We Mac users may not be in the habit of checking security mailing lists and announcements but we certainly have all the tools to do so. Between Mail and Safari RSS, even those of us who do not wish to invest in any additional software of any kind can stay up to date. Here are a few favorites of mine.
- Security Announce is Apple’s security mailing list. This list has very low traffic but it will allow you to easily learn more about security updates before Knowledge Base articles are posted, checksum your updates and learn precisely what it is a certain update fixes. It is not uncommon that Mac OS X updates include security components that are not revealed in the quick summary available through the Download page so be sure to check this security-oriented list as well.
- The ClamAV virus database update list will be of particular interest if you have followed our ClamXav article. Reading this list will allow you to know whether you are protected against a virus or whether ClamAV lies behind on its Mac OS X support. Note: the bottom of the ClamXav window will tell you which Main and Daily updates are currently installed so be sure to check them against references provided by the list.
- The F-Secure weblog presents a nice overview of current online threats and viruses, including Mac OS X malware. The firm is mostly Windows-centered so there is no real commercial push for Mac users yet but they do follow Mac OS X “virus” news for their administrator clients.
- Secunia, while not perfect is a good general source for security updates and news. It requires sorting through products you never use, including those on other platforms but is a good catch-all for QuickTime, Mac OS X, Firefox, Safari and all issues. Prefer the catch-all feed to product-specific ones.
Here we go. Not much, really, just a few tips and links I recommend you check and read carefully. Also, of course, be sure to subscribe to the blog feed of the MacDevCenter as you can be almost sure one of us will post about new malware at a point or the other - plus, the MacDevCenter is just plain cool, isn’t it? German shepherds rule!
Prefer subscribing to mailing lists with a dedicated address to avoid SPAM: most archives are public and your address can easily be picked up by search engines!
Remember: good security information does not lie in the quantity of sites you read but in how well you read them and on how well you follow up on links and references they provide. Nothing in life is to be feared, it is to be understood.
I get US-CERT Cyber Security Bulletins (http://www.us-cert.gov/) emailed to me. It's also mostly Windows-centric, but does include Mac security threats. Not as up-to-the-minute as F-Secure, though.
Also there is NSA's guide to securing your mac.
http://www.nsa.gov/snac/downloads_macX.cfm?MenuID=scg10.3.1.1