Thanks (at last) for the list Hack. To me it begins to seem like it takes a professional to run a PPC these days... I don't know. I've been having second and third thoughts...Lud DiLettante, Here's a quick list to get you started:
Things just seem to get worse when I try to improve them. Maybe I had forgotten too many important tweaks after all the reinstalls. And after the last one I tested TFF without knowing yet about the security addons etc.
Maybe I should just reinstall yet again (going crazy) to do everything exactly as in the list. However I'll describe the current problems so that, if I can't I fix them, I could rule the mistakes out at least if I'm going to reinstall...
Neither the hosts list nor Glimmerblocker seem to do their job anymore (I know you didn't recommend them though). For instance the Googleads.g.doubleclick.net banners came back again. As such they are just annoying but their persistence makes me wonder what's wrong. Now I'm not sure if hosts lists are supposed to block them, I mean they're not sites, just ads that link to those sites, right..? But still, I added a couple of sites to the hosts list, flushed DNS cache and still I could enter those sites. Yeah, obviously I didn't want to try the actual listed sites... (but I've added sites before and they were always blocked successfully.)
So, could the hosts list now clash with Glimmerblocker somehow? In any case, Glimmerblocker's obviously not blocking the ads either. I had a look at the GB settings/ filters/ ad-networks/ rules. Found Googleads there. It's listed as "(2) Whitelist"(!?). The comments section says "Allow click-through" (Since this is "doubleclick" maybe this means only the advertised page will open, not the Googleads/Doubleclick popup or whatever..? That'd be fine I guess.) Then there's a checkbox and when I hover the cursor it says "Using authors default, which is to enable the rule". There are many other whitelisted hosts, and some with the action given as "request".
The hosts lists and Glimmerblocker were something I used successfully in the past. I realize I could top the hosts list with firewall rulesets, but haven't got there yet. And I thought GB was something like a Safari-default alternative to Adblock, and I haven't tried the latter yet.
Also, I noticed most sites on Webkit are now showing as HTTPS so I guess the HTTPS-Everywhere is indeed *everywhere*- including Webkit..!? Could that somehow mess with hosts files or GB then..? (Sorry for all the dumb questions, just skip the unimportant ones.)
Do I have to blame everything on myself for using Webkit instead of TFF? (Although I still feel like the only mistake I made was testing TFF without sufficient security measures.)
You did say:
But to me it appears to contradict with this at http://tenfourfox.blogspot.fi/2014/02/ssafari-ssl-ssucks.html: "even for 10.5, if you depend on your Power Mac for banking or paying bills I would look at something with a more robust secure network implementation for those tasks."For banking and shopping either WebKit or TFF should be fine. Provided your banking and shopping on sites using encryption (https)
So am I missing something here, too..?
Another persistent bug is the ghost of Logitech at Login Items. The Logitech Control Center was for my old keyboard and I had got rid of it at earlier reinstalls. Now however it shows up at Login Items (luckily only there) every day even though I always remove it... I may have mistakenly brought back the cache after the last reinstall but thought if I remove something from Login it should stay away... I doubt the LCC actually exists anymore (I've checked) but it's still annoying. My old hard drive is connected but nothing from there should be able to copy by itself to my boot drive, right..? (Boy, in case I was always wrong about this....)
There are some security things you didn't mention that I've been wondering about.
One thing I've never had, that I've now been planning to set up, is a separate admin account. I realize this is easy and pretty obvious, and that there are probably no cons to it, so I might do it any minute.....
Then there are the things I had forgotten about, such as disabling IPV6 and replacing the Flash plugin. The latest one is Open DNS, another thing I had in the past but forgot about... Now I have added those addresses at DNS.
The fact is I have next to no idea what kind of risks, or how high at that, correspond to particular security gaps. I've just followed any advice given regarding PPC/Leopard etc, without necessarily knowing what I'm doing or how it relates to anything else. But one thing I might rule out at this point is the hardware dimension, as burglars or others accessing my computer physically is not something I worry about. Netwise however, if I try to think in terms of whatever risks I remember reading about and what might scare me personally, I could list theft and destruction. Theft of money, or some other way of making me lose money - I guess those would be mainly https-related things, then. And theft of content, such as my "intellectual property", which may not be worth much but it's about the only property I have. Which also leads me to the destruction part. In this department my own luddite brain is probably my biggest threat... I'm fairly sure I've lost some files/versions during the years due to my scattered brain, either directly or by technical problems resulting from it. (A digression: I might well have some of those files somewhere on my various backup capsules but how to sift those out without even knowing what they might be..... I suppose this is a common problem but I remember reading it's one of the few things where a Mac is actually worse than Windows, in that you just can't scan a disk/folder against another for duplicate content to sift out the unique files, unless you compare all the files yourself... Yes, this is another topic, but tips/links always welcome)
Things that do not scare me as such: Ads (I don't click on them), getting spied (unless it's in order to steal something etc), even botnets as long as i'm not personally compromised. (Of course I'd prefer not to support crime even unwittingly.) And I've no kids to protect. Except the inner one...
I've come to realize how tricky subjects security and privacy are to discuss - yes, because of security and privacy! Must be an old joke. But I guess I might as well reveal the kind of things I do that I assume to pose risks. I'll start by leaping over the abyss here and confessing: I visit s*x sites. And no, that didn't mean "6". (Of course, only ever visiting 6 sites might be a good idea security-wise.) I only do that in private mode and I don't download stuff (although I watch clips and save links and pics). Other things: I download music from file sharing sites, via specialist blogs. And I use free stream sites, mainly Musicmp3.ru. Tell me if I should remove the name/link... (Hey, it's legal in Ru.) That's all I can think of.
Other things I don't do: I don't torrent anything. I don't look for knowingly illegal content of any kind, nor am I drawn to it.
That said, neither am I trying to find out about the legal status of everything I do/use.
Then, some comments/questions concerning the list specifically:
Installing
Done......... but not again after the list.......... What would be the kind of situations when erasing everything is recommended for security? And what should I *not* copy back from the old disk/backup? (Besides the Dropbox & Itunes folders, and some apps, there are things in the home folder library that I tend to copy, like certain archives, and various setting caches etc so I wouldn't need to remember everything or have to do a sh*t load of settings all over again, but I realize I'm not an expert on what's what there... However I'm careful to avoid copying any files that seem useless or dubious to me.)Install Leopard
Install all updates from Apple
Firewall
So I got my firewall on "Allow only essential services". Does this mean the firewall is on?
Seems like laptop-specific stuff, but my Ibook died and I only got my home G5.
So I'm supposed to paste all these on the terminal? And that's it..?
Trying to figure that out I discovered an entire book dedicated to Leopard security... https://books.google.fi/books?id=4b...&redir_esc=y#v=onepage&q=ipfw ruleset&f=false
No, I sure ain't gonna read it. ;D Rather, to me the mere existence of the book is illustrative of the quandary I'm in... considering the post-PPC situation tops the cake.
Browsers
All of these done successfully.
I'm not finding an Ublock for Safari/Webkit...Install WebKit
Install these extensions in Safari / Webkit: ClickToPlugin, AdBlock, uBlock
???
You expect me to read all those? ;D I guess I can at least check thru the NSA one but the CIS seems a bit much, is there something crucial that wasn't covered elsewhere by now..?
I clicked on those Unix files, dunno if that did it nor how to read the test...
No idea what curl is so maybe I'm not using it...
PS. Just in case it should be helpful to anybody in any way, I'll paste some of the saved links that my shaky security education has been built on during recent years...
10 Simple Tips for Boosting The Security Of Your Mac - Securelist
Apple canceling security updates for PowerPC Macs - CNET
Viruses, Trojans, Malware - and other aspects of Internet Security: Apple Support Communities
Botnet Zombie Apocalypse: How to Protect Your Computer - TopTenREVIEWS