Meeting Notes: Security
At our July meeting of the Lawrence Apple User’s Group, security was the topic for our meeting at the Signs of Life bookstore. The meeting opened with Dave Greenbaum handing out cards for people to fill out their names to be used in the drawing for the door prize. This night we had a new book on Tiger, written by Robin Williams.
Lots of news emerged in the world of Apple since the last meeting just a month ago. Steve Jobs’ announcement of Apple’s move from IBM Freescale processors to Intel seemed to cause a stir among the user-base. By 2006 Macs will have Intel processors. The concerns were if Apple computers would suddenly be susceptible to the same viruses that Windows computers fall prey to. We will discuss this more in the future, but be assured, the Windows operating system is quite different from Mac’s OSX. There are photos of the developer’s computers on thinksecret.com clearly showing an Intel motherboard inside a G5 case. iTunes released version 4.9 of the music software that included support for Podcasting, (covered in our May meeting) which is the subscription to RSS feeds of radio shows online. Apple now has that feature built in.
The iPod lineup changed with the color screen being added to all premium iPods among other pricing changes.Back-to-school shoppers can also receive a FREE iPod Mini when they purchase any PowerBook models, all iMac models, all Power Mac models, and all iBook models excluding the 12-inch iBook CD through September 24, 2005. Visit apple.com/education for more details.
We discussed education pricing, and how and where to get it.The KU Union has a store in the bookstore that students and faculty can purchase Apple product at a lower price with their school IDs.The educational pricing is also good at the Apple store on the Plaza or Bestmacs in Lawrence.
Gary Williamson entered the meeting room carrying his presentation materials for Griffin Technologies, a Lawrence-based company located at 916 Massachusetts.They have been in the computer business security field for 12 years.They have developed a product called Securikey. It comes with two USB keys that plug into a computer and can add another layer of security to your laptop or desktop computer. It runs on either Macintosh or Windows computers.
The software installs in 3 minutes, is assistant driven and “grandma proof,” as Gary described. Once installed the physical key must be in place to allow access to the computer. Extra keys are available. There are also enterprise versions for businesses. In those versions, a local administrator can program the keys for employees on site. The company is also working on a version for home computers to limit Internet access on Windows machines for kids. Visit www.securikey.com for more details about the company and their products.
Dave Greenbaum then opened up a Keynote presentation which started out with the question, “Can a Mac get a virus or spyware?” (You can download an Adobe .pdf version of this presentation at our club website, www.laugks.org).
“Currently, there is no active virus or spyware that can automatically infect OS X over the Internet.” There are several keywords in that statement that deserve particular attention. “Currently:” that could change tomorrow, “Automatically:” These files exist, but need human intervention. And “Active:” some viruses and spyware have been created in the lab.
Macs can be carriers malicious viruses and spyware. Forwarding emails that contain spyware can infect other people’s computers. MS Word documents, and attachments you can’t read that you send to PC friends. A note for the future is the recent announcement that Apple will be moving from IBM processors those made by Intel. It is Windows that gets these viruses and spyware, not an Intel processor. Apple’s move in no way should directly change the security of the Mac. Viruses and spyware for the PC will be unable to infect a Mac. If someone installs Windows on an Intel-based Mac, however, “all bets are off,” Dave said.
Which raises the question - Why do Windows PCs have these problems? First, Windows is such a big target. Secondly, the integration of browser, email and operating system means if you are inside one of those programs, you are in all of them. Eighty-six percent of viruses are transmitted via Outlook Express email.
When Windows does offer security fixes, about half are proactive, to plug potential leaks and the other half are reactive when someone finds the flaw and sends malicious code on the Internet to take advantage of that
flaw.
Why don’t Macs have these problems? When OS X was designed it is a completely separate operating system from OS9. So viruses written before that time were obsolete. OS X is based in Unix, which always had built-in security protections. The lack of relative popularity of Mac, and its smaller market share has made it a less attractive target. And the email, browser and operating system are separable. With Macs, the first and last line of defense is passwords. When a program asks for a password, you handing it the keys to your entire computer. Mac passwords can be bypassed and changed using a boot disk. Good passwords are words that are not in the dictionary. They are a combination of letters and numbers. They can have punctuation marks. Dave’s personal favorite is song titles, using the first letter of a lyric for your password. An example would be “TAYRATOOT,” = “Tie A Yellow Ribbon Around The Old Oak Tree.” There is a password assistant feature in Tiger. Click on the key in a keychain when adding an item and it gives suggestions based on length and rates it’s security level with a quality rating.
Another danger on the Internet that can affect any computer, Mac, PC, Linyx, etc., is Phishing, or when criminals make fake website that appear completely legitimate, yet steal personal information. Requests come from email to update or validate your “account,”(regardless if you have an account with those services or not.) Being on a Mac is no protection against Phishing. Sites that are often spoofed include Paypal and eBay. Often the emails have spelling errors and lack of personalization. Don’t follow any link in an email you suspect is a possible scam. Links can be highlighted, and look legitimate, but often take you to sites in other countries waiting to steal your personal information. Visit Paypal.com and spoof.eBay.com to learn more about these schemes.
Another new threat is called “Pharming,” where your isp setting is changed so that if you call up a site like Paypal.com you end up going to a non-legitimate site. It’s also called DNS poisoning. There is no protection from Pharming.
Wireless has its own security considerations. There is a technique called “War Driving” where people troll neighborhoods looking for insecure wireless networks. You are responsible for any data that travels over wireless connection that you manage. Make sure that the network is not open, and has some form of password and encryption is in use.
Lastly, we discussed, “Evil Twins.” This is where you can be looking for a wireless ISP at a public space and someone can spoof the network name, hooking you up to their computer.