On Jun 18, 2010, at 1:05 AM, Ed Grey wrote: > > That leads to the question I was going to ask before I saw this thread > - without new security updates, is there any reason to worry about > using Tiger on the Internet?
Almost all of the security updates involve either local privilege escalation, meaning the bad guy has to already have a local account, or involve fixes to third party software shipped with OS X (the Open source Unix stuff) which you may or may not be using. (or in both cases may not even HAVE in 10.4) As a rule, if you don't have any of the boxes checked in the sharing panel in Sharing prefs, your Mac is pretty much protected against external attacks conducted without your assistance. Moreover, if you're a typical home user, behind a NAT (such as a cable router or wireless access router, like an Airport) the bad guys can't GET to your computer from the outside; all interaction needs to be initiated from YOUR side of the connection. OS X, for all the hype that's constantly generated out there by self-serving "security" folks with an agenda or sales pitch, is a very low risk system. By design it's harder to attack and by population it's a smaller target. Anyone is vulnerable to a 'trojan horse' type attack, if you install the bad guy's back door for him you're toast; however, these sorts of attacks have been tried and don't seem to go anywhere. As I said, by design OS X is a lot safer...it's harder to attack successfully. So far the only ones seen in the wild have been found in places like warez trading and porn sites. I have never really felt insecure running a Mac wide open on the internet since the OS 8 days. The only virus infection I've EVER gotten on any of my Macs was the WDEF virus. I've taken precaustions with That was cured, permanently, by bringing a bunch of floppies to the college bookstore and getting a copy of that new-fangled OS 7 everyone had been talking about 8-) It is prudent to install the security updates; moreso if you mess around with Unix stuff on your Mac...but if you're doing that, it's kinda presumed that you are taking the requisite care to avoid getting pwned. Is the Mac un-hackable? Not in the slightest. If a sufficiently talented and motivated bad guy sets his or her sights on you, your system can be compromised. Are you vulnerable to the run-of-the mill skriptkiddy and botnet attacks? Pretty much yes. Those are all lowest-common-denominator wholesale mass attacks, based on people running bogus 'greeting cards' or 'sales orders' or the... "Your account of the email writings Storage has been delimitized due to spamattacks, please to click here and verify your dearest details. Thank you The IT Technology Mail Expediting Support Team" ...emails that supposedly come from your systems administrators or ISP, now that apparently they've been outsourced to some random email address in Romania. 95% of internet security is the purely human task of recognizing when something isn't right....like those emails: just trash 'em. They will NEVER be legitimate. Clicking on a web page should never cause an OSX permissions dialog to pop up on your computer asking for permission to install something. If it does it's either ^...@%@!#$@ Adobe with Flash 10.2.34455456.678675.456 that they updated with all fresh security holes ten minutes ago or it's malware. (There is great debate as to whether there is actually a difference.) Long story short, you're probably OK. If you use some of the underlying 3rd party technologies that are updated (Apache, various languages, other utilities, etc) and are still using 10.4 it behooves you to go get the patches from the original third parties and fix it yourself. Note, this implies that you have such expertise...if you don't, there are usually many ways to make your computer do the work. If you don't use these things, then you don't need to worry. If you are seriously concerned, go dig up the Apple security guide for 10.4, the one developed in conjunction with the NSA, and follow those directions. You'll have a secure mac, believe me.... -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/g3-5-list
