Security Issues Warning List
Hello and welcome to my User Tip
This is a warning list of potential security issues you need to address.
Run your Software Update as Apple addresses issues and even installs a anti-malware system for OS X based malware.
For free anti-malware for Windows viruses that don't affect the Mac, install the free ClamXav.
1: Printers /routers may need a firmware update to prevent remote attack
Read the HP printer warning here
Samsung and Dell printers also
http://www.kb.cert.org/vuls/id/281284
Linksys/Cisco now Belkin routers
2: Java - almost always insecure
10.6 users use Software Update to get current as Apple maintains Java 6
10.7 and later users Java 7 is available from Oracle, you need to manually keep abreast of updates yourself.
https://www.java.com/en/download/index.jsp
If you don't require Java, don't use it or install it. It's been a constant source of insecurity on Mac's and PC's.
Disable Java by opening Java Preferences and uncheck all at the General pane.
Disable Java (not Javascript) in all your web browsers preferences.
You can enable Java if you have programs on your machine that use it, but disable the applet plugin and Web Start applications and disable it all browsers as that's a attack vector.
Check your installed plug-ins here
https://www.mozilla.org/en-US/plugincheck/
3: Flash browser plugin - nearly always insecure
Flash has been a constant security nightmare as well, but not as bad as Java. However so many websites use it it's almost impossible to get away from it.
Install Click2Flash for Safari, Flash Block or NoScript for Firefox to prevent Flash from always running the instant you visit a website.
This way if you trust the site, you have control to enable Flash
Check Flash version
https://www.mozilla.org/en-US/plugincheck/
Install Flash
https://get.adobe.com/flashplayer/
Install Flash help
How to install/uninstall Flash, fix problems
4: Blackhole exploit sites - bad news
The Blackhole Explit Kit is sort of a plugin for malware on compromised websites. It uses Javascript to determine your web browser and it's plugins (Flash, Java, Silverlight etc) and then tailors a exploit payload based upon the what would work best to compromise the machine.
Sites targeted for attack with this sort of kit are those who have a lot of hit traffic, usually adult content or free illegal TV shows or some other draw to get one to run their plugins to view the content. Also some of these sites may attempt you to install a update for a plugin (usually Flash) by being all friendly. They may also popup a malware warning or Flash update that looks like the real thing.
If you suspect or need to update, shut down the browser and even restart the computer, then visit trusted sites for the updates.
https://en.wikipedia.org/wiki/Blackhole_exploit_kit
Extra warning: Trick links in emails to Blackhole exploit compromised websites. Don't trust links in emails!
It's important to keep your web browser and it's plugins updated
https://www.mozilla.org/en-US/plugincheck/
Have the Google Safe Browsing enabled. If it's not being updated this is what appears in Safari preferences.
If your running Firefox, also install the free Web of Trust add-on, it's a community based malicious/reputable site warning ability.
5: "This site may harm your computer". In Google search results.
Don't be tempted to click just because you heard Mac's are secure, that's a myth, they are more resistant but not immune.
https://support.google.com/websearch/bin/answer.py?hl=en&answer=45449
6: AppStore software is 4-8 weeks BEHIND in security updates
Because of the time required to review AppStore submissions and Apple's insistence that all updates goes through AppStore, if your trusting AppStore for downloads of any third party software that connects to the Internet, your at great peril of being compromised.
For all apps that require a Internet connection, especially other web browsers, it's advised to uninstall the AppStore version and use the version directly available from the developers website if it contains a auto-update feature.
Check in System Preferences that your getting automatice updates from Apple.
7: Safari web browser is a bit too slow to receive security updates
Apple has not yet adopted a rapid update ability for Safari like Firefox, Opera and Chrome already have to keep users safer.
One should use Firefox as it's not based on Webkit, is open source code viewable by anyone, used on Linux by the smartest geeks and thus gets very rapid updates though their auto-update feature. No browser is 100% secure, however none get faster patches than Firefox in my opinion.
Chrome is a close second place due to Google spending great sums of money to try to secure and fix the flaws in Webkit, but Google is chiefly a advertising company and thus has a agenda in knowing your Internet business. Also any Google software installed installs a root level auto-updater which in my opinion is potential angle of exploitation. If a vulnerability is found in the root level auto-updater, attackers can immediately compromise the machine.
If you want to uninstall Chrome here are the instructions. You should NOT uninstall Safari, use it as a backup browser.
Uninstall Chrome: https://support.google.com/chrome/bin/answer.py?hl=en&answer=95319
Google root level auto-updater: to uninstall that (provided you have no Google software on the machine)
https://support.google.com/installer/bin/answer.py?hl=en&answer=100386
Firefox doesn't require root level permissions to auto-update, it does so in the existing permissions level the user is using either Admin or Standard User which are lower and thus safer as a exploit will likely require to ask the user for Admin password to elevate it's permissions level (alerting the user) to compromise the entire machine.
If a user is security savvy, they will maintain a Standard User for day to day uses and a Admin user for emergency uses and also backups of their user data off the machine, this way they can log into Admin user and simply delete the infected Standard User account and create another one.
To change one's Admin user to Standard, first create another Admin user in System Preferences, log into it and change the original Admin to Standard User by unchecking the ability to administer the machine.
Install NoScript into Firefox and drag a Temp Allow All button to the Firefox Toolbar for click on trusted sites.
8: WiFi and password security issues
WPA and WEP Encrypted are cracked, only WPA2(AES) with a proper password is secure
WiFi security issues, at home and WiFi hotspots
9: HTML 5 bug if exploited, fills boot hard drives in all browsers (except Firefox)
10: Malicious advertising and iFrame injection compromising browsers
Malvertisement is a growing issue, increasing 20 times over from 2010 to 2012.
Recommend Firefox + Ad Block Plus + NoScript (enable iFrame blocking) and drag a Temp Allow All button to FF toolbar to enable on trusted sites to reduce one's exposure window.
iFrame injections on compromised websites also leading to Blackhole exploit sites.
https://net-security.org/malware_news.php?id=2440
11: Driveby downloads occur mearly by visiting sites or clicking links
Enable Show Downloads Window and 'Always Ask me where to save files' in Firefox preferences
Disable "Open Safe Files" in Safari preferences.
Keep the Downloads folder empty, it's not a longterm storage as malware can be hidden there awating a click to see what it is.
This way you know a download occurs and prevent it from opening or getting on your machine unawares.
12: Outdated third party software = security risk
Not only a security risk, but some older third party software which installed a at boot kernel extension file in OS X itself becomes a problem as Apple makes under the hood changes to OS X itself for enhancements and security reasons.
It's important to check on all third party software (some check merely by opening them) and applying their updates or uninstalling them.
Many third party software contact the Internet and thus are attack vectors. Enable your OS X Firewall in System Preferences.
13: Social enginnering tricks to install malware
"Yontoo" and "TorrentHandler" is making the rounds as and it convincing users to install it as a browser plugin, the results is numerous advertising and pop up windows of advertisements in nearly all browsers.
Apple will block Yontoo for 10.6.8 and above users from installing it, but if it's on the machine already it's too late and requires removal.
Only install browser plugins from verified original source, never from a browser window or via a web site.
14: ChatZum adware trojan in fake VLC player for Mac
The REAL VLC Player for the Mac is located here:
http://www.videolan.org/vlc/download-macosx.html
And looks like this, doesn't require a installer. It's a standalone app you just drag and drop into Applications.
14: Mac.apps malware signed by a Apple developer id, bypasses Gatekeeper
http://www.2-spyware.com/news/post1855.html
Use the free Easy Find to search entire bootdrive for "mac.app", or use free ClamXav
https://www.macupdate.com/app/mac/11076/easyfind
15: InstallGenieo icon appears, do not install it
May appear simply by browsing sites, or come bundled with other software or via a fake Flash or other update. It's basically a browser hijack that if installed will redirect your search and web traffic for advertising revenue.
It requires being unisntalled and still leaves one's homepage etc., on their page. It's borderline trojan/malware that's just above being legal.
Turn off "open safe files after downloading" in Safari preferences to prevent stuff like this from mounting on your desktop.
Firefox + PublicFox add-on can prevent downloads from occuring unless a password is entered.
http://www.intego.com/mac-security-blog/another-problematic-softonic-installer-b rings-adware/
16: FBI/Moneypak ransomware
May appear simply by browsing sites, it's a Javascipt lock on your web browser only (for Macs) as far as we know at this time.
Command tab to the Finder and Apple > Menu > Force Quit the browser and if Safari hold the Shift down when launching to disable the loading of the page.
If you can search your History and report to the URL to: https://www.google.com/safebrowsing/report_badware/
To defeat this type of low level malware, install NoScript into Firefox web browser and drag a Temp Allow All button to the Firefox Toolbar for clicking on trusted sites.
17: Outdated browser popup installer
Report the two URL's in the area covered by blue to: https://www.google.com/safebrowsing/report_badware/
18: OSX.Janicab.A and other like trojan malware using Unicode right-to-left character encoding
OS X will display the typical app warning message written completely backwards to play on your confusion, do not install!
Often signed with Apple Developer ID, so it bypasses Gatekeeper warnings.