Wednesday, October 3, 2012
Leopard security in 2012
A large majority of people still running PowerPC hardware from Apple use 10.5 Leopard as their primary OS. This is understandable since it is the final version to run on PowerPC hardware. Although it’s security technology like socket layers and sandboxing is still reasonably close to modern standards there are other areas where it is not cutting it any longer unfortunately. These would be java and flash. Java is halted at 1.5 forever on it, which is very insecure now, and flash stopped PowerPC development at version 10.1. The good news is that it is totally possible as well as beneficial to live without both on Leopard.
This is something that literally all PowerPC users on any version of OS X should do. In Leopard it’s actually very easy to disable. Simply go to the Utilities folder within Applications and open “Java Preferences.app”. Then deselect any version selected in the General pane. After this click on the Security pane and deselect “keep temporary files for fast access”. For the sake of being thorough click the “Delete Files” button at the bottom for any that may already exist.
The next and final step is to open all the browsers you use and deselect “Enable Java” which is how most word it. Although you have already disabled it at the system level this is just an extra measure so that your browsers tell sites right away not to bother with any Java. If you want to go even further you can find and delete all the files within Leopard that are Java related. This is really unneeded because as long as you have it disabled in the OS and browsers you’re fine. For those that really need Java you should look for Linux alternatives and use Java through Linux instead.
This is a technology that will likely never die because of people’s tolerance of it . PowerPC users for example should see flash as the plague and avoid it at all costs. I personally wouldn’t use it even if there were a modern secure version for PowerPC. In my opinion the flash alternatives like MacTubes or similar apps make the experience more organic at least where YouTube is concerned. You don’t have all the ads and obnoxious comments in your face nor the bad site design. It’s much more like watching a video in VLC or CorePlayer. I actually use CorePlayer to play them mostly but use MacTubes to find and get the direct resolution links for CorePlayer. This can be done with VLC also. The reason for adding these extra players in the mix is that they use even less CPU than Quicktime.
I understand there is a whole world of flash video out there besides what is on YouTube but there are many tools available for browsers that can download flash video from virtually any site. This will give you a .flv or .mp4 file which you can then play in your favorite playback app. If this still doesn’t provide a solution that works for you then you need to ask yourself an important question. What is more important, the ability to watch some online video or the health and security of your computer? If your answer is to watch the video then I really don’t know what to say other than your priorities are a bit messed up.
For the few that need flash for important things that cannot be avoided like some unfortunate education resource which uses flash then the best thing to do is buy a cheap x86 machine and dedicate it to that. That way you can run Windows or whatever OS you prefer with updated flash options. People with PowerPC Macs should never allow a flash plugin on their hard drive unless you like to live on the edge in a bad way.
The only way people can truly unburden themselves from some of the awful technology out there is to avoid it and find other methods which may not be your preference but will be secure and more importantly liberating. I use that word because when you can make your own way in the computing world without relying on all the horrible tech most people do it’s a very liberating feeling.
Leopard moving forward
Other than the java and flash shortcomings Leopard is actually quite a secure OS compared to WinXP or Vista or any Mac OS before it. The people still running Tiger or older should consider upgrading if you have a G4/G5 (no G3 support) especially if they have a Core Image capable GPU and plan on sticking with OS X a good ways into the future. As I mention in my “Leopard performance on sub-867 MHz hardware” post from August Leopard uses the CPU for Core Image rendering if it doesn’t have a capable GPU which slows the CPU down up to 30%. If you have a capable GPU then Leopard should run just as fast if not a bit faster.
Tiger and Panther were great versions of OS X but they both really lack all the advances that started in Leopard like socket layers and sandboxing. Leopard has more security built in than you could ever add to Tiger/Panther. As I mentioned in my pervious post I encourage people to use Linux also these days but for all your Mac OS needs Leopard can serve you much better. Although 10.5 is starting to lose a lot of software support it still has a much better/newer software selection. There are also 2-3 more browsers being developed for Leopard and not Tiger like SeaMonkey, Leopard Webkit and AuroraFox.
Another real advantage to Leopard is that it has a lot more unintended natural compatibility with devices from the x86 market like wifi and Bluetooth dongles and PCI expansion cards. I have x86 market gigabit Ethernet and Bluetooth dongles on both my main Sawtooth.
Whatever course any of you take in your computing journey the best security is always going to be an educated user who knows what not to do online just as well as what to do. When you combine a capable educated user with the best software situation for your hardware then you have the ultimate level of security. A good NAT router always helps also.
More on Leopard security in the future as things come up.
Other Leopard security related posts:
DigiNotar neglect on PowerPC