Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Lud DiLettante

macrumors regular
Original poster
Dec 17, 2015
149
27
Finland
Lud DiLettante, Here's a quick list to get you started:
Thanks (at last) for the list Hack. To me it begins to seem like it takes a professional to run a PPC these days... I don't know. I've been having second and third thoughts...
Things just seem to get worse when I try to improve them. Maybe I had forgotten too many important tweaks after all the reinstalls. And after the last one I tested TFF without knowing yet about the security addons etc.
Maybe I should just reinstall yet again (going crazy) to do everything exactly as in the list. However I'll describe the current problems so that, if I can't I fix them, I could rule the mistakes out at least if I'm going to reinstall...

Neither the hosts list nor Glimmerblocker seem to do their job anymore (I know you didn't recommend them though). For instance the Googleads.g.doubleclick.net banners came back again. As such they are just annoying but their persistence makes me wonder what's wrong. Now I'm not sure if hosts lists are supposed to block them, I mean they're not sites, just ads that link to those sites, right..? But still, I added a couple of sites to the hosts list, flushed DNS cache and still I could enter those sites. Yeah, obviously I didn't want to try the actual listed sites... (but I've added sites before and they were always blocked successfully.)
So, could the hosts list now clash with Glimmerblocker somehow? In any case, Glimmerblocker's obviously not blocking the ads either. I had a look at the GB settings/ filters/ ad-networks/ rules. Found Googleads there. It's listed as "(2) Whitelist"(!?). The comments section says "Allow click-through" (Since this is "doubleclick" maybe this means only the advertised page will open, not the Googleads/Doubleclick popup or whatever..? That'd be fine I guess.) Then there's a checkbox and when I hover the cursor it says "Using authors default, which is to enable the rule". There are many other whitelisted hosts, and some with the action given as "request".
The hosts lists and Glimmerblocker were something I used successfully in the past. I realize I could top the hosts list with firewall rulesets, but haven't got there yet. And I thought GB was something like a Safari-default alternative to Adblock, and I haven't tried the latter yet.
Also, I noticed most sites on Webkit are now showing as HTTPS so I guess the HTTPS-Everywhere is indeed *everywhere*- including Webkit..!? Could that somehow mess with hosts files or GB then..? (Sorry for all the dumb questions, just skip the unimportant ones.)
Do I have to blame everything on myself for using Webkit instead of TFF? (Although I still feel like the only mistake I made was testing TFF without sufficient security measures.)
You did say:
For banking and shopping either WebKit or TFF should be fine. Provided your banking and shopping on sites using encryption (https)
But to me it appears to contradict with this at http://tenfourfox.blogspot.fi/2014/02/ssafari-ssl-ssucks.html: "even for 10.5, if you depend on your Power Mac for banking or paying bills I would look at something with a more robust secure network implementation for those tasks."
So am I missing something here, too..?

Another persistent bug is the ghost of Logitech at Login Items. The Logitech Control Center was for my old keyboard and I had got rid of it at earlier reinstalls. Now however it shows up at Login Items (luckily only there) every day even though I always remove it... I may have mistakenly brought back the cache after the last reinstall but thought if I remove something from Login it should stay away... I doubt the LCC actually exists anymore (I've checked) but it's still annoying. My old hard drive is connected but nothing from there should be able to copy by itself to my boot drive, right..? (Boy, in case I was always wrong about this....)

There are some security things you didn't mention that I've been wondering about.
One thing I've never had, that I've now been planning to set up, is a separate admin account. I realize this is easy and pretty obvious, and that there are probably no cons to it, so I might do it any minute.....
Then there are the things I had forgotten about, such as disabling IPV6 and replacing the Flash plugin. The latest one is Open DNS, another thing I had in the past but forgot about... Now I have added those addresses at DNS.

The fact is I have next to no idea what kind of risks, or how high at that, correspond to particular security gaps. I've just followed any advice given regarding PPC/Leopard etc, without necessarily knowing what I'm doing or how it relates to anything else. But one thing I might rule out at this point is the hardware dimension, as burglars or others accessing my computer physically is not something I worry about. Netwise however, if I try to think in terms of whatever risks I remember reading about and what might scare me personally, I could list theft and destruction. Theft of money, or some other way of making me lose money - I guess those would be mainly https-related things, then. And theft of content, such as my "intellectual property", which may not be worth much but it's about the only property I have. Which also leads me to the destruction part. In this department my own luddite brain is probably my biggest threat... I'm fairly sure I've lost some files/versions during the years due to my scattered brain, either directly or by technical problems resulting from it. (A digression: I might well have some of those files somewhere on my various backup capsules but how to sift those out without even knowing what they might be..... I suppose this is a common problem but I remember reading it's one of the few things where a Mac is actually worse than Windows, in that you just can't scan a disk/folder against another for duplicate content to sift out the unique files, unless you compare all the files yourself... Yes, this is another topic, but tips/links always welcome)
Things that do not scare me as such: Ads (I don't click on them), getting spied (unless it's in order to steal something etc), even botnets as long as i'm not personally compromised. (Of course I'd prefer not to support crime even unwittingly.) And I've no kids to protect. Except the inner one...
I've come to realize how tricky subjects security and privacy are to discuss - yes, because of security and privacy! Must be an old joke. But I guess I might as well reveal the kind of things I do that I assume to pose risks. I'll start by leaping over the abyss here and confessing: I visit s*x sites. And no, that didn't mean "6". (Of course, only ever visiting 6 sites might be a good idea security-wise.) I only do that in private mode and I don't download stuff (although I watch clips and save links and pics). Other things: I download music from file sharing sites, via specialist blogs. And I use free stream sites, mainly Musicmp3.ru. Tell me if I should remove the name/link... (Hey, it's legal in Ru.) That's all I can think of.
Other things I don't do: I don't torrent anything. I don't look for knowingly illegal content of any kind, nor am I drawn to it.
That said, neither am I trying to find out about the legal status of everything I do/use.

Then, some comments/questions concerning the list specifically:

Installing
Install Leopard
Install all updates from Apple
Done......... but not again after the list.......... What would be the kind of situations when erasing everything is recommended for security? And what should I *not* copy back from the old disk/backup? (Besides the Dropbox & Itunes folders, and some apps, there are things in the home folder library that I tend to copy, like certain archives, and various setting caches etc so I wouldn't need to remember everything or have to do a sh*t load of settings all over again, but I realize I'm not an expert on what's what there... However I'm careful to avoid copying any files that seem useless or dubious to me.)

Firewall
So I got my firewall on "Allow only essential services". Does this mean the firewall is on?
Seems like laptop-specific stuff, but my Ibook died and I only got my home G5.
So I'm supposed to paste all these on the terminal? And that's it..?
Trying to figure that out I discovered an entire book dedicated to Leopard security... https://books.google.fi/books?id=4b...&redir_esc=y#v=onepage&q=ipfw ruleset&f=false
No, I sure ain't gonna read it. ;D Rather, to me the mere existence of the book is illustrative of the quandary I'm in... considering the post-PPC situation tops the cake.

Browsers
All of these done successfully.
Install WebKit
Install these extensions in Safari / Webkit: ClickToPlugin, AdBlock, uBlock
I'm not finding an Ublock for Safari/Webkit...

???
You expect me to read all those? ;D I guess I can at least check thru the NSA one but the CIS seems a bit much, is there something crucial that wasn't covered elsewhere by now..?
I clicked on those Unix files, dunno if that did it nor how to read the test...
No idea what curl is so maybe I'm not using it...

PS. Just in case it should be helpful to anybody in any way, I'll paste some of the saved links that my shaky security education has been built on during recent years...
10 Simple Tips for Boosting The Security Of Your Mac - Securelist
Apple canceling security updates for PowerPC Macs - CNET
Viruses, Trojans, Malware - and other aspects of Internet Security: Apple Support Communities
Botnet Zombie Apocalypse: How to Protect Your Computer - TopTenREVIEWS
 

Hack5190

macrumors 6502a
Oct 21, 2015
531
311
(UTC-05:00) Cuba
That is a very impressive response! Let's address 1 thing at a time ;)

1) I don't use Glimmerblocker but the following steps will allow you to confirm editing of the host file is working
  • Open terminal and enter ping theswedishnumber.com it should return 141.255.190.22
  • Next edit /etc/hosts by adding 127.0.0.1 theswedishnumber.com and saving the file
  • Finally with terminal enter ping theswedishnumber.com again and it should return PING theswedishnumber.com (127.0.0.1)
  • If all that works then you have confirmed that your system is using the host file and that you know how to edit it :D
2) The HTTPS-Everywhere add on simply redirects URL's you enter (or links clicked on) to https if the link is http and the site is known to support https. There is a lookup that happens in the background, no real magic going on there....

3) Re: using the PowerPC "for banking or paying bills", I won't argue that newer OS versions should be more secure. Like investing in the stock market each person needs to decide what fits their personal tolerance for risk. Personally I have multi-factor (also called two-factor) turned on for virtually everything - including access to this forum and do use El Capitan for banking - but thats because I'm paranoid (or so my co-workers say).

4) All my Mac's (PowerPC & Intel) have second accounts - those accounts are 'unmolested' and intended for backup access and testing. You might consider reseting the (default) 15 min timeout between root password prompts in terminal. To do that
  • type sudo visudo and add the following as a newline in the configuration file
  • Defaults timestamp_timeout=0
  • This will set the timeout to 0, requiring a password be entered every time
5) Turning on "Allow only essential services" does activate a incoming firewall. It does not provide any protection (blocking) of outbound traffic, thats where a program like LittleSnitch is useful. Configuring an outbound firewall to (by default) block all traffic except known traffic to known sites is a very effective way to help secure your system.

6) If your not using PF firewall there is no need to follow my Anti-Malware firewall rules post. Those rules and my conversion scripts are intended for use by the PF firewall.

6.1) re: Curl - if you don't know what Curl is or your NOT using the anti-malware firewall rules (above) - don't worry about updating Curl.

7) The hardening guides require some knowledge to understand and follow. Unfortunately there is no 'one size fits all' solution or approach to locking down a system. Security is complicated and that's why some people can make their living (white hats, black hats) at it.

If your visiting .ru and s?x sites I would strongly recommend you consider setting up an outbound firewall and Anti-Malware rules.
 
Last edited:
  • Like
Reactions: Lud DiLettante

Lud DiLettante

macrumors regular
Original poster
Dec 17, 2015
149
27
Finland
That is a very impressive response!
Or imposing... iMpose ;D
Yeah things built up for a while... I'll try to avoid that now even though there are lots of things for me yet to consider. There are too many things in my life going on to let me dedicate hours of continuous time on getting all these security "tweaks" done. But this time I started with getting Little Snitch. And yeah now of course I'm getting paranoid with seeing all kinds of things going on and I've no idea what the heck they are... :D I just disabled most. Also there are some problems running Snitch together with GlimmerBlocker... (https://glimmerblocker.org/wiki/LittleSnitch) but I'll figure things out and anyway I may eventually replace GB with Adblock. I guess admin account and Anti-Malware rules will be the next things I'm trying to get done. Then all the other things... I suppose I'll be reporting on my (most likely slow) progress here. Not to mention asking more questions..... (my head is already full of them o_O)
 

NathanJHill

macrumors regular
Oct 29, 2014
125
91
While I have done most of the security hardening tips, don't let yourself get overly stressed:

For example, the bash fixes are good to do when you have the time, but the risk is likely minimal unless your machine is open to the internet. Like - are you logging into your machine remotely via ssh or some other means? Or is your Power Mac serving as a web server running scripts? An attacker would need that kind of entry point to make use of it. (See more here if you have not read it yet: http://tenfourfox.blogspot.com/2014/09/bashing-bash-updated-powerpc-os-x-bash.html)

I think the simplest and most effective way to be secure on our PowerPC Macs is to use TenFourFox from the get go, which does not rely on the outdated security underpinnings of Leopard (while Leopard Webkit does). Firewalls are another solid step. Hack detailed a really excellent list. Just understand, you can take your time as you do these, unless you are literally using your Mac as a server.

BTW, Hack, do you mind if I link to your excellent list from G5Center.net? I think it will be incredibly helpful info to share.
 
  • Like
Reactions: Lud DiLettante

sawpits

macrumors regular
Feb 28, 2014
174
71
However there are times when flash is needed and that's where WebKit with my hacked version of Flash comes into play. Like TFF a select group of add ons are installed to enhance security.

Where can I find the latest hacked version of Flash. Low End Mac has a broken link to 16. Thanks.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.