Secure IT Foundation

Smug Mac = Sad Mac

Posted on: September 9, 2009

Dear Mac users,

After the last post about Windows users needing to use Firefox over their default Browser called Internet Explorer, you may be feeling a little smug. Times have changed and Mac security needs nearly as much work as Windows security. All the Level 5 documents, the Risk Profile Questionnaire and Home Computer Policy, apply to you as well. If you think you are secure and the only reason why you think you are secure is that you use an Apple Mac, you are in for a shock over the next few days.

Just like Windows users, your Macs’s default browser, called Safari, is just as insecure as Internet Explorer , possibly worse at times. So all Mac users, you need to move over to Firefox as well. Don’t let a smug Mac end up a sad Mac…



5 Responses to "Smug Mac = Sad Mac"

But there’s a glaring hole in Firefox itself. Simply put, if you run as a non-admin user on OS X (which is the sensible thing to do), Firefox grays out the Check For Updates menu item, and certainly doesn’t do any automatic notification of security updates, so you can go for days, weeks or even months not even realising that an important security update has been released.

This needs fixing.

Urgently, I would suggest.

Hi Paul,

We agree, as this issue does need fixing for Firefox users today (Windows and Mac on non-admin accounts), but Firefox should be managed as part of a home security policy like the Secure IT Foundation’s Home Compuer Policy which includes patching on a regular / urgent basis. Ideally Firefox updates should just auto install for all users, but again autoinstalling software is also a risk in itself but a more managable risk than no updates!

To follow up to Paul’s query, we have raised ‘Bug 511071 – Check for updates function unavailable for non-admin users’ with Mozilla. Will let you know what happens! SB

Update: Mozilla classed it as a duplicate and merged it with ‘407875 Unprivileged users are not notified of security updates’. No news on a fix date yet… SB

Thanks for submitting ‘Bug 511071′. I note that ‘407875 Unprivileged users are not notified of security updates’ was raised in December 2007, and before that ‘Bug 318855 – “Help/Check for Updates” should not be disabled when Firefox doesn’t have write access to itself…”was raised in December 2005.

Also of interest here is ‘Bug 489139 – [meta] Increase the acceptance rate of minor updates (only 80% of Firefox users install minor version updates)’ This was based on a survey conducted by the Swiss Federal Institute of Technology (ETH) and Google Switzerland who used
Google’s server logs to monitor 75% of the world’s internet users for over a
year to see if users were installing security updates for their Web browser.

[…] Just because you are using a Mac does not make you any more secure than a Windows user in everyday life. If you think otherwise, you are a smug mac user and we know what will happen to them – sad mac. […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]


%d bloggers like this: