Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

New computer, new modem nonupdated security advice needed!!!

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> General Software Discussion
View previous topic :: View next topic  
Author Message
LetsBeHopeful
Newbie


Joined: 09 Jun 2010
Last Visit: 08 Jul 2010
Posts: 7

PostPosted: Mon Jul 05, 2010 7:32 pm    Post subject: New computer, new modem nonupdated security advice needed!!! Reply with quote

I find myself not even wanting to use the internet anymore due to all this garbage to worry about.

I have a Macbook and modem on the way. The Macbook does not include the latest updates for it, including the updated version of flash which needed to be patched because of security holes. The Macbook has Snow Leopard 10.6.3 on it, while the latest version is 10.6.4 which does include some security updates and malware protection. The modem, which I'll have to set up, does not have the firewall on by default. I can turn the Macbook firewall on, but I'm not sure that will be enough protection when there is still the Adobe flash security hole to worry about, and the non-up-to-date version of Snow Leopard.

Setting up the modem can take about 5 minutes to connect. That is 5 minutes I'll be out in the open without the modem firewall turned on, and 5 minutes I'll be out in the open with an exploitable version of flash and other security issues relating to the Mac. I can't use this computer to download the updates and put them on a disc so I can install them on my Macbook before I go online. My neighbor/friend is also away until Winter.

I've tried asking around at an Apple forum, but anytime I bring up security I get maybe 1 response, and often times I'm just told I'm paranoid. I'll admit that I worry, but I'd hardly call it paranoia when the flash security hole was for both Macs and PCs, and the fact that the 10.6.4 update for Snow Leopard specifically includes security updates and anti-malware protection.

So I feel completely hopeless now. A new computer and modem are on the way and I'm afraid that just by going online I could get them infected and/or hacked. What should I do? What advice do you have?
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 02 Sep 2014
Posts: 10325
Location: sunny California

PostPosted: Mon Jul 05, 2010 8:16 pm    Post subject: Reply with quote

First of all, calm down. Please. Take a deep breath. Wink

Macs are not subject to worms, exploit and stuff that infects Windows. There is some malware for the Mac, but not much. It does not get downloaded by itself (unlike with Windows) - it requires user action. You are not going to get infected just by going online.

First thing, enable the firewall on the modem and change the password.

Second thing, download the updates for Snow Leopard.

Then update the Flash. If you do those before you go browsing around on the web, you will be fine.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 15 Jul 2014
Posts: 3913
Location: California

PostPosted: Mon Jul 05, 2010 11:40 pm    Post subject: Reply with quote

I wouldn't worry really. You don't need to open Safari to update and Flash won't be used unless you have a web browser open. Once the initial setup is done, follow the steps in the "Configuring the Application Firewall in Mac OS X v10.6 and later" section of the following Apple kbase to turn the firewall on:

Mac OS X v10.5, 10.6: About the Application Firewall
http://support.apple.com/kb/ht1810

Once that is on, go to the sharing system preference and ensure everything is off. Uncheck anything that may be checked. This is how to turn on file sharing, but it will show you how to get there:

Setting the protocol for file sharing
http://docs.info.apple.com/article.html?path=Mac/10.6/en/14107.html

Now you are ready to update. You can use either the built in Software Update or you can download the 10.6.4 combo update on another computer. If you are going to do this, then might as well download the Flash installer too.

Updating Your Software
http://support.apple.com/kb/HT1338

Select the 10.6 option
http://get.adobe.com/flashplayer/otherversions/

10.6.4 Update (Combo)
http://support.apple.com/kb/DL1048

Even if you use the combo update, still run Software Update to make sure everything is up to date.

One last thing you may want to consider is to use Little Snitch. It will greatly enhance the basic firewall for OS X and give outbound monitoring to you. Not free but might be something you are interested in.

http://www.obdev.at/products/littlesnitch/index.html
Back to top
View user's profile Send private message
LetsBeHopeful
Newbie


Joined: 09 Jun 2010
Last Visit: 08 Jul 2010
Posts: 7

PostPosted: Tue Jul 06, 2010 10:44 am    Post subject: Reply with quote

I thank you both SO SO much and hope you'll stick with me until this is all finished.

I don't have access to a computer I can use to put updates on (I'm at the library), and I've been told by my ISP that I'll be getting my new internet through that it can take about 5-10 days for the speeds to get optimized once the modem is plugged in and left on. On top of that the weather forecast for here is heavy rain, which in the past has sometimes meant that the power goes out.

If I run software update I worry that the power could go out during this time while a file is downloading and installing. Would it be safe if I went to Apple's website after I got the modem up and running, and then downloaded the installation files for whatever software update told me I needed? I'd also like to put these files on a backup CD just in case the Macbook would ever crash, but I don't know if it would be safe to go to any website, even Apple's, if I don't have the latest updates.

This is also probably a very stupid question, so please don't hate me for asking this. Can phoneline cords and ethernate cables get infected? I have a long reaching phoneline cord I'd like to use on my new modem, but I don't want to use it if that would risk infecting my modem or Macbook.

P.S.

I have to setup the modem with Safari, the non-updated version. Then when setup is complete I still get taken online, whether I like it or not. What risk am I at here?
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 02 Sep 2014
Posts: 10325
Location: sunny California

PostPosted: Tue Jul 06, 2010 6:11 pm    Post subject: Reply with quote

Phone cords and ethernet cables cannot get infected, so no need to even think about that.

If you are worried about the power going out, you could wait a few hours, or day or two if needed until the weather improves. Also you should get a battery back up/surge protector anyway. Someting like these for example:

http://www.bestbuy.com/site/APC+-+550VA+Battery+Back-Up+System+-+Black/9307788.p?id=1218081368684&skuId=9307788

http://www.amazon.com/APC-ES-COMPUTER-BATTERY-BE350G/dp/B001SA7BVC

Especially if you are in an area where the power goes out frequently. That also protects from power surges when the power comes back on, and if the power goes out, it gives you time to properly shut down the computer.

Seriously, if you follow the instructions in the links Nick gave you you will be fine.

Your Macbook cannot get infected by just opening your browser and going to Apple's site.

I see the good folks on this forum also gave you excellent advice.

http://www.mac-forums.com/forums/switcher-hangout/207281-getting-macbook-soon-questions-before-arrives.html

Including this:
Quote:
1. Don't pirate software.
2. Don't install "video codecs" that promise you the ability to view porn.
3. Don't reply to Nigerians telling you they want to send you money.
4. Don't click on suspicious URLs in emails (phishing)


The most common ways people get infected on the internet with Windows are:

Going to crack/serials sites - many run exploits
Downloading pirated software using P2P programs (like Limeware for example) and Torrents
Free porn sites - many run exploits (Windows exploits)
Browsing without keeping your system updated with Windows updates, updates to your apps like Adobe Reader, Flash, etc.
Clicking on malicious links in emails.

Some helpful information here:
http://www.onguardonline.gov/topics/computer-security.aspx
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
LetsBeHopeful
Newbie


Joined: 09 Jun 2010
Last Visit: 08 Jul 2010
Posts: 7

PostPosted: Wed Jul 07, 2010 2:09 pm    Post subject: Reply with quote

Thank you so much for continuing to put up with a newbie like me Smile


I'm very happy to hear that I can safely use the phone and ethernet cables. I don't mean to sound redundant, but will it be safe to use the same DSL filters (the things you plug into a phone jack and then plug a phone cord into the other side) that I already have? Are those not able to get infected?

I'm not sure if I remember this correctly, but I figure you might know since this is a great place for security and malware prevention. I think I remember hearing a while back that there were some modems or routers that shipped with malware loaded on them. I don't know if those were used or if this was a rare isolated incident. I don't remember if I'm even remembering right Smile. The modem I'll be getting is brand new, but when I get it should I do a hard reset, or should I just take it out of the box and start using it? Does that story ring any bells or am I just remembering things incorrectly?

I don't have the modem yet, but are there any features in general that you recommend I enable or disable to make sure a modem provides maximum protection?
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 02 Sep 2014
Posts: 10325
Location: sunny California

PostPosted: Wed Jul 07, 2010 6:07 pm    Post subject: Reply with quote

No, those plug ins are not able to be infected.

I have not seen any reports of routers or modems shipped with malware. I have seen reports of USB devices like flash drives, picture frames, external hard drives, shipped with malware, but not modems or routers.

Modems and routers are at risk IF you do not change the default password. You need to change the password right away and make it complex with upper and lower case letters, numbers and symbols (like $ * @ if you can use those). Something that you can remember but no one could guess.
Read the instructions that come with the modem, it should be helpful.

And read this:
http://answers.yahoo.com/question/index?qid=20080131153606AAjAq5f

http://www.governmentsecurity.org/articles/default-logins-and-passwords-for-networked-devices.html
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
LetsBeHopeful
Newbie


Joined: 09 Jun 2010
Last Visit: 08 Jul 2010
Posts: 7

PostPosted: Thu Jul 08, 2010 2:52 pm    Post subject: Reply with quote

I can't stress how thankful I am for your help, suzi! I've never done anything this involved and have usually had someone in person that would do it for me. I wasn't sure that I'd be able to do any of this on my own, but you have majorly helped me understand this all. I'm also not quite as terrified as I was before Smile

The Mac is here, but the modem however is not. I've been getting a little acquainted with it and so far not too bad. But I do have a question relating to the firewall.

I read the instructions in the link about using the firewall, as well as the help files on the Macbook. If I choose "block all incoming connections" the "stealth mode" box gets checked, but is then grayed out. So if I check "block all incoming connections" does that mean "stealth mode" is on or off? The box being grayed out is what confuses me.
Back to top
View user's profile Send private message
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 15 Jul 2014
Posts: 3913
Location: California

PostPosted: Sat Jul 17, 2010 3:21 pm    Post subject: Reply with quote

Enabling block all incoming connections also turns on stealth mode. You can't block all and not be in stealth mode. That's why it is frayed out.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> General Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group