Is a Beta release secure enough for e-commerce ?

Similar Messages

• I just wanted to ask if Firefox 4.0 Beta is stable enough for me to un install Firefox 3.6.13- thanks.

  I just wanted to ask if Firefox 4.0 Beta is stable enough for me to uninstall Firefox 3.6.13
  Thank you.

  I find the beta version to be very stable. If you are not sure about using beta software it would be better to wait for the official release of Firefox 4. Though no date has been set it should not be too long, possibly next month.

• Is the Oracle Database Express Edition 11g Release 2 enough for preparing for the 1Z0-051 and 1Z0-144 Exams?

  I am planning on getting certified as an OCA PL\SQL developer. I will be teaching myself and I have all the material needed to prepare.
  Except, I don't have a database that I can solve exercises on and practice commands.
  The two exams I will be taking are the :
  1Z0-051 exam: Oracle Database 11g: SQL Fundamentals I
  1Z0-144 exam: Oracle Database 11g: Program with PL/SQL
  So is the Oracle Database Express Edition 11g Release 2 is enough ?
  If it is not what other options do I have (I am running Windows 8.1) ?

  Yes -- 11gXE should be sufficient for practicing the vast majority of the skills required for those two exams.  I *think* that PARALLEL is not enabled in XE, so you could not test the functionality referred to in the "Use NOCOPY hint, PARALLEL ENABLE hint and DETERMINISTIC clause" topic of 1Z0-144.  I don't consider that to be a significant problem, however.  The material from the manual should suffice for the questions you'll see.
  As for what other options you have, you could download and install VirtualBox (free from Oracle).  You could then make a virtual machine on your Windows 8.1 machine and install Oracle Linux (free from Oracle).  You could then download and install Oracle Enterprise for Linux and install it on your virtual machine (allowable under the licensing when used for learning purposes only).  I have a similar setup on my Windows 7 laptop that I use when I absolutely have to test some feature that requires Oracle Enterprise.  Mind you, when I have the VM running on my system... it is ssssslllllloooooowwwwww because of the memory requirements.  I talk about using virtual machines as a certification aid in the following article:
  There is virtually no excuse to lack hands-on experience - CertMag

• LR beta released - new features for ACR 7

  I was just reading about the LR beta for version 4: http://www.dpreview.com/articles/7481161037/lightroom-4-public-beta-whats-new
  Although I'm not a LR user, I was excited to see the new editing features, as they will be essentially the same as the next version of ACR that will be part of PS CS6 (all guesswork on my part of course, but as Adobe has always done this previoulsy I don't think it's much of a leap of faith to make). A few features and changes that stood out for me:
  They've re-vamped the basic tools, and have a new Process Version 2012;
  Localised adjustments now allow you to adjust white balance and noise reduction;
  Curves tool allows you to work on individual RGB channels.
  This looks set to be a major upgrade IMHO.
  M

  I've been testing new features for a while
  I'm quite satisfied with a new automatic recovery procedure. Just that ... it will probably raise new posts about mismatching between camera profiles and in-camera jpegs, because when a photo has blown parts, recovery kicks in automatically. Also, in some (rare) cases I would just want to have it off ... so maybe having a whites slider with 'auto' check box or something similar would be a better solution ... Anyway, finally I can say that dealing with highlights is now even better than in Canon cameras / software, which have similar solution for at least 5 years ...
  Since R and B channel, that can be blown by WB, are now also recovered, resulting hue of blown parts is now different than with PV2003/2010. If G and B are blown, resulting hue is around 200 deg (instead 180 previously), which looks more natural for parts of blown sky. If R and G are blown, resulting hue is around 40-50 (instead 60 previously), which is ok for blown areas around sun in sunset photos etc but ... in some rare cases there can be blown foliage colors and it doesn't look particularly good when blown green turns light brown ... So a slider to deal with hue in blown parts for brush tool would be fine somewhere in the future, because painting that areas with some color doesn't produce desired result ...
  Getting rid of defaults from the past (brightness +50, contrast +25, blacks 5,. medium-contrast curve) is also nice, as it didn't make any sense with camera profiles
  I'm also glad that clarity is now usable for me, so I don't have to apply wide radius USM in PS anymore ... The same with highlight & shadows tool, that is now implemented here ... etc ...

• [ANNOUNCE] Beta Release availbe for download

  I'm very happy to announce that the JavaServer Faces 1.0 Beta Release is available for download at <http://java.sun.com/j2ee/javaserverfaces/download.html>.
  Please share your feedback here!
  Thanks,
  Ed
  JSF Staff

  I wonder whether the companies about to publish books
  on JSF were aware about
  these changes, and whether they will be postponing the
  release of their books in order
  to reflect the changes to the Specification, in case
  their work does not reflect the latest specs.
  Some of the authors are on the EG, so they will have known about the
  changes. Others are not, so they will have been as much in the dark as
  you have been until the Beta was released. What was always clear, though,
  is that there would be lots of major and minor changes and I'm sure that
  we'll be seeing more of the same (but hopefully not so major) before FCS.
  Right now the just recently published book from
  McGraw-Hill is outdated due to these changes?That could always have been foreseen. There was no secret about the fact
  that EA4 was nowhere near the final word.
  Wiley and Apress are about to release their books. I
  would like to know if the code examples
  will reflect the changes in the latest specs.
  Book publication dates that you see on Amazon and elsewhere are often based on their authors' best
  guesses at the time that they submit a proposal and are sometimes updated as the project
  progresses. In the case of JSF, I think you'll find that most of the book dates that you see now are
  probably quite fictional (no pun intended). As the author of the APress! book, I can assure you that
  its examples will be up to the latest spec and, in fact, to the FCS spec, whenever that happens and
  I would expect that to be true of all the books that are not yet published.
  Kim Topley

• Security updates for OS X Server 10.5.8?

  Hello all,
  I'm currently running OS X Server 10.5.8 on a PowerPC Mac Mini. Is Apple providing security updates for this version anymore, since it's the last one to work on PowerPCs? Is there an end-of-life chart for Apple products somewhere? If Apple is no longer providing security updates, what have those of you running servers on PowerPCs moved to? Ubuntu?
  Thanks!

  1. No.
  2. Apple typically releases security updates for the three most recent Mac OS X releases; as of now, those are Mountain Lion and newer.
  (123618)

• New Audigy Beta released today, for the driver hungry people

  Hurry in under Creative's download section and download them, if you need them.
  Please notice they don't work with all Audigy cards and may break compatibilty with the other creative applications such as the mentioned Surround Mixer, THX console and media source player. So these drivers are probably most targeted at the gaming people wanting newest available drivers...
  <EM>Notes:</EM>
  THIS IS AN UNSUPPORTED BETA DRIVER. We recommend that only experienced users install this driver.
  Make sure you uninstall the existing drivers for the audio devices listed above.
  To uninstall the existing drivers:
  Click Start -> Settings -> Control Panel.
  Double-click the Add/Remove Programs icon. The Add/Remove Programs Properties dialog box appears.
  Click the Install/Uninstall tab.
  Select the driver for your audio device and then click the Add/Remove button.</LI>
  Do not install this driver for the Creative Sound Blaster Audigy LS, Sound Blaster Audigy SE or Sound Blaster Audigy Value audio device.
  Some Creative applications such as Surround Mixer, THX Console, and Creative MediaSource? may not work properly with this beta driver.</LI>

  The full details (and filename) for this release:
  <TABLE id=Table5 borderColor=#cccccc cellSpacing=0 cellPadding=3 width=540 border=>
  <TBODY>
  <TR>
  <TD colSpan=2><B>Filename: </B><B>SBA2_PCDrvBeta_LB_2_08_0002.exe</B></TD></TR>
  <TR>
  <TD colSpan=2>Creative Sound Blaster Audigy unified series Beta driver with OpenAL support 2.08.0002 SBA2-BETAD-W-LB
  <DIV id=ShortDesc>
  This beta driver is recommended for gamers who want full OpenAL? support for their audio devices. Only the following audio devices are supported:
  Creative Sound Blaster Audigy? series, Sound Blaster Audigy Platinum series, Sound Blaster Audigy Platinum eX series
  Creative Sound Blaster? Audigy 2 series including Sound Blaster Platinum, Sound Blaster Platinum eX and Sound Blaster Value
  Creative Sound Blaster Audigy 2 ZS series including Sound Blaster Platinum and Sound Blaster Platinum Pro
  Creative Sound Blaster Audigy 4 series
  Creative Sound Blaster Audigy 2 ZS Notebook series</LI>
  <DIV id=Features>
  <EM>Added Features or Enhancements:</EM>
  Provides full OpenAL / EAX? ADVANCED HD support
  Improves performance of all OpenAL game titles</LI>
  <DIV id=Notes>
  <EM>Requirements:</EM>
  Microsoft? Windows? XP Service Pack 2 or Windows 2000 Service Pack 4
  Audio devices listed above only</LI>
  <EM>Notes:</EM>
  THIS IS AN UNSUPPORTED BETA DRIVER. We recommend that only experienced users install this driver.
  Make sure you uninstall the existing drivers for the audio devices listed above.
  To uninstall the existing drivers:
  Click Start -> Settings -> Control Panel.
  Double-click the Add/Remove Programs icon. The Add/Remove Programs Properties dialog box appears.
  Click the Install/Uninstall tab.
  Select the driver for your audio device and then click the Add/Remove button.</LI>
  Do not install this driver for the Creative Sound Blaster Audigy LS, Sound Blaster Audigy SE or Sound Blaster Audigy Value audio device.
  Some Creative applications such as Surround Mixer, THX Console, and Creative MediaSource? may not work properly with this beta driver.</LI>
  </TD></TR></TBODY></TABLE>
  Cat

• Download links for beta releases and release notes

  All
  Where is the download links for all the beta-release packages and their release notes?

  Thanks. So loading B19 the CSS on TableHeaders is showing White Bold for me. Using the following CSS before
  .table-view .column-header .label {
       -fx-text-fill: #f1f3f2;
       -fx-font: 11pt "Century Gothic";
  /** this is for the the last cell in the column-header so should essentially be the same styling as column-header* */
  .table-view .column-header-background {
       -fx-background-color: linear (0px,0px) to (0px,8px) stops (100%, rgb(127,127,127)) (10%, rgb(89,89,89));
       -fx-font: 10pt "Century Gothic";
       -fx-text-fill: #f1f3f2;
       -fx-font-weight: bold;
       -fx-border-color: #F1F1F1;
       -fx-border-weight: 1px;
  Is there a CSS change List?

• UMS Portlet (Beta Release) available for download

  What are we announcing?
  The beta release of the Unified Messaging Service (UMS) portlet is available for download on Portal Studio from Integration Solutions page. The UMS Portlet makes available to Oracle9iAS Portal users the abilities to send SMS messages, Emails, Voice notifications, Fax and WAP Push messages on a single web interface. These messaging capabilities are provided by the Oracle Notification Service (ONS, formerly the Push Service). By hosting this portlet, you automatically get a free trial account with the ONS service. Please send your comments, suggestions, and evaluations of this beta release on this discussion forum.
  How can I use it?
  The Oracle Notification Service (formerly known as Push Service) is an Oracle online service that allows Oracle9i Application Server Wireless and Oracle9iAS Portal users to send SMS messages, Emails, Voice notifications, Fax and WAP Push messages in an easy to access manner without installing any new software. The Oracle Notification Service is hosted at Oracle's data centers and is managed and maintained 24x7 by highly skilled staff. Users connect to it as a Web Service using an XML SOAP API over HTTP/HTTPS. The UMS portlet abstracts this communication and multiprotocol, multidevice complexities for the Oracle9iAS Portal users.
  An Oracle9iAS Portal user can sign up for this service and pay per usage.The user of this portlet would need to register and get an account with Oracle9iAS Wireless Service. However, to encourage the use of this service, a trial account of 500 units per IP address has been permitted. For purchasing more units and know more about the pricing mechanism, you can send an e-mail to [email protected]
  More information on Oracle9iAS Wireless and Oracle Notification Service is available at http://otn.oracle.com/products/iaswe/content.html
  Currently, this portlet allows sending SMS, Voice Mails, E-mails, Fax and WAP Push Messages. Future extensions will include support for Multimedia Messaging Service (MMS).
  Using this portlet, a portal user can send the same message as an SMS to people who have mobile phones, as an Email to those who would be at office, as a Voice mail to an employee who is at home and doesn't have access to Emails or mobile phones. For example, this portlet can be used in a hospital web site where the staff can send instant requests to the doctors or can be used in a financial portal which informs users about the changes in his/her stock prices on the device they wish.
  How do I get it?
  This portlet is available through the Portal Integration Solutions page (http://portalstudio.oracle.com/servlet/page?_pageid=3189&_dad=ops&_schema=OPSTUDIO) on Portal Studio. You can download this portlet from the Download Integration Portlets page (http://portalstudio.oracle.com/servlet/page?_pageid=3191&_dad=ops&_schema=OPSTUDIO). You would be asked to enter your OTN user details to download the portlet.
  Thanks & Regards,
  Abhinav

  Hi,
  I few minor issues with the SMS Portlet have been resolved & the updated version is available for download from the same location.
  If you have any queries, please post them at this forum. Your feedback on this portlet would be greatly appreciated.
  Thanks & Regards,
  Abhinav

• New Marvell (beta) Controller Driver is Released - but not for MSI?

  I've been following the Marvell controller situation pretty closely the past week or so because of the BSOD it's been causing on my board.
  ASUS has just posted a new Marvell driver for the 91XX, which is on the XPower (88SE9128) and I assume many other X-58 boards.
  My question is, does Marvell release one driver that's compatible with all the X-58 boards? Or do they make one for each manufacturer?
  I'm very anxious to try it, see if it helps with the BSOD. Should I wait until MSI posts it on their download page, or am I waiting in vain because maybe they never post Beta releases?
  Thank you guys!

  Thanks Clay - I never did install the MSU software. I was using the most current driver on MSI's site - the 1.0.0.1047 WHQL.
  I've asked around about station-drivers and some say they're fine, others say basically what you did, "be careful."
  They've had the 1.2.00.1002 on their site for awhile, and now I see ASUS has it on their site for their X-58 boards. It's listed as a "Beta."
  Not sure if I'll even bother with it. I rolled back to the msahci and I'm getting the performance I was was getting originally. I think it was only the last official driver - the 1047 - that caused all (or most) of the problems for me.

• Is php security and secure connection are enough for securing big web app. like fb?

  i mean....using php security functions and using secure coneection .....are enough for protecting big web apps. like fb??

  With great difficulty and constant monitoring and tweaking.
  Gramps

• SMS Portlet (Beta Release) Release available for download

  SMS Portlet (Beta release) is now available for download from Portal Center, Knowledge Exchange.
  The SMS Portlet leverages Oracle9iAS Wireless Push Service & Transport Architecture to send an SMS to any mobile device. The user of this portlet would need to get an account with Oracle9iAS Wireless team. However, to encourage the use of this service, a trial account of 1000 units (where each SMS message uses 10 units) per IP address has been permitted.
  You need to subscribe to the Oracle9iAS Portal Developer Services in order to download this sample. Subscribers to the Oracle9iAS Portal Developer Services will be able to access the Knowledge Exchange where this portlet sample is uploaded. The Oracle9iAS Portal Developer Services is a network of people dedicated to creating and exchanging portal expertise.
  To subscribe, visit http://portalcenter.oracle.com/ and look for the Oracle9iAS Portal Developer Services portlet in the right hand column. Registration is just a matter of logging in using your OTN account.
  You can download through the following link,
  http://portalstudio.oracle.com/servlet/page?_pageid=2106&_dad=ops&_schema=OPSTUDIO&_type=site&_fsiteid=233&_fid=294419&_fnavbarid=180376&_fnavbarsiteid=233&_fedit=0&_fmode=2&_fdisplaymode=1&_fcalledfrom=1&_fdisplayurl=&_rated_page_number=2
  Regards,
  Abhinav

  Hi,
  I few minor issues with the SMS Portlet have been resolved & the updated version is available for download from the same location.
  If you have any queries, please post them at this forum. Your feedback on this portlet would be greatly appreciated.
  Thanks & Regards,
  Abhinav

• Is 33.0 a Beta release as it says in view more info or a strongly recommended security and stablilty release?

  I was about to apply the new Filefox 33.0 update, but when I went to "View more information", the page there says 33.0Beta. I don't want a beta release. I am not sure what to do. I have Windows 7 Professional and Firefox 32.0.3 now. Thanks.

  Firefox 32.0 would not update to a Beta build of 33.0 unless you were using a Beta build of 32.0 and not the 32.0 Release at time.
  Firefox 33.0 is on Beta channel (currently at 33.0b9) and it will be on Release channel for Release as of October 14. The Beta channel will then start with 34.0b1.

• BETA-Releases for H61MU-E35, H61M-E33, H61M-E23 & H61M-P33 [MS-7680 v2.0/2.1]

  I will upload the latest BETA-UEFI-Release(s) for the E7680IMS.Axx-Release Series [v10.xx] here.  These Releases are for the following mainboard models only [MS-7680 PCB v2.0 / v2.1 -> ERP 030, 040, 060 and 070]:
  - H61MU-E35
  - H61M-E33
  - H61M-E23
  - H61M-P33
  The latest release is E7680IMS.A41 [=v10.4b1].
  Changelog:
  E7680IMS.A30 ---> E7680IMS.A41
  - Add LowMemory Support.
  - Add AHCI Support.
  ---> Modify Remove SATA PORT3/4 to Hidden SATA PORT3/4.
  ---> Remove check Bom For USB3.0 varstore to Chipset.vfr.
  ---> Add Check Hot Plug Port1/port2 For H61M-P33.
  - "H/W Monitor" to "Hardware Monitor"
  - Add "Intel VT-D Tech" in OC\CPU Features page
  - Correct disable USB Controller cannot into S3/S4.
  - Patch the ATI 6xxx VGA card installing VGA driver after the OS halted.
  - Fixed When installing 3TB HDD and then press F11 to select UEFI DVD, the system will hang in blank screen.
  - Fixed MFLASH in setup recovery Fail.
  As always, use this release at your own risk!
  >>Use the MSI HQ Forum USB flasher<< [Method II] for safer flashing and best results.

  Quote
  Will this work on the H61M-P23
  No!  The H61M-P23 uses E7680IMS.Hxx releases.  Please consult the following thread for BETA releases for the H61M-P23:
  https://forum-en.msi.com/index.php?topic=147964.0
  Back to topic [H61MU-E35, H61M-E33, H61M-E23 & H61M-P33 BETA [MS-7680 v2.0/2.1]:
  Update: E7680IMS.A53 [v10.5b3]
  E7680IMS.A40 ---> E7680IMS.A53
  - Add VGA Share Memory Option Name "256M/512M/1024M"
  - Add SYS Smart FAN Function for PCB2.1.
  - Adjust USB3.0 SMI GPI 11 to 14 for PCB2.1
  - Remove "USB 3.0 Legacy Mode Support" for some BOM(No USB 3.0 Port)
  - Remove VGA Share Memory Option Name "256M/512M/1024M" for ECN
  - Fix plug 4 dimm G-Skill F3-12800CL7D boot fail when XMP enabled
  - Temporarily closed SmiVariable Function for M-Flash Boot Issue.
  >>Use the MSI HQ Forum USB flasher<<, Method II for best results.
  Use this release at your own risk!

• What is the best security package for an imac using yosimity

  What is the best security package for an imac using Yosimity

  Mac users often ask whether they should install "anti-virus" software. The answer usually given on ASC is "no." The answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There  is a threat, and you need to educate yourself about it.
  1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it.
  The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
  OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
  The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  ☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
  ☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
  3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  ☞ It can easily be disabled or overridden by the user.
  ☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
  ☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
  Apple has taken far too long to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. Those lapses don't involve App Store products, however.
  For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
  4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
  5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, not machine behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.
  The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
  Software from an untrustworthy source
  ☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.
  ☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
  ☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free applications that have been packaged in a superfluous "installer."
  ☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
  Software that is plainly illegal or does something illegal
  ☞ High-priced commercial software such as Photoshop is "cracked" or "free."
  ☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.
  Conditional or unsolicited offers from strangers
  ☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  ☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
  ☞ You win a prize in a contest you never entered.
  ☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
  ☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
  ☞ Anything online that you would expect to pay for is "free."
  Unexpected events
  ☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
  ☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
  ☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
  ☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
  I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
  6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
  Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.
  Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
  7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
  Why shouldn't you use commercial AV products?
  ☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
  ☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  ☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
  ☞ Most importantly, a false sense of security is dangerous.
  8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
  Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
  London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
  You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
  The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
  10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It can be as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.