TechMiso

A few months ago the programmer behind the minimal OS X text editor Smultron opted to stop development of the application. If you, like me, adored Smultron and used it as your text editor of choice this was sure to be worrisome; no updates to the many minor idiosyncrasies and no true Snow Leopard support.

Look no further as Fraise has taken over where Smultron left.

Fraise is a free text editor for Mac OS X Leopard 10.6 which is both easy to use and powerful. It is designed to neither confuse newcomers nor disappoint advanced users. It should work perfectly for a whole variety of needs – like web programming, script editing, making a to do list and so on..

Fraise has all open documents in a list with beautiful Quick Look icons to your left just like e.g. iTunes so you can easily switch between many documents – you can also choose to display them as tabs if you prefer it that way.

It appears Fraise took the source code for Smultron, which was open source, forked it and developed a new product worthy of being considered a replacement. One of the long-standing Smultron bugs – the lack of ability to make the “line wrap text” option sticky – has finally been fixed!

I loved Smultron and have made the transition to Fraise – a beautiful and exceptional successor.

Earlier this week Apple released OS X 10.6.4, an update largely aimed at fixing security vulnerabilities rather than adding new features. Sophos, an anti-virus vendor, did some digging and noticed Apple esoterically included an update to the built-in anti-malware protection to protect against a backdoor which may allow malicious attackers to obtain remote control over devices running OS X:

Although there is no mention of it that we could find in Apple’s release notes for Mac OS X 10.6.4, or the accompanying security bulletin, Apple has updated XProtect.plist – the rudimentary file that contains elementary signatures of a handful of Mac threats – to detect what they call HellRTS.

HellRTS, which Sophos products have been detecting as OSX/Pinhead-B since April, has been distributed by malicious hackers disguised as iPhoto, the photo application which ships on modern Mac computers.

Will Apple’s lack of transparency perpetuate the myth that OS X is not immune to viruses and other malware? A lot of Mac users, especially newer ones migrating from Windows to OS X, tend to believe the Mac is a more secure environment and free from the threat of malware – a thought that could not be further from the truth. When Apple quietly issues an update to the built-in OS X malware protection one has to wonder why the silence.

It is worth noting that Sophos has a business stake in this market – by Apple communicating a malware threat to their operating system, Sophos, and other anti-virus vendors, would ostensibly see an increase in sales as a result of such an admission. Is that what Apple really wants to do?

Sophos would be a direct beneficiary of Apple stating OS X is vulnerable to these threats, although their annoyance is only worth being taken with a grain of salt. However, Mac users should most definitely be made aware of the potential threats to their operating system so they can choose to take the necessary protection measures they decide are worthwhile.

Apple has released Mac OS X 10.6.4:

Apple has released Mac OS X 10.6.4, the latest update to the company’s computer operating system. As often with such updates, this release not only fixes bugs and provides optimizations for performance, but also includes a number of security fixes. 28 flaws are patched, in this update and a related Security Update 2010-004 for Mac OS X 10.5. There are fixes for both client and server versions of the software.

Looks to be a solid, worthwhile update, fixing a number of security related issues rather than adding anything overly feature rich nor exciting. If Software Update has not automatically launched and prompted for the download, you ought to do so manually and install 10.6.4 to take advantage of the mitigations for the previously known vulnerabilities.

Zulfikar Ramzan, technical director of Symantec Security Response, believes enterprising criminals conducting “business” online are more likely to target stupid users than a technical flaw in any particular operating system:

This trend has been rising rapidly over the past two years. Currently, only about 3 percent of the malicious software that Symantec encounters exploits a technical vulnerability. The other 97 percent of malware is either “piggybacking on that 3 percent,” or more likely trying to trick a user through some type of “social engineering” scheme, according to Zulfikar.

It is quite obvious criminals would target user behavior rather than exploit an OS or application vulnerability. It is exponentially easier to trick users to do things you want them to do – humans are inherently trusting creatures, which may ultimately be to our detriment.

The amount of time and money required to successfully architect and deploy an attack exploiting a technical vulnerability in an operating system or application is too expensive. The return on investment would have to be exceedingly high to be considered victorious.

This is why it is imperative people pay attention to what they do online. Everyone must take the necessary precautions to safeguard their online activities. Failure to do so may result in a compromised workstation, or worse yet – a bank account siphoning cash to an online criminal enterprise.

According to the Mac Security Blog by Intego it appears there is new spyware out in the wild targeting the Mac OS X platform:

Intego has discovered a spyware application that is installed by a number of freely distributed Mac applications and screen savers found on a variety of websites. This spyware, OSX/OpinionSpy, performs a number of malicious actions, from scanning files to recording user activity, as well as sending information about this activity to remote servers and opening a backdoor on infected Macs.

OSX/OpinionSpy is installed by a number of applications and screen savers that are distributed on sites such as MacUpdate, VersionTracker and Softpedia. The spyware itself is not contained in these applications, but is downloaded during the installation process. This shows the need for an up-to-date anti-malware program with a real-time scanner that can detect this malware when it is downloaded by the original application’s installer.

Intego also offers a sparse update with additional information about the spyware.

This should not really come as a surprise. With all the attention Mac OS X is getting these days it was only a matter of time before spyware “vendors” started targeting Mac users. I still stand by my claim that running an anti-virus application on a Mac is unnecessary at this juncture even though that is unheard of on a Windows box.

David Gelles and Richard Waters in the Financial Times on an article titled, “Google ditches Windows on security concerns” wrote the following:

The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.

“We’re not doing any more Windows. It is a security effort,” said one Google employee.

“Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,” said another.

New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. “Linux is open source and we feel good about it,” said one employee. “Microsoft we don’t feel so good about.”

Other than DoD and the financial industry, moves of this nature seem to be gaining momentum. Although Windows 7 is a far better product than Windows Vista, the newer operating system does not appear to offer any truly compelling reason to stick with the Windows platform.

That, in and of itself, is the biggest problem Microsoft faces today – increasingly shrinking relevance due to a terrible security track record and a lack of innovation. Can anyone say the same about Linux and Mac OS X?