The Register reported yesterday on Apple’s advice that Mac users should use Anti-Virus software, well more than one peice of Anti-Virus software if Apples advice is to be followed. Well I agree, to a certain extent anyway, using two products may be a bit excessive especially as it will hit your system’s performance but I certainly think that using anti-virus software is a must.

Now contuary to what I wrote about Macs back in 2007 I do like using OS X and yes my XP laptop is looking a bit old in the tooth now and I hope to one day have enough cash to but a mac book pro (although I will use VMware or Pararells to run XP as well as OS x). I would never though run it without anti-virus software on it, what a stupid thing to do! Most Mac users that I know still think they are immune to malware and viruses, well you are not!

My mac in work has symantec anti-virus installed on it and out of curiosity I decided to take a look at the viruses that effected the mac, fair enough hardly any but I still come accross the MacOS.MW2004.Trojan and Mac.Simpsons@mm so even with these as very low risk viruses why would you want to be without anti-virus software? It escapes me!

As a daily reader of The Register website I was auite concerned when I came accross this article on a Trojanised version of WordPress doing the rounds on a fake site.

Apparently this fake site – Wordpresz.org is offering the ‘latest version’ which is apparantly 2.6.4. However the latest official version from WordPress is 2.6.3 which I upgraded two blogs to yesterday (Wednesday 5th November 2008). Although I was sure (as I always am) to double check that the download was from the official URL it didn’t stop me panicking so off I went to check on the two blogs that I had upgraded just in case.

The difference is a Trojanised version of pluggable.php and Sophos has since detected the malicious code as WPHack-A Trojan. According to posters on Craig Murphy’s Blog the Trojanised version of pluggable.php attempt to steal users cookies if you have five or more users. I should imagine further analysis pluggable.php may yeild additional code but until then watch this space!

Anyway all was well with my blogs but it does make you think always double check the URL of the links that you are clicking on. Are they what they appear to be?!

I had yet another annoying reminder this week from Mcafee telling me that I needed to pay up another £60 sharpish to renew my security centre subscription for a year. Having been messing around with linux over the past few months (Kbuntu in particular) I decided to go on the prowl looking for decent free alternatives to avoid forking out another 60 notes.

I have now uninstalled Mcafee (not that easy please read my useful Top Tips guide on my main website) and installed four separate programs…

• AVG Anti-Spyware Free Edition
• Spybot Search & Destroy
• Avira AntiVir
• Comodo Free Firewall

Although it is difficult to cover every nook and cranny having looked around the net and read various reviews I think (and I hope) that I am covering as much as possible. Oh and I had better mention that I am behind a hardware firewall as well just for good measure as I don’t believe you can always rely on software alone as unfortunately many viruses aim is to switch off such security products!

Will I ever move away from Windows totally? Well maybe one day I do use Dreamweaver most of the time and that to be honest is one of the reasons why I am still using windows, then again perhaps I should be looking at a Mac and perhaps using Wine Tools to run Dreamweaver on Linux…. Watch this space!

I was reading The Register website this morning when I came across a new Zero-day security flaw in Firefox. Although Firefox is allot safer than using Internet Explorer (6 and below and some would argue IE 7) it still comes with security concerns. All the fuss is about how FireFox handles uniform resource identifiers (URI’s) which allow FireFox to run programs found on a users PC.

This is essentially a MS Windows problem but the best step if you are not using Linux or Apple computers is to use and install the no-script extension for FireFox, I also use this excellent extension on my Linux and Mac versions of FireFox. No-Script in its simplest form no-script allows you to block sites executing javascript on your machine (it also stops cross site scripting attacks but thats not for this post!).

To install click on the No-Script link (using FireFox) and hit the install button. After a restart you will see at the bottom of your FireFox screen telling you that Javascript has been blocked.

Clicking on the options button in the yellow box will give you the option to:

• Permanently allow the site you are visiting
• Temporarily allow the site you are visiting

If you are visiting a trusted site such as this site!, google-analytics or http://www.bbc.co.uk I usually Permanently allow the site, otherwise I simply hit Temporarily allow in which case the site is allowed until I disallow it or exit FireFox.

Safe surfing!