If you use the iOS client, you really should try this. While I’m not head over heels in love with Tweetbot, it is insanely popular for a reason. If the design doesn’t turn you off, it’s hands-down the best Twitter client available.
Have a Mac? Want to share important files securely, but don’t have the time or inclination to figure out how? Then get DropKey from WellRedApps for free on the Mac App Store until May 20. Just drag any file you want to encrypt into your menubar, and then send it to anyone in your Address Book also running DropKey. See a quick video describing how it works here.
It really couldn’t be any simpler. This app came out about a few weeks ago, and I thought about buying it. Now that it’s free, there really is no excuse if you need to protect your files.
- via The Loop
Last week brought disturbing news for the Mac community. With the advent of the Flashback Java exploit, malware made its way onto a significant portion of Macs for the first time since the late ’80s. While Flashback doesn’t signal the end of the world, it is a wake-up call of sorts and should be taken seriously by Mac users and especially Apple’s security team.
What is Flashback?
Simply put, it’s “drive-by” malware that automatically installs itself on your Mac if you visit an infected website. It only works if your Mac is running Java, which unfortunately is extremely common. Your Mac almost certainly has Java installed if you bought it before last year. It’s Java, not the Mac OS itself, which contains the vulnerability that Flashback uses to get onto your computer. Once it’s installed itself, Flashback starts scanning your web activity (presumably for usernames and passwords, etc) and sends its findings back to whoever developed it.
How do I get rid of it?
Oracle, the company that owns and produces Java, found this particular hole back in February and patched it for Windows users. Apple, however, releases its own Java updates on a much slower schedule, and didn’t offer a fix until last week. But once news started pouring in from antivirus companies about Flashback, Apple leapt into action with three Java updates, the last of which patches Java, turns it off until you actually need it, and removes Flashback from your system. The fix is available through Software Update (under the Apple menu) for Snow Leopard and Lion, so get downloading if you haven’t already. If you’re running an older version of OS X (Tiger, Leopard, or anything else), then follow the instructions here to test your Mac and uninstall Flashback. I still wouldn’t recommend running antivirus software, since Flashback is really the only Mac malware out there right now. If you really want to, ClamXav is highly reviewed.
It’s a safe bet that Java has more, as yet undiscovered, chinks in it that future malware could exploit. Due to its complex nature, Java is somewhat of a leaky ship, with a long history of security holes. If you don’t absolutely need it, consider disabling Java entirely. The latest update from Apple does this already, but go to Applications -> Utilities -> Java Preferences in the Finder to do it manually. You can also disable Java in Safari under Preferences -> Security. For Google Chrome, the process is significantly more complicated. (It’s almost like Google doesn’t want you finding too many privacy settings!)
Why is Flashback important?
Flashback is relatively tame malware, especially compared to the truly nasty stuff found on Windows. But it’s impressive that it managed to infect over 600,000 Macs within only a few weeks. That’s peanuts for Windows (there are actually more than 600,000 unique varieties of Windows malware, to say nothing of the computers they infect) but it’s about 1% of all Macs. The most widespread Windows worm in memory, Conficker, only managed to get .7% of all PCs. This gives Apple a pretty noticeable black eye, and leaves a lot of questions about how secure the Mac really is.
So are Macs going to become a virus-ridden mess just like PCs? Only time will tell, but I wouldn’t bet on it. It’s true that Mac marketshare is on the rise, and with each new gain comes added attention from hackers and cybercriminals. But Macs won’t take a majority share from Windows anytime soon, and probably never will. If you’re going to make a virus, it only makes sense to target the majority, so economics works strongly in the Mac’s favor.
That line of reasoning only works if you assume PCs and Macs are equally protected, and it’s currently unclear how exactly they stack up. As renowned Mac-cracker Charlie Miller says, “Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.” Both platforms are practically secure, though one is far more likely to be attacked.
Overall, Apple has historically been very slow to patch vulnerabilities and doesn’t seem to acknowledge the existence of Mac malware until absolutely necessary. That culture has to change soon if they are to prevent any more malware from becoming this widespread. While Apple hasn’t been very proactive with its security, I’m hopeful that Tim Cook will seize the opportunity to tighten up his company’s reaction time and focus more on securing the Mac. Tim seems more pragmatic than Steve, and I doubt he wants anything to tarnish his legacy. An explosion in Mac malware would certainly do that. To its credit, Apple has been working on Mac security for some time, introducing daily updates to its virus definitions, app sandboxing later this year, and Gatekeeper with the Mountain Lion update due this summer.
I should note that iOS has almost no security risk, and Apple is clearly heading towards an iOS future. There are a handful of theoretical exploits that can affect the iPhone, but the real-world risk is nonexistent.
So in summary: Flashback is a wide-spread threat, but Apple has taken care of it already. The real question is whether Apple can keep up with malware in the future. Their track record so far isn’t stellar, but there are some promising signs of change.
For more in-depth coverage of Flashback and some sound security advice, read this Macworld article. It’s written by Rich Mogull, probably the preeminent Mac security researcher today. (And winner of the Wealthiest-sounding Name contest, if such a thing existed.)
As I prepare to enter my Ph.D program in the fall, I’m looking at more ways to integrate my Mac into an academic workflow. The Macademic is a blog that promises to help. I’m hoping to pick up a few tricks there and find out how to best assuage the pain of MS Office.
- via MacSparky
If there was one word to describe just what is wrong with that kind of thinking, I think it would be gestalt – the idea that something is worth more than the sum of its parts. Something that rises to a new level based on how well it fits together.
This concept has always been a central tenant of design at Apple, even from the very beginning. The first Mac revolutionized desktop publishing with its optional LaserWriter since MacWrite and the printer functioned as two halves of a perfectly complementary whole. It didn’t matter that the LaserWriter cost $5,000 as long as they worked together.
Neither the Macbook Air nor the iPad are computing powerhouses, yet they accomplish much more than their bare specs might indicate. People have been installing SSDs in laptops for years, yet the setup of the Air somehow exceeds the usual amount of performance gain with only a wimpy Core 2 Duo. Apple’s attention to detail made sure to tweak the sleep mode and power consumption to make the whole system as fast and fluid as possible. Not everyone buys it, but writers and students are universally singing the praises of the computer whose initial reception in the tech world could be summed up by a “FAIL LOL” on the comment boards.
The iPad is arguably Apple’s best-selling computer, but we don’t think of it as such. It has a 1.0 ghz ARM Cortex A8 cpu, 256 mb RAM, a 9.7″ 1024 x 768 display, and no standard ports. I’m willing to bet that the vast majority of iPad owners neither cares nor even knows what those numbers mean. That’s not necessary; what the iPad does is the important part. The mass adoption by elderly and nontechnical consumers shows how little most ordinary people care.
Of course, there are always those who need a number. One of my engineering friends recently complained about the iPad commercials – “I wish they’d just tell us about the product. Give me the specs so I know what it can do!” Except of course every single iPad commercial gives us about 10 examples of what the iPad can do. It’s not about the cpu or the graphics horsepower, it’s about the whole package.
Apple has always set this up by designing its own hardware and software in tandem, so users don’t have to worry about compatibility. OS X and iOS are made to run on a very specific set of machines, so they work very well. They were the first ones to include a built-in webcam and Wi-Fi on every model. Traditional computers and iDevices are all designed to interact with each other and provide a quick and easy way to share information and obtain media. It’s all so well set up that hardly anyone notices.
The same friend recently built his parents a computer, putting in a 2.8 ghz quad-core i7, a 2tb hard drive, and 8 gb RAM, all loaded up with Windows 7 Ultimate. Based on my own parental computing experience (the concept of a desktop is surprisingly difficult,) I asked him what his parents needed all that power for. His answer? “Well, they do some photography.” I just smiled and walked away. It’s an impressive kit to be sure, but try plugging in an outdated printer or syncing an Android phone. Multiple driver installs and third-party software downloads are sure to result. Some techies love this, but I would rather use my computer than fight it.