Archive for February, 2011

It’s time to protect your Mac

Saturday, February 19th, 2011

For quite some time I’ve been recommending the Macintosh for general usefulness and how it tends to have a much reduced problem with viruses and other forms of malware.  Now, however, it appears that the bad software is getting more common and they are targeting the Mac more often.

While I believe the Mac can be made much more secure than a PC more easily (and with fewer inconveniences to the user as a result), my opinion has always been that the primary security feature of the Mac is that there are fewer of them and most of the bad software targets Windows.  There have been some examples recently of malware targeting not only the Mac, but Linux as well.

Sophos has an article which details the history of malware on the Macintosh.  It’s not pretty to think how sophisticated the bad guys are getting with how they are able to target the Mac and other platforms with the same malware.  The attack vector is usually the same for all in that it tells you that you need to install some software to see a video.  The malware determines which operating system you are using and tells you to download the file which works on your computer.

I’ve recommended free antivirus software for Windows for many years.  My current favorite is Microsoft Security Essentials.  Other free antivirus is available from Avast, AVG, and Avira.  There’s also the open source ClamWin, but I don’t recommend it for most people.  Until recently, the only free option on the Mac was the open source ClamXav.  Again, I wouldn’t recommend it for most people.  Back in November, Sophos introduced a free commercial-grade antivirus for the Mac.  Like the free Windows options, it’s only available for home users for free.

Sophos is a bigger name in Europe than it is in the US.  They’ve been doing antivirus solutions for many years and I trust their product.  I’ll be putting it on my Macs at home and I recommend that you do the same with yours.

Really, you need better passwords

Friday, February 18th, 2011

Continuing from my previous post, it really is important to have different passwords for different sites.  It’s also important to have difficult to hack passwords.

Some analysis of the passwords used was done from those revealed as a result of the Gawker site hack.  This article lists the top 50 passwords used.  Many of them are pathetically easy to hack using a simple brute-force dictionary attack.  The scary one is number 11 on the list was just “0” (zero).  Seriously, a single character password?

At the bottom of that same article is a video which describes a method to create complex, difficult to hack, yet easy to remember passwords.  I recommend using a similar method to create passwords and then mixing it up a bit to make it unique for each site.  If you read the comments on the article, you’ll see how one commenter does this.  The article also mentions some of the software you can use to manage your passwords.

Again, I strongly urge you to consider what passwords you use on internet sites and to start changing them so they are unique to each site and hard to hack.

What’s your password, again?

Wednesday, February 16th, 2011

Sorry about being gone so long, but I’d taken ill and was even in the hospital for a few days as a result.  Not fun.  I’d go into detail, but that’s not the purpose of this blog.  I’m still recovering, so I might not yet be ready for daily posting, but I’ll work on it.

I read a study about password reuse between sites.  This is where users will use the same credentials to log on to multiple sites.  I know that it’s relatively common among my clients and other people I know.  The fact is, it’s just plain easier to use the same user name and password for every site.  That way you don’t have to remember what you used for individual sites.

The danger is if one of these sites is hacked and the user database is released into the wild.  In the study above, they used the databases from and to come up with their comparison.  These databases had been hacked and published for anyone to download.  Security researchers have taken the opportunity to study them for things like password reuse and the use of easy to determine passwords.

Now, if security researchers can find out passwords that were used (and which ones were reused), bad people could determine this same information and try to see what other sites can be accessed with the same credentials.  Imagine having your e-mail account used to send out an enormous quantity of spam.  Imagine your Amazon account used to buy several items.  Imagine money being transferred from your bank or brokerage account.  All this because you took the easy way out and used the same credentials to log in everywhere.

At the very least, you should be using very unique and complex passwords at financial institutions.  You should also use unique credentials at online merchants.  Forums and the like?  Probably less important so long as you don’t use the same credentials as your bank or an online merchant.

As for making passwords unique yet still easy to manage, there are many software titles out there to help manage passwords.  You could use the old standby of writing things down (just be careful as to who may have access to this).  Another common tactic is to have a base password that you add unique information for each site.  With this method, you only have to remember the one complex password and possibly the order in which you add the additional unique details.  You could even write this down without revealing your base password and not have to worry as much about someone getting a hold of this.

I strongly urge you to consider what your passwords are and where they are used.  It’s always a horrific call when I have to help a client fix this after the fact.