Discussion in 'Digital Darkroom' started by manuel_odabashian, Jul 18, 2015.

  1. If I wanted an imac for the main purpose of having sucurity on my
    inbox would an older one do or should I get a recent one?
  2. Where (or on what platform) is your email hosted? That will have more to do with whether or not your mail is free of malware than will your choice of desktop computer. Windows, Linux, and Mac operating systems are all - even in their most up-to-the-minute configurations - capable of allowing you to accidentally install malware if the email you've just clicked on is sufficiently sinister and well crafted and convinces you to do so. There is more malware written for the Windows platforms simply because they are so much more widely used - but Macs, of any generation, are not immune. Desktop operating systems allow you to install software, and clever enough bad guys can trick some users into doing so via a well-crafted email, period.

    Frankly, the safest way to check your email, if you don't have your mail hosted in an environment that scrubs your mail for malware on the server before you ever even see it ... is to use a walled-garden style device, like an iPad or your smart phone (more so an Apple device than an Android device - the Android environments, depending on how you have them set up, are a looser arrangement, and can give you enough rope to hang yourself). There are always trade-offs between security and power and flexibility.

    But I wouldn't buy a computer just to check email. Have your mail hosted someplace where it's well scrubbed for malware as it arrives (gmail, etc) and use a device like an iPad, if you must, to make sure that attached executables (if they get through) can't be installed and run on your email reading platform. The mail you receive and store on that device can also be freely backed up in Apple's cloud, so that if you lose or damage that tablet, everything's still available to you, up to the minute, to restore onto another device. If it's just about email, you do NOT need the most recent generation tablet, and can get perfectly good last-year's-iPads for very little ... and they'll use up less electricity and table top space than an entire desktop Mac. And ... they're portable, so you can use them elsewhere with little fuss.
  3. There are simple manouvers that improve security a little, regardless if You use imac or not. Check Your email over imap connection, use secured data exchance ssl to encrypt passwords and messages. Use password in device so no-one else has access to the device. Block remote content in html messages, unless trusted sender. Avoid programs, zipped files, pdfs and images attached in emails, unless trusted sender. Send messages in plain text and avoid attachements.
  4. Thanks guys that's interesting I am using yahoo mainly but do
    use Google mail too. Was hoping macs would magically remove
    my worries of course I knew that they were not immune but was
    hoping they would lessen my worry considerably.i have a
    smartphone but it seems to be linked to my pc which I don't want.
  5. Matt's advice about "walled garden" makes sense. - I am not very familiar with Apple stuff and would suggest any kind of undead laptop or office PC built from leftovers on your dustpan with a Linux OS and a dedicated backup drive, with a huge warning label saying that it shall never contact your image hosting machinery, as the most ideal environment. - If you want to splurge: get a modern compact low level desktop (Intel NUC for example) and invest heavily into a switch & cables set, to use it with the same screen keyboard and mouse as your imaging machine.
    I'm confident the 1st generation of CRT imacs should be able to handle emails, but I really don't know how user replacable their by now written off HDDs might be. - Opening CRT devices and messing inside of them is IMHO a stroll in the mine field, if you don't happen to be a rested and sober trained electician with all tools of the trade at hand. - They hold those nasty big capacitors that remain ready to zap you with lethal force for quite a while after unplugging.
    For safety I'd strongly recommend Linux. The advantage: it runs on no longer Microsoft supported hardware from the Win XP & earlier days. - It is also built to be pretty safe; you need a password to even isntall a regular Linux update for example and since it is an OS you aren't familiar with, you are unlikely to use it for anything important on the side. Biggest advantage: since Linux is free you can't misplace product keys original DVDs and similar annoyances needed for reinstalls.
  6. Manuel: Yahoo and Google already do a very respectable job of checking your mail for malware. Your smart phone should be (and I'm sure is) set up to connect directly the servers at Yahoo and Google to poll your mailboxes there for new mail. Your phone directly checks those mailboxes every few minutes. If you happen to use a web browser on your computer to check your mail, you're just looking at a web presentation of the very same server-side information.

    If you stick with that approach, the main thing that will keep ALL email-borne trouble from every hurting you is ... YOU. All you have to do is pay attention to file attachments and not open files you aren't expecting or don't understand. And when an email contains a link to send you off to some web site, simply examine the link before you click on it, so that fake mail from some Russian dude trying to look like your bank doesn't take you to a fake bank web site where you're then providing that Russian dude with your user ID and password. It's all about paying attention - failing to do so will present trouble of one kind or another no matter WHAT device or platform you use to check your mail. Don't buy a new computer to read email. Take the time to understand how your smartphone is connected to those mail servers, and just practice good habits when reading that very same mail on your desktop.
  7. EricM

    EricM Planet Eric

    The Apple walled garden is the easiest to breach. The evidence is everywhere and in the news weekly. The toughest walled garden is Google. The safest OS is Chrome. The safest browser is Chrome. The safest email is Gmail. Using all three by buying a $250 Chrombook and checking your Gmail, is by far the safest way to do email. And banking.
    Frankly, the safest way to check your email, if you don't have your mail hosted in an environment that scrubs your mail for malware on the server before you ever even see it ... is to use a walled-garden style device, like an iPad or your smart phone (more so an Apple device than an Android device - the Android environments, depending on how you have them set up, are a looser arrangement, and can give you enough rope to hang yourself).​

    Mat Hanon of Wired who had his Apple account hacked and the >100 Celebs on iPhones that had their private photos shared across bit torrent sites would disagree. The Electronic Frontier Foundation consistently places Apple at the bottom with data privacy and protection. Apple was the last to implement two-step verification. I found it shocking that anyone could buy $200 software (or steal from bit torrent) and point it at someone's iCloud account and have it guess passwords until success. Man-in-the-middle attacks are still a problem on both iOS and OSX. I could go on about Flash and Safari and apps with https. I just find it odd that there's so much news about Apple security when it is the least used OS. The iPhone 4s was the last iPhone we bought and instead of getting an iPhone 6, we went with Nexus 5. I'm hoping for a Windows Surface hardware bump and will be swapping it out for my MacBook Pro.
  8. Eric: You're misunderstanding the "walled garden" reference. Apple devices like iPhone, iPads, etc., make it very difficult for a drive-by process to install the sort of rogue software that makes up installed malware. Point to some examples of non-jailbroken iDevices being infected with executable malware, and we'll talk.

    The examples of people's Apple accounts being compromised are an apples/oranges issue. That's not about the content of received email being toxically able to, without little or no user assistance, install malware. That's about people selecting poor passwords and having trivially-easy-to-guess security questions/answers tied to their accounts - a vulnerability that is no different when people are equally lazy in setting up the Gmail, or Yahoo, or other accounts.
  9. EricM

    EricM Planet Eric

    For safety I'd strongly recommend Linux.​

    Me too, Jochen. The distros are built by a community and it's open source code. The brightest in the world are contributing and are able to see problems before they can be a problems for malicious gain. Not having corporations involved with my browsing and data is also a strong motivator for using Linux Mint.
  10. I would only endorse the use of Linux if one is prepared to invest the time and effort in understanding how to lock it down and operate within its complex security model. A person using a Linux desktop to check mail can absolutely be talked into installing malware on that machine just as easily as they can be talked into doing so while using a Mac or a Windows box. If that Linux box isn't kept up to date with the same steady stream of patches that one applies to Win and Mac machines, the notion that it's somehow safer is a dangerous fiction. In fact, being told it's inherently safer is usually the first step towards users assuming they don't need to take responsibility for the continual maintenance of that operating system and the software they use on it. That's the same false sense of security that Mac users used to have.
  11. Matt, have you been watching "Mr Robot" on USA network? IT folks have been saying it's the most realistic depiction of what cyber security technicians face on a daily basis.
    No Apple or Windows OS interfaces at least as I can remember, just command line with mention of Gnome and Unix systems. It's a pretty darn good show and I don't have a clue as to what the programers are talking about.
  12. Watched the first episode, Tim, and TiVo's got the rest - just haven't caught up yet. I find it to be a mixed bag. Most of what I saw on that first episode was plausibly presented, but of course it was mostly about the character development and less about real accuracy in portraying a day in the life of infrastructure protection. That subject matter is quite different than the OP's (here) question about using something fairly well bolted down to read email, obviously. The story on that show is more about the larger back end systems. Won't say more until I've seen where they're going with the story.

    Certainly the main character's personality type is plausible. The hints they're making about the "Fight Club" style economy reboot strikes me as a fantasist - but after all, it's supposed to be dystopian escapist entertainment, sort of like "Person Of Interest" in that sense. A lot of poetic license is to be expected. I was underwhelmed by their suggestion that a company the size of the "Evil Corp" they're portraying would have brought in hired guns to deal with their back-end malware attack, and that a hapless datacenter employee who appeared to have no idea what he was doing would be that huge multinational company's liaison to the pro security team. Companies that size already HAVE some of the best security people in the business on staff, and would have been all over the situation portrayed in the pilot episode, outside consultants running support or not. So, we'll see.

    But again, very different than the simple steps you need to take to safely read your own email.
  13. Thanks for the detailed responses as someone who is not
    computer literate I will try to get some help with your
    suggestions. I know someone who had problems with viruses a
    phographer and changed to a mac from pc though he may have
    had other reasons as well that's what is making me think along
    this route
  14. EricM

    EricM Planet Eric

    Point to some examples of non-jailbroken iDevices being infected with executable malware, and we'll talk.​
    I'm not sure what there's to talk about Matt when "iPhone malware" is an easy Google search and we can read about Wirelurker and Masque Attack on non-jailbroken iPhones? But jailbroken, or not, is irrelevant today. It seems every month there's a few iOS/OSX headlines in regards to https, Flash, pdf, man in the middle.
    Serious OS X and iOS flaws let hackers steal keychain, 1Password contents Researchers sneak password-stealing app into Apple Store to demonstrate threat.
    Researchers have uncovered huge holes in the application sandboxes protecting Apple's OS X and iOS operating systems, a discovery that allows them to create apps that pilfer iCloud, Gmail, and banking passwords and can also siphon data from 1Password, Evernote, and other apps.
    The malicious proof-of-concept apps were approved by the Apple Store, which requires all qualifying submissions to treat every other app as untrusted. Despite the supposed vetting by Apple engineers, the researchers' apps were able to bypass sandboxing protections that are supposed to prevent one app from accessing the credentials, contacts, and other resources belonging to another app. Like Linux, Android, Windows, and most other mainstream OSes, OS X and iOS strictly limit app access for the purpose of protecting them against malware. The success of the researchers' cross-app resource access—or XARA—attacks, raises troubling doubts about those assurances on the widely used Apple platforms.
    For the time being, the researchers told Ars, there isn't much end users can do except wait for Apple to fix the vulnerabilities. At the request of Apple, the researchers delayed disclosing their findings for six months to give developers a head start in hardening OS X and iOS against the attacks. Since reporting the keychain vulnerabilities to Apple, company engineers started using a random username to patch some of its apps, a countermeasure the researchers said is ultimately "futile."​
    In light of the vulnerabilities, users of all OSes should limit the apps they install to those that are truly needed and explicitly trusted.
    The consequences of such attacks are devastating, leading to complete disclosure of the most sensitive user information (e.g., passwords) to a malicious app even when it is sandboxed," the researchers warned. "Such findings, which we believe are just a tip of the iceberg, will certainly inspire the follow-up research on other XARA hazards across platforms.​
  15. EricM

    EricM Planet Eric

    "The exploit works with Apple-trusted executable apps that are bundled with, and are programmed to
    execute, one or more additional apps. The hack works by renaming the Apple-trusted file but otherwise
    making no other changes to it."

Share This Page