Office 365 Claim Based Rules

Similar Messages

• My company wants to purchase Office for iPad,but don't want our reps to be able to back up to Office 365 cloud based system. Can this be disabled?

  My company wants to purchase Office for iPad,but don't want our reps to be able to back up to Office 365 cloud based system. Can this be disabled?

  Since Office 365 is a Microsoft product and not an Apple product, it doubtful you'll get an answer here. Suggest you post in a M$ Office 365 forum, like this one http://support.microsoft.com/ph/15834/en  Google for others.
   Cheers, Tom

• Virtualizing an Office add-in with Office 365 installed - possible?

  I've just attempted to virtualise an Excel add-in by sequencing the add-in and providing a special shortcut to launch Excel in the bubble with the add-ins enabled.
  This normally works fine when Office is locally installed, but in this case my client has deployed the Office 365 click-to-run package, and when Excel is launched it cannot see any of my virtualised files.
  When I run listdlls.exe on Excel.exe, I see:
  C:\Program Files\Microsoft Application Virtualization\Client\Subsystems\AppVEntSubsystems32.dll
  C:\Program Files\Microsoft Office 15\root\office15\AppVIsvSubsystems32.dll
  Since Office 365 is based on App-V technology, I assume these two dlls are conflicting, and my solution going forward is to either get them to put Office down locally or convert it to a full App-V package.
  Before I do this though, does anybody know of any tricks to get it to work with the basic Office 365 package?
  Dan Gough - packageology.com
  Twitter (@packageologist) LinkedIn

  Our story is if you want to combine virtual Office 2013 with virtualized plug-ins, flatten the package into the full App-V format and use Connection Groups.
  Steve Thomas, Senior Consultant, Microsoft
  App-V/MED-V/SCVMM/Server App-V/MDOP/AppCompat
  http://blogs.technet.com/gladiatormsft/
  The App-V Team blog: http://blogs.technet.com/appv/
  The MED-V Team Blog: http://blogs.technet.com/medv
  The SCVMM Team blog: http://blogs.technet.com/scvmm/
  “This posting is provided "AS IS" with no warranties, and confers no rights. User assumes all risks.”

• How to create a private forum in Office 365 SharePoint for customers?

  Hi, 
  I am implementing a SharePoint Office 365 solution for a client but one of their requirements is sharing regularly updated info with only 20 customers. The idea is to share info with just the customers in a private forum basically to receive feedback, comments
  and emails. What is the best approach to this?
  Thanks, 

  Hello Aslr12,
  Based on these requirements I would just create a new site collection within SharePoint online service of your Office 365 tenant, based on the community site template. This template has some nice web parts like the Discussion list and some Community tools. 
  - Dennis | Netherlands | Blog |
  Twitter

• Error when Launching Office 365 Pro Plus in Remote Desktop Services

   Hello, I have Windows Server 2008 R2 and I have installed Office 365 pro plus volume license but I keep receive the error when I launch the product  I receive this error "This Copy of Microsoft Office 2013 cannot be used on a computer running
  Terminal Services. To use Office 2013 on a Computer running Terminal Services, You must use a Volume License Edition of Office"
  Jim G

  Unlike managed volume-licensed environments, Office Professional Plus for Office 365 cannot use Microsoft Application Virtualization (App-V) or Windows Server 2008 Terminal Services as deployment options. Because Office Professional Plus for Office 365 is
  based on the Retail SKU, you cannot install it on a Terminal Server.
  For the detailed information about Deploying Office Professional Plus for Office 365, you can refer the following article:
  http://technet.microsoft.com/en-us/library/gg998766.aspx
  Tylor Wang
  TechNet Community Support

• Office 2010 Outlook Desktop/Office 365 Issues-Cannot connect to the desktop in Outlook, Can't see more than 6 old messages in Office 365

  Hello,
  I'm hoping someone can help me out. I'm having an issue all of a sudden with connecting staff members to Outlook 2010 desktop version. Our super kept having issues, so we disconnected her from the desktop, and tried to reconnect her. I wish I wouldn't have
  done that, now I can't get connected back up. We thought we would login to the web version so that she could check her e-mails, which is fine. She can get new e-mails just fine, but she can only see 6 old emails, and she has 100's of old e-mails. Someone please
  help, I'm about ready to pull my hair out!!! Very frustrating. :)
  Thank you in advance,
  Ang

  Hi Ang
  So this is an Office 365 (Exchange-based) email account? Do you mean you've deleted the specific account from Outlook client and tried to re-add it again?
  "now I can't get connected back up" - At which step will it fail? Any error messages when things go wrong? Please first check the account settings that you've entered, and make sure they are correct.
  "She can get new e-mails just fine, but she can only see 6 old emails, and she has 100's of old e-mails."
  - With web mail portal, you are connected to your mail server directly. If you are referring to the web-based mail portal here, then these old mail messages probably have been deleted from the server.
  Regards,
  Ethan Hua
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Detection rule for Office 365

  Hi
  I'm about to create a application for Office 365 in Configuration Manager 2012 R2.
  I've seen recommendation to look for %programfiles%\Microsoft Office 15\root\Office15. But will that not break when office is upgraded on the client?
  In registry I've HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\O365ProPlusRetail - en-us. And for the looks of it I cannot use this if a user decides to download and install a different version than en-us.
  Any idea on what detection rule I should use for Office 365 that works for next versions of Office 365 (office 2015)?

  Using folder check for "%programfiles%\Microsoft Office 15\root\Office15", might be a bad
  idea.
  You need to use the full path to WINWORD.exe or something.
  If you install Visio using Office 365 it will end up in the same folder, and that will make wrong detection of the application!
  You don't have to worry about the version of Office when running Office 365, but you can get the version directly from the
  WINWORD.exe if you for some reason wants to use it...
  I would recommend that you don't check for the version though.
  Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs:
  www.ronnipedersen.com/ and www.SCUG.dk/ | Twitter
  @ronnipedersen

• Re: how to claim my 60 minutes which include by purchase office 365

  I have a different, but related problem with claiming my office 365 minutes as described here. The link for "claim your minutes" takes me to my Microsoft account at office.com.  But that account has no knowledge of my Office 365 purchase or related account (which has a different user ID and password). So the page says, "Office isn't associated with this account." How can I tell Skype about my office 365 account? I haven't seen any way to link my Microsoft ID with my Office 365 ID (and why they required both in the first place is another frustration--a subject for another time). I'm completely puzzled, having purchased Office 365 business, why there appears to be no way for me to tell it about Skype or Skype about it?

  I have same problem. Purchased office 365 home premium and have 60 free skype minutes. Linked to my skype account. But does not let me make calls!!!!! from Australia to India. everytime it asks me to buy skype credit.  Did you get a solution to your problem? Tried calling microsoft, calling skype but no matter where I call or chat online, the people who are at the other end toss me around from one to another. No solution but a utter waste of time. It is almost as if the free skype minutes is a hoax...not a real offer. make it so difficult people give up on redeeming but looks good when selling. Very frustrated....tried various times in the last 4 months to resolve this....

• Can't claim free 60 minutes skype from office 365

  I bought license's office and windows and i have a free gift is microsoft office 365 and they talk can to active free 60 minutes Skype.But now i try to claim and can't claim 
  Please help me ! Thnks

  i have the same problem 

• Office 365 API, error: The token has invalid value 'roles' for the claim type ''

  Hi guys,
  I am trying to develop a Daemon / Server application using the new Office 365 APIs. I have added a new application to Azure Active Directory. I am using cURL + the app ID and secret to get a JWT token, this is the exact request:
  curl -X POST https://login.windows.net/TENANT_KEY/oauth2/token \
  -F redirect_uri=http://spreadyDaemon \
  -F grant_type=client_credentials \
  -F resource=https://outlook.office365.com/ \
  -F client_id=XXXX \
  -F client_secret=XXXX=
   I get back a JWT however it has no scopes for access set here is the decoded JWT claims:
  "ver": "1.0",
  "aud": "https://outlook.office365.com/",
  "iss": "https://sts.windows.net/TENANT_KEY/",
  "oid": "17fa33ae-a0e9-4292-96ea-24ce8f11df21",
  "idp": "https://sts.windows.net/TENANT_KEY/",
  "appidacr": "1",
  "exp": 1415986833,
  "appid": "XXXX",
  "tid": "e625eb3f-ef77-4c02-8010-c591d78b6c5f",
  "iat": 1415982933,
  "nbf": 1415982933,
  "sub": "17fa33ae-a0e9-4292-96ea-24ce8f11df21"
  Therefore when I do a request to the exchange API endpoint I get the following response:
  HTTP/1.1 401 Unauthorized
  Cache-Control: private
  Server: Microsoft-IIS/8.0
  request-id: d08d01a8-7213-4a13-a598-08362b4dfa70
  Set-Cookie: ClientId=WDALDNO0CAIOOZDZWTA; expires=Sat, 14-Nov-2015 16:40:59 GMT; path=/; HttpOnly
  X-CalculatedBETarget: am3pr01mb0662.eurprd01.prod.exchangelabs.com
  x-ms-diagnostics: 2000001;reason="The token has invalid value 'roles' for the claim type ''.";error_category="invalid_token"
  X-DiagInfo: AM3PR01MB0662
  X-BEServer: AM3PR01MB0662
  X-AspNet-Version: 4.0.30319
  Set-Cookie: exchangecookie=6bf68da033684824af21af3b0cdea6e3; expires=Sat, 14-Nov-2015 16:40:59 GMT; path=/; HttpOnly
  Set-Cookie: [email protected]=[email protected]4Wbno2ajNGQkZKWnI2QjJCZi9GckJKBzc/Oy9LOzdLOy6vOycXLz8XKxoGaio2PjZvPztGPjZCb0ZqHnJeekZiak56djNGckJI=; expires=Sun, 14-Dec-2014 16:40:59 GMT; path=/EWS; secure; HttpOnly
  Set-Cookie: [email protected]=[email protected]4Wbno2ajNGQkZKWnI2QjJCZi9GckJKBzc/Oy9LOzdLOy6vOycXLz8XKxg==; expires=Sun, 14-Dec-2014 16:40:59 GMT; path=/EWS; secure; HttpOnly
  X-Powered-By: ASP.NET
  X-FEServer: DB4PR02CA0026
  WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", authorization_uri="https://login.windows.net/common/oauth2/authorize", error="invalid_token",Basic Realm="",Basic Realm=""
  Date: Fri, 14 Nov 2014 16:40:59 GMT
  Content-Length: 0
  I have asked a stack overflow question here: http://stackoverflow.com/questions/26950838/office-365-api-error-the-token-has-invalid-value-roles-for-the-claim-type
  Any help on the matter will be hugely appreciated, thanks!

  Hi Manu,
  To wrap this thread up; I have had an answer on stack overflow.
  It appears that currently the grant type client_credentials is not supported, according to a comment on this blog post by Matthias' http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online-in-office-365.aspx 
  "There is no way in the code flow to avoid username/password. We're working on a client credential flow for later this fall that will give you the functionality required to run background services. For this you will not need a username/password,
  but the application will directly assert its identity and authenticate as itself."
  Unfortunately I require client_credentials for a daemon process, Q4 is the scheduled release for support for this grant time.
  Thanks for the help,
  Nick

• Claiming Office 365 sub 60 minutes

  This is the first place I have even seen a way to post a question. I want my monet back and Microsoft can keep their office 365 xxxxxxxxxxxx If you aren't going to make it possible to yuse the promised mintes then don't nmake the promises. I don't even think about skype until Microsoft started promising it. Now I want it. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx how to use the minutes. How do I even make a call? What do I use for a telehone? Im really not interested in using a phone but I want the minites xxxxxxxxxxxxxxxxxxxxxxxxxx about when it promised them. This is certainly the last time I subscribe to Office 365. I need Office but not badly enough to go through this agggravation when trying to use what was poromised. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Why can't I get it?
  Moderator Note:
  Offensive text removed.

   stephen714 wrote:
  how to use the minutes.
  Hello
  please contact Skype customer service
  TIME ZONE - US EASTERN. LOCATION - PHILADELPHIA, PA, USA.
  I recommend that you always run the latest Skype version: Windows & Mac
  If my advice helped to fix your issue please mark it as a solution to help others.
  Please note that I generally don't respond to unsolicited Private Messages. Thank you.

• Can I claim world minutes from Office 365 purchase...

  I bought Office 365 in the UAE and it was advertised as having free world minutes but I don't see how to activate them in my Microsoft Account. I am, therefore, assuming that they are not available to me and the product was marketed incorrectly (nothing on the box to say that there were restrictions and even the sales staff said that we would be able to use them). Is it indeed the case that I can't use them here. Could I use them if I used a VPN or when I'm abroad?

  dr-annie wrote:
   Could I use them if I used a VPN or when I'm abroad?
  Hello and welcome to the Skype Community.
  Yes you should be able to use them in those circumstances.
  TIME ZONE - US EASTERN. LOCATION - PHILADELPHIA, PA, USA.
  I recommend that you always run the latest Skype version: Windows & Mac
  If my advice helped to fix your issue please mark it as a solution to help others.
  Please note that I generally don't respond to unsolicited Private Messages. Thank you.

• Office 365 support with VB6 based application for example Mail Merge

  Hi Development team,
  Could i know how to use office 365 in our project step by step ? is it free available as trial version which work successfully
  As our project is currently using Microsoft Office 2003/2007. for we example we run Mail Merge module and it opened in MS word Office 2007 by default as it is installed in our local Machine.
  Currently i don't have office 365 licence software, does it require?
  My point of contact is one of client is asking for why not we are using office 365 which is on cloud version.
  Thanks 
  Anuj kumar
  India 
  91+9582890489

  Hi,
  Welcome to MSDN.
  I am afraid that issues related to VB6 are not supported in these forums, you could check that thread :
  Where to post your VB 6 questions
  In addition, you could post issues related to Office 365 which are not related to VB6
  in http://answers.microsoft.com/en-us/office?auth=1 to get supports.
  Thanks for your understanding.
  Regards.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Time out error after redirection (ADFS-Office 365 SSO)

  Hi everyone,
   I've been having a problem with configuring ADFS and Office 365 SSO. So Everything is setup and signing into office 365 from the internal network works perfectly but when trying to access from the external network I get timed out. A brief overview
  of my setup:
  LAN------>Firewall---------->Firewall------>Internet
                     |
                   DMZ
  LAN network: 192.168.50.0/24
  DC-DNS, RODC-DNS, ADFS1-ADFS2 (NLB), DIRSYNC.
  DMZ: 172.16.50.0/24
  ADFS Proxy1-ADFS Proxy 2 (NLB) (NLB IP: 172.16.50.225)
  Firewall-Firewall: 10.10.10.0/24
  Internal Firewall: Inside: 192.168.50.254/Outside: 10.10.10.2
  External Firewall: Inside: 10.10.10.1/Outside: 172.31.130.83 (working in a class lab with my universities private network)
  Our network engineering department has its own firewall, I was given a Public IP address of 199.50.X.X that port forwards both port 80 and 443 to the outside interface of the external firewall (172.31.130.83)
  The internal firewall allows outgoing and incoming connections from anywhere for troubleshooting the issue. The External Firewall has been configured portforward both port 80 and 443 to the adfs proxy NLB address.
  Other firewall configurations such as NAT and static routes have been configured correctly.
  I've updated the public DNS records, the A record for my ADFS from the public IP address godaddy assigned to my public domain to the public IP given to me (199.50.X.X). I added the adfs server internal IP and name to the adfs proxy host files and DNS resolution
  is working both internal and externally.
  Using a domain-joined computer and user I am able to sign into office 365 with no problems. The problem starts when I try to access from an external device. When entering a domain user email at the office portal, it tries to redirect me to my adfs proxy
  but after a minute or so it fails to load my internal adfs login page and using google chrome I see a timeout error.
  Checked event viewer on both adfs and adfs proxy servers and nothing is showing up, checked my firewalls and everything seems to be working fine, I also confirmed that the faculty's firewall is receiving and forwarding correctly through ports 443 and 80
  (my external firewall also shows the same results).
  Any help would appreciated, been troubleshooting for more than  week and pretty much out of options other than starting over.
  Thank you.
  Moe.

  Hi Moe,
  Regarding specific ADFS query, I suggest you refer to experts from the following forum to get professional support:
  Claims based access platform (CBA), code-named Geneva Forum
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  Thank you for your understanding and support.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• O i need antivirus software if i am going to download office 365 onto my new imac?

  Do i need antivirus software if i am going to download office 365 onto my new imac?

  1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it.
  If you find this comment too long or too technical, read only sections 5, 6, and 10.
  OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
  The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
     3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
  An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
  Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
     For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
  4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
  5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, and a technological fix is not going to solve it. Trusting software to protect you will only make you more vulnerable.
  The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
  Software from an untrustworthy source
  Software of any kind is distributed via BitTorrent. or Usenet, or on a website that also distributes pirated music or movies.
  Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, your browser, or anything else.
  Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
  The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
  Software that is plainly illegal or does something illegal
  High-priced commercial software such as Photoshop is "cracked" or "free."
  An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
  Conditional or unsolicited offers from strangers
  A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
  You win a prize in a contest you never entered.
  Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
  A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
  Anything online that you would expect to pay for is "free."
  Unexpected events
  You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
  An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
  Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
  I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
     6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
  Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
  7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. Research has shown that most successful attacks are "zero-day"—that is, previously unknown. Recognition-based malware scanners do not defend against such attacks.
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  Most importantly, a false sense of security makes you more vulnerable.
  8. An anti-malware product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  An anti-virus app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize by the file name alone. An actual example:
  London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
  You don't need software to know that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's seldom a reason to use recognition software unless an institutional policy requires it. Windows malware is so widespread that you should assume it's in every unknown email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may be useful if it satisfies an ill-informed network administrator who says you must run some kind of "anti-virus" application.
  The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
  10. As a Mac user you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither should you assume that you will always be safe from exploitation, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.