More on 3
Coverage continues of the 3 recent Mac OS X malware threats. In particular, threat 3 (the Safari vulnerability mentioned in “100,000 to 3”) is getting some good, detailed press. Check out, for instance, TidBITS analysis in their most recent issue. The coverage in general has emphasized a few points:
  1. A good part of the problem is due to the way Mac OS X associates documents with particular applications. This mechanism has evolved over the Mac’s 20+ year history, and is a bit of a hodgepodge at this point. Although the Mac’s focus on the end user has almost always resulted in much improved security, in this case, perhaps not.
  1. Misdirected user focus may have also been behind the most glaring part of the problem: the fact that Safari, by default in most systems, automatically opens what it believes to be “safe” files that it’s downloaded from Web sites. When it’s wrong (which it is because it’s been tricked in this case), bad things can happen to the user.
  1. No OS is perfect, or even close.
  1. Most importantly: At least until a better solution comes along (which may be never), you should use Safari’s General Preferences dialog (shown above) to be sure that its default opening of “safe” files is disabled. After Safari’s downloaded a file, you should then use the Finder to get information about the file and make sure it will open in an appropriate application (not, say, Terminal, which is how the current vulnerability works). More details on this whole area are available in Chapter 5, “Safe Surfing” in the  “Safe Web Browsing” section of our book.
Tuesday, February 28, 2006