Although the iPhone was roundly hooted at when Apple introduced its first enterprise features — such as the ability to handle Microsoft Exchange mail on the iPhone’s Mail client — the phones have become a staple of business users around the world. IT managers have learned they can’t keep iPhones out of company networks, so they’re resigned to admitting them and are now employing them as IT tools.

Absolute Manage has a single feature that can sell it to any company using Apple’s mobile products. An administrator can wipe a computer or phone’s data off the device if it’s been stolen or lost. iOS 4 devices (which could be any 4G or 3GS phone) can also be locked with a remote command in an emergency, or have their passcode cleared for data protection.

These iOS 4 devices can also be used, with the Absolute Manage software, by IT managers to

• Manage user profiles
• Manage provisioning profiles
• Inventory installed third-party applications (custom developed, or from the AppStore)
• Gather device lifecycle management information from the devices

“We are extending our long-standing focus on lifecycle management for Apple products to include robust management for iPhone,” said the company’s CEO John Livingston. “With our forthcoming solution, IT will be able to address brand-new challenges such as managing in-house applications and managing iOS device configuration.”

The Absolute product suite goes beyond the management of Apple’s desktop and mobile products; companies can also use the software to manage PC Windows devices. Absolute said the iOS 4 support is scheduled to arrive in Q3 of 2010.

If only the new iPad could be so lucky to be so well protected. We’ve been using the tablet since its release, but nary an update is to be downloaded to advance the device’s security.

The 10.6.4 version of Snow Leopard, which is a 17-minute download on a middle-fast DSL line, introduces new protection to prevent back door attacks on Macs through the iPhoto software that ships with every system. A new feature called XProtect gets an update that keeps hackers from installing malware by fooling users into thinking iPhoto is at work, when damage is being done.

An update of a Mac’s operating system for security reasons — that’s a good idea. But Apple doesn’t have a practice of identifying security holes they patch with a new release. And sometimes a new OS version will make software stop running on a Mac. This is why backups are a vital complement to any security updating.Apple has brought out four updates to the Snow Leopard version of its OS now, updates that cover just a nine-month period. Not every one had a security benefit. But the state of security is so tenuous now that your Adobe PDF software, browser, and OS should be considered at risk if you haven’t seen an update in 90 days.

Browsers and Adobe software are the chief targets for hackers, since they cover so many more victims than just Apple’s products. More than 360 million people are using Firefox as a browser, for example, on both PCs and Macs. Adobe’s Flash and Acrobat readers run on hundreds of millions of systems. Adobe just introduced a 9.3.3 version of Acrobat to improve security.

As diligent as Apple and Adobe might be (some say Apple’s sluggish at best about security plugs), the vendors can’t do a thing to help secure your business if you don’t install updates. The rule of thumb was once “don’t install if you don’t need” an update. But security issues are much more serious by now. You can balance the time spent downloading and upgrading, the checks of your applications afterward, against the dangers of running an unprotected system.

About 30 minutes of downloading and watching mysterious messages — things like “optimizing” or “unpacking packages” or “moving items into place” or “registering components” — plus a reboot, and my iMac was running 10.6.4. I did the usual first step after an upgrade — started all the apps that matter to my workplace.

The Apple apps don’t need checking — Apple’s done that in its own labs. But the likes of Adobe CS apps, QuickBooks 2010, Microsoft Office apps and even reliables like Eudora, an antique mail program. 10.6.4 updates Apple’s Mail, as it turns out — so my add on Mail Tags software needs to be updated.

Picking a browser is like choosing a home repair store. You develop a habit of using one and stop thinking about the alternatives. Chrome is definitely a faster browser than Firefox in our use, delivering a payoff in the “time is money” formula. If you browse a lot, Chrome could be an upgrade. (Safari’s performance is much closer to Chrome’s)

But Chrome’s got some steps to catch up in other areas. In the Mac version we downloaded this week, some Web sites aren’t working completely. Our TypePad account editor (where we publish the 3000 NewsWire blog) won’t let us resize graphics for posts in Chrome. The editing features at the Constant Contact email site also won’t perform with Chrome for the Mac, either.

This puts Chrome in a category with the iPad: very fast and slick for consumption of information. Not so good for creating messages and more. As for the death of Firefox, that obituary shouldn’t be written yet. 350 million users won’t expire overnight.

The Firefox obit is based on the browser’s development resources, according to Infoworld’s writers. Firefox has said it will be releasing fewer interim security fixes in the future. Infoworld predicts that Chrome users will see more fix releases since it’s more open.

Security is important, even crucial to some kinds of business. And attacks through your browser are becoming commonplace now. But Chrome has no more defenses for scripting attacks than Firefox today. These are the hardest to engineer against. I wouldn’t hold the Firefox security against it at the moment.

Incredible Start Page

Chrome’s got a wide array of extensions available. One of the more interesting is the Incredible Start Page, billed as “A new, customizable start page for Chrome. Easily find your favorite bookmarks and closed tabs. Take notes as you browse.” This is the sort of customization that Firefox won’t have, it appears. Whether you find everything that you’re already using in Firefox, or your extensions for Safari, remains as an exercise. We’ve gotten the Xmarks bookmark synchronizer installed on Chrome — a good first step in making a browser transition.

Halfway into a million-file scan, it's another two-plus hours to a clean bill of health

You want your Mac security tools to behave like Columbo, or Inspector Plodder from the play Sleuth. Not the fastest of detectives, but one that will not miss a detail. So it goes with the newest VirusBarrier X6 anti-virus and firewall product from Intego. You can set it and go, but you might as well go far away at first. Its initial inspections will take awhile.

On our 2.83 GHz iMac with 4GB of memory, that was more than four hours to do a full scan of our 150 GB of occupied hard disk. Full scan is a choice that the VirusBarrier setup prods you toward once you complete the easy install. Too bad that it’s so easy to send the tool into such thorough paces. VB X6 skips over the “check my malware file for updates” stop, so you notice that your file is “35 days out of date” amid a lengthy scan. We’d lead a user into NetUpdate, the VB checker for updated files, before starting a scan. This is also an “install and force a restart” program, not among our favorites.

A complete scan can be a once-in-a-great-while event, however. VB X6 has got one-0ff scan options for fresh files, or scan the folder, or whatever you want to drag onto nifty interface. The inspector is thorough enough to try to catch malicious scripts, the latest ploy in penetrating you Mac’s defenses. We were glad to see attention paid to a very long list of intrusion techniques like this. Drive-by attacks come out of scripts. You have to hope the malware file gets freshened up plenty to believe VB gets the job done. There’s good reason to believe it’s about 30 days or so between updates.

That’s because we’ve used the Intego products here since their V4 releases and watched NetUpdate finding fresh files at Intego HQ. VB X6 is one of those anti-virus products that arrives with 12 months of update subscriptions and collects a fresh $29.95 for the year that follows your first. By the time you’ve owned VB X6 for three years, you’ve bought the product twice. Of course, by 2013 there will be an X7, and you’ll have that year’s malware files included, if you buy it. (To recap: about $40 a year in cost of ownership, counting the updates, for Intego’s two-computer license.)

The genuine novelty of VirusBarrier comes from its extended controls over the Mac’s firewall. This was once called NetBarrier, just months ago, but now it’s included in the VB X6 package and called Network Protection. Intego used to charge $49.95 for NetBarrier all by itself. We know, because we bought it in December. By February Network Protection was included. While the upgrade to the X6 remains free until April for users who purchased late last year, if we’d waited two more months it would have been free and included.

We were not amused to learn that our X5 products that we’d bought in December got auto-updated to X6 during the install. If X6 had been a bust, we’d be reloading the older versions from a backup. How much nicer to leave an installed program alone and just load up a newer version.

The challenge in making firewall extenders like VB’s useful: You need to know your usual suspects when it comes to invasions of your Mac’s network. Intego does a much better job of explaining who to question than in previous releases in its online documentation. (Um, there are no docs if you can’t get online, like when you suspect an intrusion and want to pull your Web plug while you try to brace up your doors to the outside world.) The logs fill up with messages if want to watch over Inspector Plodder’s shoulder and suggest a new line of questioning. Deciphering them is beyond the average user’s ken, but we’ve got security whiz Steve Hardwick to do our decoding. You may not be so lucky.

This simple animation of your firewall's settings are the most likely view that business users will take of VB's Network Protection

Of course, these worrisome cases of attack are the best reason to invest in a thorough and plodding tool for protection. A MacScan study of our full system was complete in less than half the time, so we’re puzzled about whether VB X6 is more thorough or just eager to look at every single file. It was a puzzle how to tell VB not to examine those packed up download files the Mac expands to install software, or skip the acres of system preferences and files that only Apple installs on your system. You can shorten the time VB spends with all of these, but not eliminate them.

That’s symptomatic of the program’s downside — the need to tinker with its settings to tune up security. You can accept the defaults to get going, and tell VB to do a complete scan regular-like via a calendar. But you’d want to do this overnights. A good alternative is to rely on the “Real-Time Scan” feature, since it chews on about 10 percent of your Mac’s power all the time anyway. Anti-virus tools become a bog sometimes, the tar pit that your Mac tries to climb above while it stays safe — something like body armor you can’t sprint in while you wear it around.

The Web has become a combat zone, a place where a business can see hours killed off after a virus infection or a network home invasion. Nothing’s perfect, but it looks like if you want a beefy utility belt of security tools, and have the patience, budget and know-how to use them, VirusBarrier X6 will track down files with a criminal intent, and bar the door to unwelcome users.

The Mac enjoys an easier time in security because Apple’s product is a less juicy target. Malware and viruses are designed to make money for criminals, and the number of PCs out there running bareback is 10 times the number of Macs. Security by obscurity only works until it doesn’t. It’s just a matter of time, sad to say, before the criminals fan out and try to rob your system of power or privacy or both.

Anti-virus software (AV) is not just the paranoid geek’s tool anymore. The last virus we detected came off a Web page, and we last had data corrupted in 1997. But things have changed since Apple moved to Unix underneath it’s OS. Oh, and there’s that thing called the Internet, plus the Flash videos you may use to gather research (like from the Wall Street Journal’s site, now that they’re owned by Fox.) Flash, and Adobe’s Acrobat PDF files, are a big target for malware today.

You have more than one choice for a commercial AV tool for your systems (that wasn’t the case in ’97). What you buy probably should provide both firewall and virus protection. Two leading companies offer very different value propositions in their AV software. MacScan commits to a fixed price, while another supplier uses a subscription fee+purchase price model.

Today we look at MacScan, software built by a company that started tracking viruses in 2002 on the Mac. For five years MacScan didn’t even sell software; it simply created the definition files and patrolled the Web for criminal weapons. Since ’07 they’ve sold MacScan, which despite claims from its competitor Intego, still looks like a worthy value for AV.

Intego, whose products we’ve run at Bites HQ for more than three years, now sells a $49.95 X6 edition of VirusBarrier that protects two Macs. The MacScan 2.7 software protects three systems for the same price. (There’s also a 1-Mac license for MacScan for $29.95; Intego sells only its 2-Mac license.) Figuring the relative value requires you to consider the protection scope of such products. MacScan’s product manager told us at Macworld that the company ships along regular updates of the virus profiles, at no extra charge.

MacScan makes a significant point of examining Web cookies, a source of malware targets, in its regular process. A half-full iMac in our offices took more than an hour to probe with MacScan, but the AV software found nine tracking cookies in the first minute. And no viruses or other spyware. We got an option to disable these ad cookies after MacScan caught them.

A tracking cookie is not something you allow easily into your Mac. While you might not want to erase all of them, these are used by advertisers on Web sites to track your Internet use: where you browse, how you jump from links, even the information you enter into forms online. A fine article on the World Privacy Forum’s Web site explains that “allowing the tracking types of cookies to follow you around as you surf the Web is a lot like building a see-through house to live in, click by click.”

MacScan doesn’t reach any deeper into the malware world, though. It’s good at finding troublesome files on the system, but it won’t do a thing to block access to your computer. Apple’s firewall is the default for the MacScan user. While that’s better security than none, it might not be enough to keep prying spooks from hijacking your bandwidth.

Doing one thing well, and affordably, is noble and true to the Macintosh Way. We like to see more of what back doors might be open on our Macs, however. The extra features of firewall improvement are included with the new VirusBarrierX6. But they’re not easy to use, or so valuable that Intego could keep selling this super firewall that it once called NetBarrier as a standalone product. That’s for Monday, though.

Excel poses for its close-up at Macworld

Microsoft has released the 11.5.7 update to its Office suite, aimed at the users of Office 2004. You should download this update to protect your Mac from being hacked by compromised Word, Excel or PowerPoint files. Even the Mac has security flaws, but more common are the hacker entry points through things like Office or Adobe’s Flash. (If you aren’t up to date on the Microsoft security releases, 11.5.7 won’t load up. You can check your status in the Updater Logs folder inside your Microsoft Office 2004 folder. Microsoft also has prior updates available for download, to catch you up.)

Microsoft was one of the few big-name vendors at this year’s Macworld Expo, but it didn’t have new software to roll out this month in conjunction with its show appearance. The Redmond Giant was talking up the forthcoming release of Microsoft Outlook for the Mac. (Talking only, since no demos were presented at the Microsoft booth.) Outlook will be a replacement for Entourage, which still has advocates within the Mac expert community. One advantage of Entourage, noted in a Macworld panel, is its smooth interface with Microsoft Exchange servers, operated at countless companies who handle their own e-mail. Outlook will be inside the Office 2011 suite, and it’s not yet clear if it will be sold standalone. Entourage never was.

Those differences between Entourage and Outlook might have protected the Mac from some Microsoft-based exploits, however. Outlook has such a weak security reputation that it’s called Lookout by the PC community — at least those who’ve been infected by a mail message that wormed its way into the Windows environment on office PCs. Microsoft has closed these holes repeatedly on the PCs, but the tight link between Explorer and Windows remains a point of attack. No such link exists on the Macs.

It appears that Apple isn’t the only vendor who’s chosen an ill-advised name for a recent product though. (iPad will need some extra oomph to sell.) Microsoft will call its new generation of mail program Outlook, “which you’d think was one of the more bankrupt names” in the computer world, according to one panelist on the e-mail client showdown session at Macworld 2010. It’s important to Mac-PC offices that the two products exchange messages easily, to enable switchers as well as interoffice mail using the .PST message format.

Meantime, be careful where you browse in the course of your business. Steve got attacked while shopping for business travel at Expedia. You should always look extra closely at any dialog box on the Mac that advises you to update for security reasons. Apple’s software will never use this language, just advise you an available software update.

By Steve Hardwick, CCISP

Should you be worried about a Web drive-by attack? First off, what is it?

Most Internet users are not familiar with the concept of a Web drive-by attack. The one I recently encountered was scary because of its simplicity and how it preys on security fears. It also underlines how easy it is to create attacks that are targeted to specific operating systems. Mine took place in Windows, but it would be easy enough to target the Mac OS, too.

To be able to infect a computer in a drive-by, the hacker has to trick the end user into loading a piece of malicious code. In the past this was done using e-mail attachments and other applications that were used for file transfer. However there is a growing threat where your Web browser (Firefox, Safari) is used to trick you into downloading and running the virus code. Here is a walkthrough on what I recently encountered as it gives a good understanding of this type of attack. (For anyone who wants a much more in-depth explanation, Virus List is great site to visit.)

I was going to various sites, trusted sites that I have used in the past without any problems. As I arrived at Expedia.com, one of my favorite travel sites to look at air fares, the following screen popped up. When I saw it, my first thought was that I had a virus on my system.

The screen displayed on top of the browser looked identical to Microsoft Forefront Client Security interface, which is the antivirus software (A/V) installed on my PC. Even the progress bars moved on the display and the virus list was populated. To all intents and purposes it looked and felt like I had a bad case of several viruses on my system. After the virus list had been completed I got the two more screens.

Fortunately I am well-versed in security products. As soon as I was asked to run a program outside of my A/V application the alarm bells started to ring. I also noticed that the file had been downloaded to my PC from a Web site I did not recognize. This is not usual behavior for an anti-virus program. So I decided to hit cancel. When I tried to close any screen I saw the screen above.

Now I was definitely concerned.

I took a quick look at my process monitor and I saw there were three browser windows open. Each one of the these two new “Windows” screens was a Web page. Plus the warning message was also a Web page. This told me that that my antivirus was not sending these messages. They were specially-constructed Web pages. I looked at the “Forefront” page and got the source URL The I took a quick visit to www.samspade.org and found out that this was a site out in France and not a site that I knew to be good. So I now knew it had nothing to do with the travel site I had gone to, or Microsoft Forefront. To stop this whole chain of events I had to shut down the browser application using my process monitor. (On the Mac, you’d do a Force Quit from the Apple menu, and you should.)

So how did this happen? Some technical details follow.

First the hacker constructed a simple set of Web pages to emulate ForeFront and trick the user into downloading a virus program. The virus progam was automatically downloaded as soon as the “Forefront” page came up. Once the user clicks OK to run the bogus “clean up” file the virus is installed and the hacker is in business.

The next thing is to load the Web pages and the virus on a Web site. In this case it was n6-scanner.com. It would take some skill to bypass the Web site security and load it, but on the whole this can be relatively easy to do. Web sites can be a very fertile ground for unpatched operating systems. (Ed. note: A very good reason to update the Mac OS with Security Updates — if only Apple would supply them sooner.) The hacker’s last step, the hard part, is to get you to go to a second Web site to load the code to direct the end user to the target site. This can be a simple HTML redirect, or a more sophisticated script line of code. The attack works best if this is a well-visited site, which is why it is harder. Once this last step is completed the hacker’s work is done. Just wait for the virus to distribute and take effect.

Why is this a very dangerous attack?

Well, the first reason is that it is relying on end user behavior. As soon as the user sees that there is a virus reported on their machine their first instinct is to get rid of it. The thought that the screen they are seeing is not the antivirus software is not immediately obvious. Most Windows users are now used to seeing virus attacks and want to get them off their system as soon as possible. Consequently many would click straight through these bogus screens without a second thought.

Next, the attack had bypassed the antivirus system. Hopefully, the A/V would have thrown something up after the viral payload was executed, but it may not have. The affectivity of the A/V is only as good as the last update. So if it is a recent virus, and the user had not updated their A/V definitions, then anything could happen.

The Web pages can be tailored to specific operating systems. In my case I saw a Windows based application. Your machine will send a lot of information back to the Web server about what you are using. If you want to see what you are sending out, go to Shields Up on https://www.grc.com and run the Browser Headers check. You may also want to run some of the other tests just to see how secure you are. So it would be fairly easy to construct an attack that was design to attack an Mac based system — that is, to switch the screen the user viewed and the downloaded payload. This is what came back on my system

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.33 Safari/532.0

Finally, the Web pages and the launching script can be placed on multiple Web sites. The attack codes can be put on different sites too – they do not need to be collocated on one site. The launch code can be added to multiple Web pages on a single site. So a Web page on a trusted site can get infected. One day the site is safe, the next it is infected.

What you can do to protect against this type of attack

Many users are not familiar with their antivirus software. Take a quick look at your software’s manual (I know, that sounds unpleasant).

• Find out what your A/V software does should it hit a virus: what messages it displays and what operations it will take to quarantine and remove any viruses it finds.

• Take a careful look at ANY program that is launched on your system from a Web visit. Make sure you know where it came from. If in doubt, do a quick Web search on the file name. In many cases this kind of program contains a virus payload. In some cases, especially a drive-by, the file name may be automatically generated. You will have to rely on looking up the URL of the source site. Sam Spade is a great site to get information on who owns the Web site.

• A great fundamental protection is to add another user account on your system, even if you’re the only user of your Mac. Your first is an administrative account and the other is a user account with no administrative rights. The second account is the one that you use most of the time. It does not have rights to install new programs. This may block this type of attack and stop the program load. The administrative account would be used when you want to load a safe application.

• Lastly, you can active a security scanner to your browser to detect dangerous sites. Firefox checks for these, working from a list of known dirty sites. Google’s Chrome, when it is released for the Mac, will have this capability, too.

Steve Hardwick has over 10 years of information security experience. He has worked with different environments from military customers, financial institutions, healthcare organizations and Fortune 1000 companies, as well as conducting security assessments for large and small corporations. He is currently Partner Manager at Mobile Armor Inc. providing cost effective solutions for securing and protecting mobile data.

And so passwords are more important to a small business user. Yours are probably not good enough, according to a thoughtful article from the Australian outlet of the popular lifehacker.com Web site.

The only truly secure way to store your passwords is to use a password manager to securely track your passwords, combined with a a great master password to protect the rest of your saved passwords — if you use an easy password for your password manager, it would be easy to crack with a brute force attack. Don’t lure yourself into a false sense of security by just using one — your password manager password should be at least 10 alpha-numeric characters if you really want to be secure.

Five simple rules to make a very complex padlock for your sensitive stuff.

1. More characters are better
2. Words are bad — scramble them
3. Always include special characters like %
4. Upper and lower-case both, please
5. Don’t forget to use numerals, too

Firefox will give you a score on how good your master password is. So will a fine open-source password manager that runs on the Mac, KeePassX. It organizes your passwords by type, lets you look them up and more. Version 0.4 (okay, it’s not a commercial product yet) is free. We’ve tested it on Snow Leopard and it works great. KeePassX will copy any password into your Mac’s clipboard, so you can paste it into a Web site. At some point early in this whole protection process, however, you will need to create a password that unlocks your password manager’s database. This is the only password your manager cannot store, of course. And it’s the last one that you want to forget.

If you take nothing else away from the lifehacker article, remember this while browsing the Web: Once You Click “Remember Password” It’s All Over. Unless you use the built-in password manager in Firefox. You are using Firefox because of its built-in Master Password manager, right? Apple’s Safari browser hasn’t got this feature. The rub here is that your master password has got to be something you can recall and type in every time you start up Firefox. The Firefox password services are under the Preferences menu for the browser, in the Security pane.

Commercial (not free, but inexpensive) password managers for the Mac include those which use the 448-bit Blowfish Encryption Algorithm. At the moment it appears xhead Software has one of the best solutions that uses Blowfish, an algorithm xhead describes as

One of the fastest, most secure encryption algorithms in existence and has no known cryptographic weaknesses. It hasn’t been cracked yet. In fact, statistically speaking, if you use a sufficiently long password to encrypt your files, a hacker using the brute-force attack method of trying every possible password would spend longer than the known age of the universe to crack your file.

You can get the xhead product info 2.0 to do your password management for $25, $40 if you want its delights on up to five computers. If nothing else, there’s one security step you want to take with your Mac. Don’t work every day in your administrator account. You’d be surprised what caliber of Mac user doesn’t know what that means. More on that Wednesday.

On the other hand, system maintenance is a means to get more out of the Mac investment. This week Koingo Software is offering MacPilot Lite as a free download to users who’ve purchased Koingo software in the past. The full version of MacPilot is also on sale in an Essentials Bundle (along with three other tools such as the nifty Alarm Clock Pro) — and it’s worth the space in your system administrator’s toolbox

Yes, you are the system administrator of your Mac. While your expertise is probably in creating a product, delivering a service or managing a business, a small office or single-proprietor business usually has someone to manage computers: You. So as a present to yourself for the coming business year, a tool like MacPilot or Onyx (a free tool) is a worthy investment.

Koingo sells MacPilot as competing product to the free Onyx, so MacPilot has got to work harder. Koingo explains that MacPilot can

Optimize your network for broadband connectivity, completely customize Apple File Sharing, perform essential maintenance without having to remember mind-boggling acronyms, and much more. However, those are just a few of the many reasons why MacPilot is your choice over Cocktail, TinkerTool and Onyx!

There’s a deep feature list for MacPilot along with a free 15-day trial of the full product. The longer you use a Mac for your business, the more you’re likely to appreciate the facets of file-sharing in your office network or getting the most out of your broadband connection. The Mac OS is deep and can be fine-tuned to return the best value for time spent at your keyboard and mouse. But Unix, the core of Mac OS, is arcane and byzantine. Something like one of these tools is like having the teacher’s version of the Unix textbook, with answers in the back, sitting on your work desk.Koingo lists all that its MacPilot can do right away, in its setup screen. While some of these are available on the Mac’s software, having them inside one toolbox makes it more like you will use these features.

Finder — Toggle Finder visual effects; Hide & disable Finder menu items; Enable the Cut Finder menuitem; Change the Finder Label Line Count; Add a Quit menu item to the Finder; Disable Desktop Icons; Show invisible files; Enable slow-motion visual effect mode

Dock — Toggle the Dock Shadow; Toggle feature to turn icons for hidden applications transparent; Lock the size, position, orientation, contents, magnification, and effect of the dock; Show invisible files in Dock menus; Add a Quit menu item to the Finder; Change the orientation, pinning, and effect

Safari — Forget that Netscape, Mozilla or IE bookmarks were imported; Show the Safari build number in the window title; Enable tool-tip mouse overs for links; Change logging options; Show the Debug menu; Disable PDF support; Change cache & history limits and options

Mail — Use Plain Text message content by default instead of HTML; Show invisible control characters in message source; Change bundle compatibility version; Enable numerous logging options; Enable or disable bundles

Disks — Automatically mount disks without user login; View detailed disk information such as partition type, free space, boot flags, and more.; Verify disk permissions; Repair disk permissions; Change UPS and Battery disk spindown time; Enable or disable journaling

Login Window —Disable console access; Hide admin, network, and/or local users; Kiosk mode; Disable the restart, shutdown, or sleep buttons; Use text fields instead of user icons; Show input panel; Show “Other” users button; Change the background picture; Modify the welcome text and size; Adjust the startup delay after login; Show admin host information such as host name, system verison, IP address, etc.; Increase/decrease the count of retries given on a password until the hint is shown

System — Change the startup mode to Normal, Verbose, Safe or Single; Specify custom boot arguements; Change the default umask for file permissions; Disable the secondary processor (if applicable); Show kernel panics on screen; Disable the startup chime; Limit RAM available to the system; Turn power button into Programmer’s Button

Network — Disable .DS_Store file creation across networks; View detailed network statistics and setting information for each device; Change over 10 advanced network settings such as buffer size, RFC compliance, and NewReno.; Optimize connection for Broadband

Sharing — Advertise Apple Personal File Sharing on AppleTalk & Bonjour; Allow SSH tunneling; Grant admin users root access; Automatically create home directories for file sharing users; Enforce quotas on home folders; Use home directories; Limit Mac OS X admins to only seeing share points; Limit Mac OS 9 users to only seeing share points; Allow root login; Allow clients to sleep; Allow admins to masquerade as other users; Auto restart server after crash; Notify client if the server is full; Send login greeting only once to users; Enable Logging; Disconnect idle users; Change the login message; Change the warning message when disconnected for being idle; Modify the maximum allowed sleep and idle time; Adjust log retention based on size and/or age; Set a maximum connections limit; Limit number of concurrent threads; Limit number of allowed guests; Change the AFS port

Tools — Update locate database; Verify preferences integrity; Update/Rebuild prebinding; Erase Spotlight index; Erase unused preferences; Erase .DS_Store files; Repair classic permissions; Erase icon cache; Update whatis database; Rebuild Launch Services database; Lock & Unlock files & folders; Force empty trash(es); Create Symbolic Links; Force delete files and folders; Erase recently used file records; Recreate Mac OS 9 desktop link; Clear user cache; Run all, daily, weekly, or monthly cron jobs.

Other — Change the default fonts used within the system and application windows for monospaced fonts, messages, labels, title bars, tool tips, and more; View, empty & delete logs; Show the Debug menu in Address Book, Sherlock and Apple Remote Desktop 3; Allow the mouse to auto-active terminal windows; Disable disk image checksum verification; Show advanced disk conversion settings in Disk Utility; Enable Expose picture in picture mode; Force iPhoto to ask for a launch after a hot plug; Enable Dashboard developer mode, or disable Dashboard altogether; Show active screen corner markers; Display the Expose blob; Disable the scrollbar in the Terminal; Place an Eject Disk icon in the menu bar; Change the screenshot format, name and destination; Change window resize speed, font smoothing, and scroll arrow positioning; Set the Crash Reporter mode to short or full, or disable it all together; View detailed system statistics; View, copy & print a Character Map for the given font; Access a huge list of Macintosh hidden key combinations; Complete port list; Error Code list with definitions for Mac OS 6 through Mac OS X.

That’s a list long enough to make most users’ eyes glaze over, but it’s clear that Koingo is selling this toolbox of utility on its comprehensive feature set. Just a couple of items in the Other category become useful. If you’ve got a Dashboard widget you love to leave onscreen, like a calendar, then the Dashboard Developer Mode makes that possible. If you take screenshots for illustrating articles or operations manuals (I do this a lot), you can specify that those screen shots come in as JPEG or GIF files, instead of the Mac’s PNG default format. (It matters if you’re posting to Web sites or blogs.)

MacPilot is on sale along with three other Koingo tools (for that superior alarm clock, reclaiming disk space, and making an ultra-secure spot for sensitive information like passwords and customer lists) at $49, about 35 percent off list price.

This month I’ve installed the latest Version 5 of Parallels, as well as a trial copy of Fusion 3, on the Mac I use as a test system. (It’s a Mini with 3GB of memory, one that accesses the Internet though a wireless network port, since the Mini comes with a built-in Airport card. The 3GB is essential, since these Windows emulators suck up memory.) I can report the Fusion installation is smoother and tinkers less with a Mac’s user environment. Fusion uses McAfee anti-virus software, quite the brand name among Windows users. Parallels replies on the Kapersky Anti-Virus suite. Parallels seems to offer a half-dozen ways of using Windows alongside your Mac environment, but this slight of hand goes so far as to install folders on your Dock to speed up access to Windows programs. This trick erased a couple of useful Dock icons for my databases on the Mac side, demonstrating that Parallels Version 5 is like so many other versions of the software: buggy, with lots of fixes (long downloads) needed for stability.

Another thing that gets tricky about using these products is the constant updating that Windows users endure. Microsoft seems to add patches on a weekly basis to Windows (I use XP Home, very affordable) — so if your Windows use is infrequent, every startup of these environments will include downloads and restarts to get Windows into a secure state.

The anti-viral tools need their own updates religiously, too. This is a separate set of updates. In my tests I’ve found there’s an order to be recognized here: get the anit-virals updated first, even though Windows will ask you to restart itself before the anti-virals get their updates downloaded.

The process of running Windows on a Mac, essential for any programs you may need for your business that don’t have Mac versions, is an eye-opener about security. Don’t believe the Apple commercials about viruses, no matter how entertaining they are: Macs run on a variant of Unix, an operating system with plenty of security holes. Visiting the Windows world with Parallels or Fusion makes you aware how lucky we Mac users are, simply because there are fewer of us. We present a smaller target to the virus hackers, so we enjoy Security by Obscurity.

While there isn’t a wave of religion about security on the Mac yet, spyware and bot-ware can infect a system in surprising ways. Javascript, which drives so many Web sites, has become the most popular culprit. A simple visit to a popular Web site like Expedia for travel arrangements can get you infected. There are a handful of good Mac security tools to ensure that if anything jumps from your Windows environment to the Mac, you will know you’re being infected. Eradicating the dirty work is another matter.

ClamXav is a freeware viral solution for the Macs. You can download it and update its databases — the signatures of known viruses — but you’re relying on volunteer efforts to stay secure. Probably not the best choice for a business Mac user.

Intego Software sells Virus Barrier and NetBarrier software, at about $50 each, to cover both the gateways into your Mac (NetBarrier) and neutralizing the viruses and malware that might get inside. On that latter task, Intego also offers a new, standalone tool, Washing Machine. This program, included with NeBarrier X5, erases data that Web browsers store automatically — so hackers have less chance of infecting your system.

Washing Machine can clean five types of items: Bookmarks, Caches, Cookies, Download Histories, and Browsing Histories. It works with most web browsers, and many utilities or other programs that store information behind your back. It even cleans up after some programs that you would never think are storing data. But Washing Machine knows about them, and is ready to clean up after them.

There’s also a fine security suite that controls the power of the Mac’s built-in firewall. DoorStop X Security Suite is $79 and even includes a comprehensive instruction manual about security for the Mac. Things are safer on a Mac than on a Windows system, but on the doorstep of 2010 it’s folly to think anybody can surf and work securely without some of this help. At the least, download and use Clam Xav. Cleaning up a hack will cost you more lost time than buying all of these tools together.