Security on the mac

Discussion in 'all things UNIX' started by Dregg Heda, Nov 25, 2010.

Thread Status:
Not open for further replies.
  1. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    What kind of security precautions should I take on a mac? I tend to do some online shopping. I might consider doing some online banking. Any tips and advice?
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Nothing special. Just open your browser and go. When visiting sites where you might share sensitive info, make sure there's https:// in the address line AND the certificate is valid.

    Mrk
     
  3. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677

    like mrk said check your link and valid certificate its also good to clean your browser cache before using online translation if you use only one browser

    best is keep at least 2 different browsers one for general surfing eg firefox with no script and another one for online banking on which you only visit secure sites :)

    last the most important step if you like free games torrents p2p sharing visiting underground sites crack sites ............etc

    please dont use the same computer or at least same boot for using credit card...etc :p
     
  4. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    What would be a good browser for secure activities like shopping? Opera? Do they even have Opera for mac?
     
  5. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    203
    Firefox, Opera and Chromium are all available for Mac.
     
  6. katio

    katio Guest

    Caution with java and flash, for general and certainly "risky" browsing I'd disable them. PDF is another candidate but as long as you stick with Preview.app you should be fine. Rule of thumb for Mac security: cross platform stuff is the riskiest, and watch what you install and where you enter your admin password (Trojans).
     
  7. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Anyone have any experience with Opera on Mac. Is it any good? Is it safe for online shopping?
     
  8. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Not on Mac but it's the same. Sure Opera is available for Mac http://www.opera.com/download/

    As regards security, see here http://www.opera.com/browser/features/

    You can use it for banking without having more concerns than using say Firefox or IE.
    Wait for Opera 11 final - should be out soon. Screenshot is from Opera 11 beta which I find pretty good.

    Opera 11 security.png
     
  9. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    203
    I've used it, it's great and it's safe. You'd really like it. I've been a loyal Opera user since 2000. But right now on my Mac, I just use Firefox with the proper security configuration.
     
  10. katio

    katio Guest

    What's "safe"?
    There's the (albeit over- and often misused) marketshare argument.
    It's closed source, you can't really verify how it's designed.
    It comes with no sandboxing.
    And it runs all plugins (Flash!) with full user privileges.
    They boast about quick security updates but that doesn't tell us anything about 0days being circulated among black hats.

    Now compare with Chromium:
    It got sandboxing both for the browser, for pdfs and for flash. I don't know if that's still windows only though.
    It has seen lots of code review (open source), did well in pwn2own, Google even pays for discovered exploits and it got a considerable marketshare.

    But OS X got a native sandbox too one could maybe even use with Opera.
    There's the ironfox project that tries to do just that with firefox.
     
  11. phaedrus

    phaedrus Registered Member

    Joined:
    Aug 18, 2002
    Posts:
    95
    I don`t take any special security precautions on the Mac.
    I`m happy to use Safari for all my online transactions.
     
  12. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677

    i agree with phaedrus as long as you are a good boy you are safe even with default browser of mac


    my cousin is using IE with windows xp and NIS from 5 years now and till date he didnt get single virus.....etc on his system :D

    IE consider most venerable browser among all and so is xp 32 bit but what make safe is using internet wisely
     
  13. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Thanks for responding everyone. Does Opera still have that Unite nonsense? Even in its Mac versions?

    My issue with chrome is that it has privacy issues or atleast it used to and I dont trust the guys behind it.

    As for firefoxes safety issues vis-a-vis sandboxing, I dont think it should be too big of an issue seeing as how macs dont have any known virii in the wild. I think with macs trojans are the bigger problem.

    Anyone know any good sites which keep track of malware threats and security issues for macs?
     
  14. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Re: Unite
    All that's needed to disable can be done via opera:prefs (enter in address bar),

    In User Prefs. Unchecking "Enable Unite", saving and restarting will uncheck "Enable" under "Webserver" and will remove the Unite panel, Unite button on the status bar and the Unite entry under the tools menu.
    If ultra paranoid like me additionally Uncheck the following under Web Server:-

    'Service Discovery Enabled'
    'UPnP Enabled'
    'UPnP Service Discovery Enabled'
    'Websever Always On'
    'Webserver Used'

    Hope that is of assistance. :)
     
  15. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Thanks Ocky!
     
  16. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    203
    Hi katio!

    And thank you! I apologize for using the inferior Opera browser. I could use your superior wisdom when it comes to security issues. You know, I try and I try, but I guess I must be using the browser incorrectly since I've never been hit with any type of browser exploits from malware over the years. It could be my configuration settings I suppose. I'll guess I'll have to work on that. But I'll tell you what, I promise to keep you posted as to when I'm totally saturated with malware infections and it's all Opera's fault. Thanks again!
     
    Last edited: Nov 29, 2010
  17. katio

    katio Guest

    You've missed a thing, something like a [/s]...
    You know, sarcasm doesn't translate well over written text.

    "Opera is safe" is a very broad statement. Is it "safe to use for a desktop user on a Mac"? Yes absolutely as so far we don't see any exploits targeting it. Note I didn't say anything to the contrary above (strawman attack really).
    But it's far from a secure by design browser. When it comes to targeted attacks like in pwn2own it will fail and I'm sure you can buy a 0day on the black market any day. There aren't enough security layers in that setup. OS X has only incomplete exploit mitigation techniques, there's no sandboxing, no anti-execution, no integrity levels nor access control. A single exploitable buffer overflow error results in full user level compromise and I tell you, it's really not hard to find one in a millions of LOC C++ program.
     
  18. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    203
    hey katio!

    well, glad ya'll stopped by!

    hey, i jist did sum real 4-wheelin stuff in duh internet with muh opera, before I took off though, i made shore it wuz configured rite before I hit dat ol' pedal on duh floor,

    by golly! that ol' internet gots sum ruff roads out dare, i mean, woowee! dares all kinds of stuff ta git yor ol' scripting in a tussle, i mean, i went everywhere man, ya know, some of dem hacked sites and hacked links, i even went to one place dat sed i needed to have muh flash enabled, well, let me tell ya boy, i dont flash nobody man, cuz dat stuf can git ya arrested! dats wut happended to ol' billy boy on one of dem girly sites last week! then, i saw annuder site that sed it needs sum javascript, now wut the heck is javascript man? now dats sounds to me like sum new fangled delux coffee or sumthin', well, i'll tell ya sumthin' man, if'n i dont need it, then duh site dont need it either! dats how i look at it!

    well, i jist shut down duh ol' opera and let her cool off, well, looky there, ya know sumthin'? after all dat rock climbin' and dodging all dem snake bites and after all dat dern smoke finally lifted, i jist checked muh live malware gauge, and shore enough, by golly! it still sez empty! well, damn! i must be doin' somthin' wrong, ya tink maybe its becuz dat ol' opera is closed source? maybe its becuz it aint got no sandbox! well, i'll keep tryin' and i'll let ya know,

    oh, and sory about yer pwn2own infecshun, i done got one of doz purvenshun shots from duh doctor last month fer that.

    well, ya take care ol' buddy, and i'll see ya!
     
  19. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,121
    Location:
    Pennsylvania.
    WOT and Firefox are a good combo. :)
     
  20. katio

    katio Guest

    ParadigmShift
    Don't know what to say about your new style. It's not like I couldn't read it but I'd still prefer some proper English instead.

    Apart from that I'd also like a response to my post instead of just repeating your previous arguments. For the uninitiated it might almost look like you are actually refuting my arguments though of course you did none of that.

    pwn2own is no infection, it's a hacking competition and gives some (alberit very limited, scientifically speaking) insight on the security of a certain software configuration against a targeted attack.
    If you don't know what a targeted attack is, some characteristics:
    - they don't happen randomly, so randomly surfing the dark sides of the internet won't make you a target
    - they often do not get published (PR reasons for example, doesn't look good if your company lost customer data)
    - you might never detect that it happened, since there are only few targets it often stays under the radar and will never get added to web filters or AV and IDS definitions.

    Your security comes from disabling scripts and plugins? Doesn't help against a good targeted attack. Out of the few million LOC you'll still have hundreds of thousands doing nothing but handling html, css, tsl, urls, images and lots of other little things. You think those are now magically bug free? Look at the history of Opera advisories, while a lot depend on js or plugins being available, certainly not all exploits will be blocked that way.
    Against the usual malware sites it's very effective (though probably more than required if you use Mac as they still only drop exe's, java exploits being the only notable exception that enables cross platform drive by downloads)

    And now your message changed, it's no longer the stark "Opera is safe. Period". It's got more specific and by that more accurate: "I've never encountered any kind of malware or exploit while using Opera with JS and flash disabled". Fully agree with your new testimony.
     
  21. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    203
    10 years using Opera and zero infections. My oh my!*
    (*zero infections achieved by using various O/S and browser security configurations)

    My Opera is safe, sorry about yours.
     
    Last edited: Nov 30, 2010
  22. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    He's Wilders account might have been hacked, so it's not (Him) that is writing :ninja:
     
  23. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Sorry but this doesnt work on mac. Can someone please give me the instructions to completely disable Unite on Mac? Thanks.
     
  24. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
  25. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Thanks for this Ocky. Finally got it to work. Anyway what are the other tips and tricks to improving security and privacy on Opera? Whats Geolocations? Doesnt sound very privacy conscious imo.
     
Loading...
Thread Status:
Not open for further replies.