Mac Maintenance and HDD updates/upgrade

[Updated 06-26-2011]

I just spent a few days doing lots of maintenance on a few Mac’s.
Cleaning up, optimizing and replacing one HDD for a new larger one.
So I thought I’d share what I do with my Mac’s to keep them running happy and having my data safe should there be problems to those of you ‘Mac-ites’ out there.
1st. Let’s clean up.
I install and use Onyx on all my Macs and those I maintain. It makes maintenance a BREEZE.
With Onyx you can do just about everything you need to do on a regular basis to keep clutter down and errors away.
Get it here.

Check out the AppCleaner application to completely remove applications – often installs put files into many other directories than just the applications folder! A great tool for removing leftover ‘gunk’.

I was going to go into some of the other steps I do such as removing unnecessary start-up items and removing unused apps but it looks like the folks at LifeHacker.com have put together a very good article on just that.
So to save the time of me just re-stating what Gina Trapani, founder of LifeHacker, has already said just go here.
The folks at Tested.com also have a good in depth article on how to manually do nearly everything you can do in Onyx. But I find Onyx to be fantastic.
As always make sure you have a good backup before you start messing with system settings!

2nd. Let’s clone/copy.

For backups most know I believe in Images(Clones), alone with periodic ‘file backups’. That way I’m protected against full drive failures/loses AND stupidity – accidentally erasing or overwriting files. 🙂
Imaging or cloning is the procedure by which you create a backup that is identical to a bootable system either to another internal or external drive. This is the ultimate backup! Should your drive fail you can just ‘pop in’ your cloned drive or ‘restore’ that clone to a new drive and your are up and running.
Good description here

Now to backing up and/or updating of a hard drive. By cloning the drive to a new (or back up one) you are creating an exact bootable copy of the original.

This is actually a very simple process that can be done without any 3rd party software on OSX!
I’ll explain how to do that in a moment, but there are some 3rd party tools that make it a little easier for the novice

Whether you are installing a brand new larger hard rive like I just did or making a clone to and external drive the directions are the same. [except of course if it is just a back up clone you won’t be ‘changing the start up disk’]

For the two Easiest ways to Clone (and also backup – remember images rule!):
Use SuperDuper Mac Drive Cloner. Get it here,
The application is freeware/shareware. Meaning to use the clone function it’s free but to use the advance scheduling features you will have to purchase a license. The call is yours.
I have always found it very worthwhile to own and support great utility software.

Or use Carbon Copy Cloner. Get that here. Read about it here. The latest version is fantastic. It’s now my go to OS X disk tool.

Now the no 3rd party software route.
You can do as I have done many times use OS X’s own clone/restore utility!

You insert the MacOS X 10.x install disk, boot from it, select Disk Utility from the Start menu, and choose the volume of the new Mac.
Then use the Restore tab, drag and drop the old drive as the source, and the new one as the target, and press the button.
Et voila!
After copying, just make sure that your new hdd (the clone) is set to be the start up disk.

You can then boot the new Mac with an exact clone of the old one.

Here’s how to use Disk Utility to clone and backup your hard drive in a little more detail using an install disk:
* Fire the Mac OS X disk that came along with your Mac.
To do this, insert the CD or DVD into your Mac, and hold down the C key while your Mac restarts.

[if that doesn’t work try these options:
# Restart your computer and immediately press the Option key. Icons for all available startup volumes will appear. Click the one you want to boot from, and then click the right arrow button to complete the startup process.
# Restart your computer and immediately press Cmd-Option-Shift-Delete. You must press all the keys at once. The computer will start to boot from the CD or DVD drive. If there isn’t a bootable disc inside the drive when you begin the reboot, the computer will attempt to boot from another partition or drive. ]

* Go ahead select your language. Don’t worry: You’re not installing Mac OS X again – this is just what you have to do to get to Disk Utility. When the menu bar appears, select Disk Utility from the Utilities menu.
* When Disk Utility opens, you’ll want to select your source. This is the hard drive you want to clone and/or backup. After you have a source, select the Destination. This is the hard drive you want to save the backup image to. * Click Restore and you’ll end up with a perfect copy of your hard drive.


Restart your computer and you’re good to go!

That’s it……

For backups there is also the included Time Machine application that ships with the latest versions of OS X. It is much improved from previous versions. It allows the user to restore the whole system, multiple files, or a single file. It works within iWork, iLife, and several other compatible programs, making it possible to restore individual objects (e.g.: photos, contacts, calendar events) without leaving the application. Time Machine is a backup utility, not an archival utility, it is not intended as offline storage. Time Machine captures the most recent state of your data on your disk. As snapshots age, they are prioritized progressively lower compared to your more recent ones.

Carbon Copy Cloner, SuperDuper and Time Machine are complimentary. Think of SuperDuper or CCC as your backup against catastrophe (drive-failure or theft) while your TM volume is a hedge against stupidity (deleting/overwriting important files, contacts, etc.).

One last utility that I’d like to mention is AppleJack.

AppleJack is a user friendly troubleshooting assistant for Mac OS X. With AppleJack you can troubleshoot a computer even if you can’t load the GUI, or don’t have a startup CD handy. AppleJack runs in Single User Mode and is menu-based for ease of use. Their main page is here.

The AppleJack download is here.

Peace and happy computing…..

Blacksheep add-on to protect against WiFi session Hijacking

This is a Firefox add-on everyone should use if you use public WiFi anywhere anytime.
It’s called ‘Blacksheep’.

Blacksheep will find and block ‘Firesheep’ – a highly popular new hacking tool used to ‘sniff out and steal your sensitive information on WiFi networks.

What Firesheep is:
Firesheep is the Firefox extension that makes it easier to steal logins and take over social media and email accounts after users log in from a WiFi hotspot or even their own unprotected network. It is designed to sniff out weak security and hijack web site credentials on open Wi-Fi networks. This technique is technically called ‘Session Hijacking’.

Session hijacking is nothing new. Web sites typically use SSL connections for initial login pages, but revert to non-encrypted traffic for all subsequent communication. As such, while a user’s username and password may be protected, once they are authenticated, any user on the same network can simply sniff network traffic, obtain a user’s session ID and then hijack their session for a given website. Although this has always been a serious risk, especially on insecure networks such as public WiFi hot spots, some degree of technical knowledge was required to accomplish the attack. Firesheep, opens such attacks to the masses as it turns session hijacking into a point and click exercise. Unless websites mandate SSL for all traffic on the site, session hijacking will always remain a threat.

Fortunately, BlackSheep can be used to let you know if someone is running Firesheep on the same network and protect you.

Read some more here.

and here

or just add the extension to Firefox by going here!

Be safe folks!

Apple Security news end of June 2011

Apple has released Mac OS X v10.6.8 and Security Update 2011-004 addressing a total of 39 vulnerabilities in OS X 10.5.x and 10.6.x.

Many are critical errors which could allow an attacker to take control of the system!

Please use the System Update. You can read the notice here:

And get the direct download here:

As usual I would remind you to also make sure you also update your Web Browser(s) and plug ins – ESPECIALLY Adobe Flash and Adobe Acrobat!

Firefox 5 news

Today Mozilla released the Final version of Firefox 5 ahead of its scheduled date. It has been slated for official release next Tuesday June 21. If you’d like, you can get it now here:
Windows

Mac

Linux

Before installing I HIGHLY recommend backing up your complete profile. For that I use MozBackup on Windows. You can get the Windows install here

For other OS’s you can use FEBE
To install FEBE download the .zip file then rename it with a .xpi extension and open it with Firefox.

I would also recommend that you install the "Firefox Add-on Compatibility Reporter" to Firefox 1st too. Get that here.  This will keep unsupported or updated plugins/add-ins from crashing the browser and may let some of them work even if they are ‘not supported’.

So what’s new in Firefox 5?

  • Added support for CSS animations
  • The Do-Not-Track header preference has been moved to increase discoverability
  • Improved canvas, JavaScript, memory, and networking performance
  • Improved standards support for HTML5, XHR, MathML, SMIL, and canvas
  • Improved spell checking for some locales
  • Improved desktop environment integration for Linux users
  • WebGL content can no longer load cross-domain textures
  • Background tabs have setTimeout and setInterval clamped to 1000ms to improve performance
  • The Firefox development channel switcher introduced in previous Firefox Beta updates has been removed.

As with any new software be aware that some items may have changed locations and some Extensions/Add-ons may not function correctly or at all. So once again let me re-iterate – MAKE A BACK UP OF YOUR SETTINGS/PROFILE before installing!! You may also with to download the version prior to version 5 incase you have to uninstall version 5 and re-install your old version.
Windows:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest-4.0/win32/en-US/Firefox%20Setup%204.0.1.exe
Mac:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest-4.0/mac/en-US/Firefox%204.0.1.dmg
Linux:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest-4.0/linux-x86_64/en-US/firefox-4.0.1.tar.bz2
For other versions and languages go here:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest-4.0/

Here’s to hoping that it proves to be a worthwhile upgrade!

Virtualization 101 – Getting started

It’s no secret I like Virtualization technologies a lot. I have written several other articles on some of my tips and tricks mostly involving creating Virtual Machines of OS X. You can read some of those here, here, here or simply just search my blog.

For those who support multiple operating systems or simply have a desire to learn about them, Virtualization is a fantastic way to just that. Virtualization, in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources. Here is a good description tailored to the IT professional or CEO http://youtu.be/MnNX13yBzAU but you can get a good grasp of the concepts.

At my organization I have installed and manage a VMware ESXi clustered installation on a SAN (Storage Area Network) with hardware and software that starts in the six figures. This is obviously way out of reach of the home user or enthusiast. But Virtualization can be inexpensive and or downright free for the taking. Microsoft, VMware and Virtual Box all have freeware solutions!

For this article I am going to concentrate on the hardware required and the simplest to use application for the novice or even intermediate user – VirtualBox a freeware application by Oracle. So on to the hardware:

Virtualization product or solution such as VMWare Workstation (and the ‘industrial ESXi), VirtualBox and Windows Virtual PC often require Hardware Assisted Virtualization (HAV) CPU feature in order to function properly as it allows a virtual machine hypervisor to run an unmodified operating system without incurring significant emulation performance penalties. The largest chip makers, Intel and AMD implement hardware assisted virtualization in their processors as Intel VT (VT-x) and AMD-V respectively. However, not all modern CPU has hardware-assisted virtualization capability built-in though; you will want to make sure. The VT capability in the processor on the computer is built onto the tiny piece of chip, and cannot be added or removed using any manual process. And even if the CPU features VT, it must be enabled in BIOS.

Most newer CPUs include VT operation by default. However, some older or even current processors available for purchase for DIY or operating on OEM computers may not support VT. When there is no VT support, Virtual Machine Technologies based on VT may fail to install or cannot be powered up and started.

If you are going to create or use virtual machines you should verify, check, determine or get to know whether his or her PC computer supports hardware-assisted virtualization. There are a few software utilities you can use to quickly determine whether there is hardware virtualization system on the system CPU. One is name named SecurAble which is able to display hardware virtualization support status as Yes, No, Locked On and Locked Off. The other is Microsoft’s HAV Detection tool.

SecurAble Detects CPU Processor Security Features (Bit Length, DEP and Virtualization)

Most users who buy computer are just paying notice to the speed (how fast) and size of RAM memory (how big) of the PC. In fact, most modern CPU microprocessors have great lots of features and capabilities other than constantly higher clock rate. With the evolving of software development, some of these features are now required. With SecurAble, user can easily check and determine if the system is x86 or x64 architecture, support hardware DEP and/or hardware virtualization.
SecurAble probes the system’s processor, determine the presence, absence and operational status and displays the status of the three most significant security-related processor features:

  • 64-bit instruction extensions
  • Hardware support for detecting and preventing the execution of code in program data areas
  • Hardware support for system resource “virtualization”

clip_image001

All these features are deemed to be security-important by developer of SecurAble, GRC. 64-bit capable CPUs have the ability to run the 64-bit versions of Microsoft’s substantially more secure Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 operating systems, which has the operating system kernel locked down. Hardware-enforced DEP can stop exploitation of buffer overflow attacks, while virtualization technology (VT) can be used to create fully contained environments that can be used to insulate the real hosting operating system from any actions taken by software running within the “virtual” environment.

SecurAble is free to use, and no installation require.

I use SecurAble the most for checking for Hardware-Assisted Virtualization.

Download SecurAble.

http://www.grc.com/securable.htm

Microsoft has also released a application tool that able to detect status of Hardware-Assisted Virtualization (HAV) support on the computer system’s CPU microprocessor. Aptly named as Hardware-Assisted Virtualization Detection Tool or simply as HAV Detection Tool, the utility can detect and check if the computer meets the processor requirements to run Windows Virtual PC, i.e. hardware-assisted virtualization.

clip_image002

Download HAV Detection Tool: havdetectiontool.exe

Using HAV Detection Tool is easy, just run the executable, and the results of whether hardware virtualization support is existed on the system or not (together with ability to install Windows Virtual PC) will be displayed on result dialog. It’s standalone program, thus no installation or un-installation required

So after you’ve determined you can run virtual machines with HAV you’ll want to try some VM’s out.

As I mentioned for home use I’ve found Virtual Box to be the easiest to use and configure. You can get it here and get the ‘Extension Pack’ here. Install the application first (get the right one for you platform – Windows, Mac, Linux) Then install the Extension pack; it will install automatically IF you’ve already installed the base application first.

Once installed you are ready to start working with just about any operating system you want to within your current system!

Here is a fantastic walk through of how to simply create a VM from a downloaded Linux installation disk (ISO)

This method can be used for installing Windows VMs too! If you have a Windows installation CD/DVD and you wish to install it as a VM you can. [For OS X you will have to follow some of the very specific tutorials I have put together – Apple does not like you to install OS X on non Apple hardware]

VirtualBox.org has a very detailed description and walkthroughs too, you can find that here.

The easiest way to get started with VirtualBox is to import an already made image/appliance. Virtualbox.org has many already made Linux installations you can get them here. And with a little diligent searching you can find LOADS of them.

I hope this helps some to get started and have a better understanding of these technologies. More knowledge and experience can only be good.

Here is an image of some of the VM’s on one of my home machines in Virtual box.

clip_image004

As I noted if you are interested in OS X VMs you can go here and read the second half on using Virtual Box. Here are two walkthroughs from other tech sites worth checking out too.

http://thetechjournal.com/electronics/computer/steps-to-install-mac-os-x-snow-leopard-in-virtualbox-on-windows-7.xhtml

and here: http://www.sysprobs.com/mac-os-guest-virtualbox-326-snow-leopard-1064-windows-7-32-bit

Another serious Web Browser hole

Contexis Security has found a BIG problem with WebGL implementations on Windows, Mac and Linux have numerous vulnerabilities which allow malicious web pages to capture any window on the system or crash the computer, according to research from Context Information Security. They actually demonstrate how to steal user data through web browsers using this vulnerability!

The report comes right on the heels of Microsoft’s denunciation yesterday of the security architecture of WebGL and announcement that it wouldn’t be seen in Microsoft products any time soon see here .

Sheesh! IE 9 is proving to be WAY more secure that FireFox and even Chrome! But until I can get the Firefox Extensions I use (or comparable) in IE I’m still a FireFox guy.

So let’s fix that:
To Disabe WebGL in Firefox 4

1. Type about:config in Firefox address bar and continue on through past the warning dialog.

2. Type "webgl.disabled" (no quotes) into the Filter box then Double click Webgl.disabled entry and turn its value into “True”.

3. Restart Firefox browser, WebGL is now disabled in Firefox 4.

To disable WebGL in Google Chrome you will need to:

1. Rright-click your Google Chrome shortcut or from your Windows menu on your desktop, click ‘properties’ and add “-disable-webgl” to the Target Shortcut box

2. Restart Chrome

As always please keep your systems, Web Browses and their plug-ins, Anti-virus/Antispyware software, and applications (especially Adobe products!!) up to date and fully patched.

And try and be vigilant about security and always ‘on guard’.

Latest Mac Malware news 06-04-2011

The Mac Trojan/Malware ‘MacDefender’ now calls itself ‘Mac Shield’.

The malware keeps changing names and looks but still is relatively the same as before. However it is still infecting loads of machines and is, in my opinion very dangerous; it lures users into providing sensitive financial information to thieves.

Sophos for Mac will remove it. (free) Get it here.

So will Virus Barrier Express from the Apple App Store; here. also free.

Here is my previous article too.

More on backups and archiving

“UPDATE!”

After a few weeks of removing loads of nasties from Windows and Mac machines and recovering data from dead or corrupted drives from both types of systems because of malware/viruses and hardware failures, I thought I would republish this.

I must ask you – in this digital age what price will you put on your data?! You family pictures, you financial documents and communications – everything? I don’t ask this lightly. For only a couple of hundred dollars you can KNOW that you will be safe!

People PLEASE HAVE A SYSTEM BACKUP – COMPLETE AND TESTED!!

I have been asked again to explain in more detail with examples of how I personally backup/archive my data. My previous article is here and should be read first.


So here it is in a simple, I hope, form.

I have two external HDDs (actually many but for example this will work) I use Acronis as my primary imaging software. If you use OS X you can use Time Machine, Carbon Copy or Apple’s built in disk image utility. I covered these in the post above.

To create my images I use an external HDD mount, like this.  with drives something like this or this. You can mount the drives in your system if you like or use any other external type of drive. I just like the ease and economy of this set up. It also makes it easy to just take the drives, place them back in the protective bags they come in and put them( rotate) into a safe deposit box.

I create a full image of my system on external HD #1 on Jan 1st  – HD01_Jan_image01.tib
On Jan 2nd I create a full image of my system on external HD #2 – HD02_Jan_image01.tib

I now have two images on two separate drives.

At the end of week one for the month I create an incremental backup to external HD #1 – HD01_Jan_image01_02.tib (or whatever Acronis auto names it.)

At the end of week two for the month I create an incremental backup to external HD #2 – HD02_Jan_image01_02.tib

At the end of week three for the month I create an incremental backup to external HD #1 – HD01_Jan_image01_03.tib

On the 1st of the next month I create a new FULL image to HD #2 – HD02_Feb_image01.tib. Once that image is created I can then delete the previous months images ON THAT drive.

On the 2nd of the month I create a full image to HD #1 – HD01_Feb_image01.tib. Once that image is created I can then delete the previous months images ON THAT drive.

This assures me that if my system were to die AND one of my external drives failed I would lose no more that two weeks of data – usually just one week or less!

You should also copy or store one of the external drives in a fire safe or safe deposit box for true disaster recovery!

As with any good backup plan you should regularly test your backups! Either do a full restore (highly recommended) or at least validate and mount your images to insure they are fully readable.

If you wish to, or have to, for compliance issues (corporations) you can archive your monthly images to additional external drives. I do. I have images of machines that are long gone (some over ten years!) and I have been able to retrieve data I needed very easily and quickly. In fact I needed a Photoshop file recently that I was able to retrieve from one of my images of an old Mac G3!!

Archive3

I hope this helps. Please don’t be the person who loses important personal, family or business data because you couldn’t take a little time and effort to set up a backup and recovery plan. The costs and time are insignificant when compared to the cost of loss!

More OS X utilities

While this is an early Beta, I am very happy to see one of my favorite tools now available on OS X – CCleaner.

I have been using this for some time on ALL of my Windows machines. In fact I have it scripted for all my users – every time they login CCleaner is run. This helps keep any lurking nasty’s in temp folders from being able to be run – since they are removed.

This early Mac version does not of course have as many features as the Windows version yet but looks real promising. Have a try. I hope you find it useful.

You can get it here

You should also have (if you don’t already from my previous posts – Onyx

You can get that here

Security news – Gmail spear phishing attack

There are some very splashy news stories going around saying ‘Google was Hacked".. Oh no sky is falling.

Let’s be clear. GOOGLE WAS NOT HACKED!
What happened is that many ‘targeted users’ were ‘Phished’ – the users where ‘conned/tricked’ into giving up their security information and passwords. This is called ‘spear phishing’

Essentially Gmail’s login screen was mimicked, and people were tricked in ‘re-entering their information, and hundreds of Gmail accounts, including those of U.S. Officials were then compromised in this very targeted Phishing attack. You have to read a little bit into these articles to actually find the true nature of the supposed ‘attack’.

To be clear – Hacking is done by a very skilled person on whatever his target is, phishing is done by almost anyone to anyone dumb enough to let themselves be tricked!

Here is one headline

and another

Google’s blog page has more details here

The simple thing to take a way from this is to be ever cautious of where, when and how you enter in any information online – to ANYONE.
AND use strong passwords.

The way this attack was carried out can be seen in this analogy I used with someone.

Suppose you went to the bank ATM, put in your card and entered your PIN. You then carried out your transaction; looking up your balance and making a withdrawal. After you are finished you take your cash, receipt and card and prepare to walk away.

At that moment someone comes around the corner wearing a shirt with the bank name – looking ‘all official’ and asks to look at your card because the bank is ‘tightening up security for it’s special clients.

You hand it to him. He then asks for your PIN; you know just to make sure you are who you say you are. He writes down your name, card and PIN number and hands back your card and says, "thanks, we just have to be extra cautious nowdays…"

In this scenario you just handed that person everything they need to know about how to royally screw you.

This is the same thing that happens with these ‘phishing’ and other types of ‘social engineering’ cons and scams.

People – please use extrodinary caution when dealing with personal information.

Google has an awesome security protocol called ‘Two Step Authentication’ and it is well worth the extra time and effort to set up.

You can learn about Two step authentication in this video:

[Remember about Application Specific passwords if you use Gmail on your Smartphone or desktop (Outlook, Thunderbird etc.)]