Friday, January 15, 2010

Intego VirusBarrier Version 10.6 Review:
Part I

Let's start with the GOOD NEWS:

Intego VirusBarrier is the only anti-malware program I can recommend for Mac OS X. Its interface and features are unmatched by any similar program. The signature updates are regular and reliable. Intego stay right up-to-date with all Mac OS X malware. The program is 100% compatible with Snow Leopard. Ignore all reports to the contrary. For Mac users who want a top notch single-user anti-malware program, this is the only one. Nothing compares, except perhaps Sophos, which is only designed for network users.

The new VirusBarrier 10.6 version adds a bunch of new security features worth the upgrade price. Some features are redundant to those already in Safari and FireFox. The reverse firewall is the only new feature I care about. Reverse Firewalls stop dead any way to zombie your Mac. They also stop all software from 'phoning home'. I've been using Little Snitch for years and love it. The reverse firewall in VirusBarrier 10.6 is not as good as Little Snitch. But it's there and it's useful.

A new single user license for VirusBarrier costs $49.95 and protects two Macs. A new family license is $69.95 and protects five Macs.The 10.6 upgrade is potentially free for those who purchased VirusBarrier 10.5 on or after November 25, 2009 through April 13, 2010. See Intego for details. Otherwise, the upgrade is $34.95 for single users. A family pack upgrade is $59.95 for protecting five Macs. Every new or upgrade license includes a year's subscription of malware signatures.

Intego also provide an occasionally useful and intelligent Mac Security Blog.

Now the BAD NEWS:

1) Accompanying the 10.6 update is a new advertising campaign that makes several wrong and ridiculous claims consisting of what is traditionally called BULL SHITE or FUD. Enjoy:
"More and more malware is discovered every day. Macintosh computers face threats from viruses, Trojan horses, worms and more."
Incorrect! There are ONLY Trojan horses for Mac OS X. Period. The End. If you believe otherwise, you've been duped.
"VirusBarrier X6, the Lowest-Priced Mac Antivirus"
No. FREE would be 'The Lowest-Priced Mac Antivirus', and there are a few of those to choose from. See below.
"... simply visiting a booby-trapped web page can compromise your Mac."
This has never happened on Mac OS X in the wild or in a 'Crack A Mac' competition without an account user providing deliberate sabotage assistance. However it 'could' happen if a JavaScript or Java security hole wasn't patched in your web browser or operating system. (Readers of my posts know what contempt I have for the state of JavaScript).

I hope Intego have brains enough to dump the false advertising before they get sued. I despise FUD and would hate to have to put Intego on a par with Symantec, the renowned masters of anti-Mac security FUD and makers of easily the worst anti-malware for Mac.

2) Yearly malware subscriptions for VirusBarrier are required and expensive. $29.95 for one year. Yikes! A two year subscription is 50% off the second year at $44.90. If you're up for renewal and are using version 10.5, you might as well upgrade to 10.6 at $34.95 and get the included one year subscription, saving yourself $25.

3) Intego outright refuse to provide a list of malware detected and removed by VirusBarrier. That's idiotic and I've directly told them so. They don't care. Instead, I follow the imperfect but useful Threats Database provided by the PC Tools site, the makers of the up and coming competitor program iAntiVirus.

4) And of course, if you turn on the Real-Time Scanner feature, expect VirusBarrier to eat your CPU. So turn it off. You don't need it unless you're dealing with LUSERs, in which case all you have to do is prevent them from having access to an administrator account and password. It's seriously that simple.


So what is VirusBarrier for? It protects you from LUSER behavior and lets you find and wipe out Windows malware you may be passing along to Windows users.

If you're a conscientious Mac user who checks the validity of all software you install, you don't need VirusBarrier to protect your Mac. There are less reliable free alternatives if you want to try them out, such as ClamXav and iAntiVirus. (Avoid MacScan, which is ultra-lame).

I'll be posting a detailed feature review in Part II after I test the new VirusBarrier 10.6.3 update.

Wednesday, January 13, 2010

Security FAIL:
When Apple Deserves A *WAKE UP!* Slap

Apple are pulling an 'Adobe'. Got a security problem? Sit on it.

Even worse, there's already a solution! So are Apple either (A) OBLIVIOUS or (B) LAZY or (C) STUPID or (D) DGAS? Any one of the above is worth a good *WAKE UP!* slapping.

Here is the story, as presented by SANS in their NewsBites newsletter, Volume 12, Number 3. (Emphasis is mine):

--Proof-of-Concept Code Posted for Mac OS X Flaw
(January 8 & 12, 2010)
Proof-of-concept exploit code for a vulnerability in Mac OS X has been posted on the Internet. The buffer overflow flaw affects versions 10.5 and 10.6 of the Apple operating system and can be exploited remotely. The flaw lies in the libc/gdtoa code in a variety of software products. Apple has known about the vulnerability for seven months, but has not fixed it yet. It has already been fixed in OpenBSD, FreeBSD, NetBSD, Google and Mozilla.

Why this inexcusable? Because Apple incorporates code from FreeBSD and OpenBSD into Mac OS X. IOW, it is almost as easy as CUT & PASTE to repair this security hole in Mac OS X.

So what does it take to kick Apple into action? Proof-of-concept code! Let's watch how quickly Apple respond.

Cranial Cogitation:
A lot of people get upset at hackers who FUD Mac OS X, myself included. The thumb-in-your-eye juvenile arrogance some hackers spew is worthy of revulsion. Nonetheless, hackers remain a critical part of the computer community. I look at hackers as part of the essential diversity of the natural world. There is no such thing as a monoculture in nature. Without diversity, any natural system immediately fails. Similarly, without hackers, computer security would FAIL.

So thank you to hackers who take their free time to demonstrate skills in order to improve our computer community. Thank you for kicking Apple in the bollocks when they need it!

The volley is to Apple...