And let’s face it, even if you run Windows you don’t really need to run anti-virus either if you practice good web-habits. But with the amount of idiots running OSX on their shiny Macbooks – malware may well become a problem for the platform.

It’s not a problem right now, the stats for malicious software on Apple platforms are still minuscule compared to the threats on Windows and even on Linux.

Sophos released a free of charge Mac anti-virus product for consumers on Tuesday in a bid to highlight the growing security risk against the platform and to shake fanbois out of their complacency.

The business-focused internet security firm is making Sophos Anti-Virus Home Edition for Mac available for download at no charge – with no time limit, and requiring no registration. The technology is a cut-down version of Sophos’s pre-existing anti-virus software for Macs and will ship with detection of thousands of malware strains including Trojans and rootkits. Sophos has no plans to release an equivalent free of charge Windows anti-malware scanner.

Three well-established freebie security scanners (AVG, Avast, Avira) already exist even without considering Microsoft’s own Security Essentials software. Although commercial anti-virus packages for Macs have been sold for some time by the likes of Intego and Symantec – and more recently by Kaspersky and Panda – Sophos’s software one of very few freebie scanners for Macs available to date.

It’s a pretty interesting move from Sophos tho, business wise, as they have no plans into strong-arming users into paying for a commercial version by releasing a crappy crippled version under the guise of ‘free’ software.

Sophos has always been a company with strong technology, so even as freeware I’d expect this to be fairly capable software. There are other commercial AV systems out their for Mac – but this is the first one from a reputable vendor that is free. I mean there’s ClamAV – but in all honestly who would want to rely on that?

It’s not the first freebie scanner for Macs currently available, contrary to claims in the first version of this article. Others including, most notable, ClamAV exist.

Past threats to Mac users have included malware disguised as pirated software and uploaded onto P2P file-sharing networks, supposed video codecs that actually contain a Mac-specific Trojan horse and strains of Windows malware capable of infecting virtual installations of Windows running on a Mac.

Apple acknowledged the malware problem by integrating rudimentary protection against a handful of Mac Trojans in Snow Leopard, Sophos notes, arguing that users running its software are provided with more comprehensive protection against potential threats.

Carole Theriault, senior security consultant at Sophos, explained that while the picture is different in enterprise environments, “home Mac users aren’t protecting themselves from malware”.

Theriault admitted that Windows threats counted in their millions dwarf the number of strains of Mac malware, which can be counted in their thousands, but maintained there was a need for protection, whatever sales people in Apple Stores might say to the contrary. “We want to raise awareness,” she explained.

Either way it’s an interesting move from Sophos and we’ll have to see where it goes from here. They claim they won’t charge for it, but who knows? And will this pressure other AV vendors that have paid versions for Mac to release free versions for Home users. Much like the Windows vendors do (Avira, Avast!, AVG etc).

More on the software, together with hardware compatibility information, can be found out from a download micro-site here:

Sophos Anti-Virus for Mac Home Edition

Source: The Register

OWC (Other World Computing) is a great site for buying parts for the mac. Their prices are quite cheap if you compare prices with stores in asia. Two days back (21/2/06) they got their hands on a Macbook Pro, which they received at 10:30pm and managed to take it all apart by 1.30pm. Pictures are posted here.

Check out the stuff they have on mac related items and accessories. They now also have upgrade parts for the new Macbook Pro.

For a first timer, taking apart a mac notebook is not an easy task. They are alot of ways you can damage your mac if you’re not careful.

For a complete step-by-step procedure on how to dis-assemble any mac, check out ifixit.com guide for a complete how-to complete with pictures and the number of screws you need to take out before you can actually take something apart on a mac.

As the German IT portal heise online conveys, a new security hole in the Safari webbrowser for Apple’s Mac OS X has been discovered. This security hole is rather severe, as it invokes the execution of shell scripts under certain circumstances.

Once again the Safari option “open safe” files automatically after download bears the blame. If this facility runs across a shell script that is missing the so-called Shebang-row, the system won’t ask the user whether to execute the file automatically anymore – it’ll just execute it anyways. Unfortunately you can simply rename a shellscript without a Shebang-row to known-good filetype extensions like JPG or PNG and put that renamed script into a ZIP file – zipping as well an administrative file that’ll connect that file with the shell. A target Mac then “knows” automatically how to open that file if it receives that ZIP – it’ll take it as totally normal to execute the “jpg file” with the shell.

To circumvent this issue immediately, you can exercise two countermeasures – the first one is to disable that unsafe option in Safari, the second one is to move the terminal to another place, as the connection between shellscript and terminal has a hardcoded file path to the terminal. Additionally, you should never ever work with administrator privileges – as one should be used to with windoze, this rule of thumb has the same virtues on a Mac as well

Source: 4null4.de

A rare exploit for Mac eh, it is possible to exploit, it’s not just a theory, you can find a proof of concept here:

http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html

With a Babelfish Translation.