Roger's Information Security Blog

A few weeks ago my officemate posted to Facebook,

I've just been told by two different Mac Geniuses that installing an antivirus software could actually make the Mac computer less secure. Unfortunately, both were phone conversations because I'm almost certain they were doing the Jedi mind trick hand motions.

As I read that, I figured this was Mac users in our company fighting our policy requiring antivirus for Macs. Certainly antivirus can slow a system. And any software can have vulnerabilities. But this wasn't about that. No this was actual honest to god responses from Apple support. My officemate wanted to know if this was official policy. So he asked for it in writing. That got him escalated to the next level where he was apologetically told it was not Apple's policy that antivirus is not necessary.

I thought of this today as Graham Cluley tweeted links to a couple video blogs from last year. Unicorns have been spotted, Malware for the Mac does exist. Now to be fair these examples are largely social engineering. Just because its not a zero day doesn't mean the systems isn't owned. Fake Codecs and Fake anti-maiware aren't the exclusive providence of Microsoft Operating Systems.

Shmoocon is this weekend. The city is starting to look like something from The Day After Tomorrow.

I live in the DC suburbs, and had considered grabbing a hotel room to take part in what has to be the crazyest Shmoo ever. The hotel rates when I checked online were lower than the Shmoo rate. But then I'd still have to pay a insane rate for hotel garage parking. And the Donner party jokes were worrying me too. I could see the hotel running out of food and everything else being closed.

I drove into Ballston on Friday. In December Metro closed the above ground stations without a lot of warning. I knew they'd do it again if snow got to 8 inches, Ballston is the last underground station on the Orange line. Metro didn't close the above ground lines until 11 pm so that move was unnecessary. The drive back from Arlington out to Clifton was fun.

Today there is no way I'm getting out, so I'm watching what I can on live streaming. I'll review my notes from yesterday and post if I can come up with anything semi-coherent.

After a fairly light December patching load, January took no prisoners.

Microsoft's patch Tuesday had just one patch, MS10-001. But they made up for that with an out of band update later in the month MS10-002. They also put out a bulletin warning about old flash installs.

Adobe and Oracle piggybacked on patch Tuesday to release updates as well. Vendors pretend its more convenient for people to get all their patches at once, but Its more about losing their own vulnerability announcements in the crowd. Adobe Reader is installed on most machines, so deploying Reader and Acrobat updates is kind of a big deal.

To keep admins on their toes, Adobe also released security updates for Shockwave and Illustrator.

Real Player kept its name in the news with a security update of its own. While it lacks its once ubiquitous presence, it is another thing to watch for.

Firefox released 3.6. Fortunately , this was about new features not security fixes.

Apple not wanting to feel left out released a mega security update rolling up multiple patches.

Wireshark 1.2.6 came out with a couple of security updates.

If you're responsible for patching in the enterprise looks like you picked the wrong month to stop sniffing glue.

For home use, I use the Secunia Personal Software Inspector in advanced mode. They are now a bit better about prompting you to exclude directories like i386 to avoid nagging you about things that aren't a problem.