worldwide to disable this command and control network.” Maybe, at it turns out, another reason you didn’t want to mess with the Mac is that when you do, you’re poking a stick at a company with $100 billion in cash to play with, and a reputation worth almost as much.

In the meantime, while Apple is marshaling her technical and legal armored divisions to combat the FLASHBACK network, here are some steps you should take.

  1. Turn off JAVA in Safari and other browsers. If you use Safari, go to the Safari Menu, choose preferences, security, and uncheck “Enable Java.” If you find you need to turn it back on temporarily for some reason, remember to turn it back off afterwards. If you use Chrome, in the address bar type ‘about:plugins’ hit return then look for JAVA and disable it. If you use FireFox, go to the Tools menu and choose Add-ons. Next select the Plugins Tab. Find the JAVA Applet Plug-in and disable it.
  2. There is a small script that will check your computer for the FLASHBACK malware located at https://github.com/jils/FlashbackChecker/wiki. It’s called “FlashbackChecker 1.0.”  If it reports that your computer has been compromised, see number 3 below.
  3. There is a free Flashback/Flashfake removal tool offered by Kaspersky here.
  4. A comprehensive discussion of how it works can be found at F-Secure’s website here.

Over the last week or so, much has been written about this attack. More than a little hysteria concerning the relative safety of Macs has been written. Cliché after cliché concerning “the end of innocence” has been blogged and vlogged. I would like to point out that to the best of my knowledge, the Mac OS itself has not been compromised. Some will say I’m nitpicking, but I think it’s important to be accurate.

As such I would like to point out that Apple didn’t create JAVA, they don’t own JAVA, nor do they maintain or even install it for you. It is no longer included with the OS. So essentially to this date, Macs have only been compromised through third party software and social engineering.

Apple does retain the responsibility for distributing the Mac version of JAVA though and they need do a much better job of keeping up with updates when they come out.

I have not heard of the Mac being attacked by a WORM or a VIRUS in the wild. There are countless people out there referring to FLASHBACK as a Mac VIRUS, but as I indicated earlier, this is inaccurate.

I still maintain that from a hacking point of view, Windows is an easier target than the more robust UNIX based security of the Macintosh Operating System. Previously, when coupled with the smaller installed base of Macs out there, this made the Mac an unattractive target. A. It’s a harder nut to crack, and B. There just aren’t that many of them if you do. So from a malware developer point of view, why bother?

In order for this to remain true though, we will require more vigilance and much faster reaction times from Apple. Allowing that exploit to linger for weeks is not acceptable behavior from Apple. Apple’s culpability is only part of the equation though.

Back in May of 2011 I warned in “Mac Security, Landsharks, Social Enginering, and Situational Awareness,” that malicious people who try to compromise computers for any number of reasons are more actively targeting Macs. This is because Macs are selling like hot cakes right now, while the rest of the PC industry is in relative flatline.

This is generally great, but the consequence of Apple’s success is that Mac users no longer have a thin veil of obscurity to hide behind. It’s like hostile aliens have picked up our radio signals and they’re coming. Consequently I’m issuing the warning again.

Please read the Mac Security article if you haven’t. The gist of that article is that you, not Apple, are responsible for your safety on the Internet. It’s like driving a car. If you drive drunk and wreck your car, the manufacturer isn’t responsible. If you inadvertently hand the keys of your car over to a thief, and your car is stolen, that’s your fault. Not the manufacturer.

The truth remains that most malicious attacks typically don’t target the Mac itself. You can actually touch the weakest component in this system. Take one finger, say the index finger of either hand, and tap your head 3 times. That is the weak point so called “hackers” are targeting. They are counting on the fact that you aren’t paying attention and will click INSTALL for any old thing that asks you to, and apparently many of you will.

Here are some of the steps I take to avoid intrusions:

  1. Don’t operate your computer under a privileged account. I run under a non-privileged account. If something manages to get into my machine, it will find it’s under a standard username without significant capabilities. If I need to install software, I give the installer a privileged username and password. On client computers where I act as the IT Director, I don’t give users privileged usernames.
  2. I’ve started using anti-malware. Often still referred to by the antiquated phrase, “Anti-Virus” this is software that not only watches out for viruses, but many other forms of intrusions you might be exposed to.
    1. I also use Sopho’s free tool which can be downloaded here.
    2. I use ESET’s Cybersecurity for Mac which can be purchased here.
    3. I will NEVER EVER use Norton. Norton has always been so heavy on a system spreading crap everywhere and so difficult to remove afterwards, it’s more like malware itself than a cure. I don’t know if this has changed over the last couple years but I recommend letting someone else find out.
    4. Kaspersky Lab’s Advance Protection for Macs can be purchased here.
    5. I don’t like MacKeeper. I’d avoid that one. I don’t like the sheer bombardment of the Internet they do advertising it. I am sick to death of MacKeeper ads. It tries to be a kitchen sink tool and it makes me suspect they aren’t doing one thing well, the important thing, just lots of things half assed.
    6. Intego Mac security software can be found here.
    7. Little Snitch is a great tool. It monitors network connections on your Mac and provides an easy to manage firewall. It’s such a great little tattle tale that the FLASHBACK malware opts not to install if it finds Little Snitch on your system. When initially installed it can be annoying. It asks for permission each time an application wishes to have network access. After a while it calms down as it records your preferences. It’s also interesting to note just how many applications are chattering on the Internet without your knowledge. Even Apple’s freebie calculator application wanted to talk to Apple about something.

I seldom experience performance issues with Sophos or ESET. I’m not aware when they are running on my machines. You should only run one anti-malware package at a time.

  1. Sorry to say it, but Google’s Chrome is a better browser than Safari right now. Chrome and Safari share WebKit DNA, but lately Safari has been extremely buggy. Chrome is faster, much faster. Google has been more responsive to security issues than Apple has as well aggressively offering rewards for finding Chrome related exploits. I love Safari. I love that when I make changes to my Safari bookmarks or bookmark bar they are automatically carried across all my devices including Macs and iOS devices. Unfortunately Safari has become more of a problem as of late than a useful tool. I’m running version Version 5.1.5 (7534.55.3) which I believe is the newest.
  2. Stay away from obviously disreputable websites. If some website says it has current versions of a running television show for free, THEY’RE LYING! Obviously porn sites are bad. In addition, you can unknowingly download malicious software from pirated music, television, and movie sites. Sites that offer free iPads for answering lots of questions, etc. You can sense flakiness. Just sort of use your common sense and develop that intuition.
  3. Get rid of FLASH and get rid of JAVA. Both of these 3rd party environments allow programs to be executed. Both are often targets for hackers. Both also run on Windows so hackers that aren’t even thinking about the Mac may wind up inadvertently attacking Macs. Adobe provides tools for removing Flash here. As mentioned earlier, you can disable JAVA in Safari, but better still, go to your utilities folder, find the “Java Preferences” application, launch it, and uncheck any Java SE’s you find.
  4. Be extremely careful who you give your passwords to.
  5. Keep your system updated. Run Software Update Frequently.
  6. Don’t log into your services using public computers. I.e. don’t log into Facebook from some “cybercafe.” I notice people leave themselves logged into iCloud, FaceBook and other services at Apple stores all the time. If you log into one of your services from a foreign computer, especially one in a public place, you run the risk that the computer might have something like a key logger installed. You never know.
  7. Pay attention when using public WiFi. Make sure the WiFi you pick is actually the one for the establishment. Anyone can sit down in a Starbucks and broadcast a “Starbucks Free WiFi” SSID. From there you go to FaceBook or some other site, you get a page that looks completely legitimate, you attempt to log in and it fails. Someone now has your password.
  8. Online services that claim to make your computer run faster should be regarded with more than a little suspicion.
  9. Keep all 3rd party software on your computer updated. In particular Adobe Reader has become a favorite of hackers.
  10. Keep important files in encrypted folders. You can create password protected disk images using Apple’s Disk Utility. Apple describes how here.
  11. You can use FileVault to encrypt your entire home folder. I’m not a huge fan of this. If you lose your password and associated recovery key, you will not be able to get back into your computer. Your entire home directory is encrypted.
  12. In Safari, turn off Open “safe” files after downloading. This can be found under General preferences.
  13. If you aren’t using Bluetooth accessories, make sure Bluetooth is turned off.
  14. Use Strong Passwords.

Over the last week or so I’ve looked at about 35 different Macs that I work with on a regular basis and I haven’t found a single instance FLASHBACK. The thing to take away from this if you are a Mac user or considering using a Mac, the argument of which platform is safer is irrelevant.

Consider, however, TDL-4.

The TDL-4 botnet has infected over 4.5 million Windows computers worldwide. 25% of those machines are in the United States. The botnet is growing and there seems to be no way to prevent it.

{
See: Is The New TDL-4  Botnet Really ‘Indestructible?’
See: TDL4 Rebooted

While I maintain that the Mac is relatively safer, so what? I still advise taking the same level of precautions that you would have to take if you were using Windows, and the most important precaution is building up your own situational awareness. Even if the Mac is the safest computer in the world, that doesn’t make Firefox completely safe, nor does it make FLASH safe, or even Microsoft Word.

The Internet is a hostile environment. Imagine it like the cliché old west saloon. When you walk through the doors, visually sweep the area, know who’s in there. Know the situation.