Apple’s “solution” of disabling Java on versions prior to Snow Leopard isn’t realistic for users that still intend to keep their Mac on the Internet, since web-based Java is still popular, especially for proprietary corporate applications. If you are on a Leopard (10.5) or older system, Apple’s solution means that you could try to enable Java only while you are using websites that require it and then immediately turn it off afterward (a common example of usage is for remote control programs such as GotoMyPC and Logmein). To be fully secure though, the better solution is to upgrade your OS. However, upgrading your Mac’s OS could introduce incompatibilities with existing software that will require further costs to upgrade. Plus, if a user hasn’t upgraded to Snow Leopard — an admittedly old OS — yet, they may have a good reason for doing so.

Apple updates its operating system at a much faster pace than Microsoft. Leopard was superseded by Snow Leopard in August 2009 and Windows XP was superseded by Vista in November 2006, yet Microsoft is still providing critical security updates for XP until April 2014. Microsoft is providing more security updates for more versions of their operating system while Apple is starting to abandon users after less than three years.

To be fair, a majority of Mac users have already moved to either Snow Leopard or Lion, according to estimates from Net Market Share so most Mac users will be protected from this security flaw after installing Apple’s latest updates. Windows XP, meanwhile, is still on a majority of PCs according to that same study, even though its successor, Windows 7, was released in July 2009. Microsoft is doing this right by continuing to provide security updates for its older operating systems, which sort of makes sense given Microsoft’s constant battle with malware over the years. But Apple isn’t.

With Apple’s accelerated OS release cycle, leaving Leopard’s Java security unsupported after less than three years is unfair to users and a potential class action lawsuit waiting to happen since Apple’s extended warranty (AppleCare) is designed to support the Mac for three years. That MacBook you bought in May 2009 has a problem that Apple knows about, and Apple’s solution is to simply disable portions of the OS provided by Apple for your computer.

At the very least, Apple should be required to either patch a security flaw in any computer still under AppleCare or provide a free update to a currently supported version like they are doing for MobileMe users. Two years is simply too short of an upgrade cycle to expect users to keep up with in order to maintain the security of their systems.

If Apple continues this “current and previous version” approach towards security, Snow Leopard users are going to miss out on security updates when Mountain Lion 10.8 comes out this summer, only two years after they upgraded to Snow Leopard. Apple needs to step up to the plate and provide security updates for at least three years — otherwise Mac users could be more secure wiping an older Mac OS on that Intel-based Mac and installing Windows XP instead! At least then they’ll have until April 2014 before their computer turns into an unsecured ticking time bomb.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• New challenges for the IT organization
• The new IT manager, part 1
• Opportunities and challenges for mobile deals

The delay itself has been greeted with mostly positive reactions from developers, who are thankful for the additional time to adapt to this new approach even if they are still anxious about the long-term implications. Chris Foresman wrote a great summary of sandboxing, Daniel Jalkut of Red Sweater Software covered some of the issues that face developers of Mac software, and Manton Reece, developer of Clipstart, explained why he is dropping out of the Mac App Store to avoid sandboxing entirely. Most discussion of sandboxing has focused on the security implications of the new approach. However, I think that Apple may be playing a long game here that goes far beyond incremental improvements to the security of OS X.

Sandboxing: Security is not the end game

I don’t mean to imply that security is not an important consideration. It is. The problem is that sandboxing is only partially effective as a technique to improve security simply because outright malicious software won’t use it anyway. Wil Shipley of Delicious Monster wrote an excellent essay on the limitations of sandboxing as a security measure. Gatekeeper is likely to be s more effective security measure. So if sandboxing is not the last word on the future security of the Mac platform, what else might be going on?

What use could there be for a shift in programming conventions that requires apps to assume that all their files and settings are held in their own isolated container? That requires developers to carefully document when, where and why they need to reach out of their sandbox. That puts the OS in charge of allowing apps to access shared resources instead of unfettered access to the whole filesystem. What use is there in breaking long-held traditions of using arbitrary file access to enable shared settings? Why remove the ability to talk to other apps through Apple events?

It is not a far stretch to consider that this shift in approach might have a connection to Apple’s long-term plans to make iCloud the center of their strategy for the next decade. Apple intends for developers to move away from reliance on direct access to all of the nooks and crannies of the local filesystem on the computer and instead package up their files using the container approach. Self-contained sandboxes are more easily copied and moved between machines and are easier to back up. More and more, applications interact with online services across multiple devices. If your digital “stuff” is strewn about the cloud and across a couple of Macs (work, home, desktop, laptop) as well as multiple mobile devices like your iPhone and iPad, a dotfile on your computer might not be the best place to store settings anyway. Sandboxing could be a step towards abstracting away the local filesystem in favor of cloud-based storage.

The long game of sandboxing

While we don’t have answers now, there are a few areas to pay close attention to over the coming months as Mountain Lion moves closer to release and iOS is updated as expected later this year. (WWDC this summer will be interesting.)

The first feature to watch is entitlements, which are the list of permitted actions apps are allowed to perform from within the sandbox. Apple has expanded them a bit in Lion 10.7.3, but developers would like more. Daniel Jalkut thinks it is urgent that Apple address the current scope of entitlements. “The number one broken thing about sandboxing as it stands today, is the list of entitlements is simply too limited.” Further refinement of the available entitlements is likely, but it will be more interesting to watch where Apple expands the access granted to sandboxed apps. Will there be more direct access to places in the filesystem? More access to hardware features like serial ports? Or just more refinement to the iCloud APIs? Entitlements will be a clear indication of Apple loosening up on app restrictions or sticking to their guns.

The second area to watch is to see what Apple will do to explain sandboxing to users. If this is truly a security-focused measure, I would expect to see more prompts in OS X about what applications are asking to do (or which entitlements they have requested). If sandboxing isn’t meant to keep users better informed on what apps can and can’t do, then I would suspect that sandboxing is more about corralling developers to interact with the system in ways that can be abstracted or redirected to iCloud.

The big question in my mind, is what will be done with inter-process communication? URL schemes, as we have in iOS, are certainly much more limited than Apple events, even with call-backs. However, URL schemes also provide an abstraction where they could be made to work in different contexts, such as on a computer, on an iPhone or in a web app. Surely, something else is coming to meet the need for automation, workflow scripting and sharing between apps if the Apple events system is being phased out. This will be a key area to watch over the next few months to see where the wind blows out of Cupertino.

I can’t shake the feeling that sandboxing is part of a much bigger play by Apple and that it connects to their strategy for iCloud. While all we can do at the moment is speculate, I feel certain that developers that can suss out the larger meaning here and see a few steps ahead of the rest of us have a real opportunity. We saw companies that pulled ahead of the pack with the first generation of mobile, connected, and social apps for the App Store. There is a similar opportunity here with sandboxing and iCloud to try and skate to where Apple is looking to send the puck, to borrow a phrase from Wayne Gretzky, instead of simply complaining that the puck is not where it’s been.

Tea leaves thumbnail used courtesy of Flickr user xJason.Rogersx

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Why the Mac is infiltrating the enterprise
• NewNet 2012: companies and technologies set to disrupt
• Connected Consumer 2012: A year of consolidation and integration

For example, if you were surfing a number of sites in Safari before you quit, those windows will return when you reopen the program. Some windows we may not want to share with others. I’m not talking just “adult” items, but, for example, a job search or dating site. Most Mac OS customers are used to having the more obvious digital debris of their life excised upon quitting an app. Unfortunately, in Lion, any application that supports resume (including most system apps, iWork and many more on the way) could unearth some embarrassing secrets.

There are a few quick solutions. When possible, close the Safari window or tab you’d rather keep private before you quit the application. Additionally, if you hold down the option key while choosing Quit from the application menu, or hold down Command+Option+Q, that will “Quit and Discard Windows” for this particular session.

If you forgot to do that and find yourself needing to close those open windows without launching the app, you can remove this information manually. To do this, first choose “Go to Folder” from the Go menu. Type ~/Library/Saved Application State/ and that will take you to the folder that contains your saved windows. If you want Lion to forget the last windows left open in Safari, look for com.apple.Safari.savedState and then delete that folder. That will remove the last session’s windows and tabs.

If you decide you really don’t like applications automatically remembering previously open windows and tabs, you can turn this feature off system-wide by opening the System Preferences application, and under “General” making sure “Restore windows when quitting and re-opening apps” is unchecked.

So the next time you go shopping for that wedding ring, remember that the next person who opens Safari might see the window and ruin the surprise. These tips should keep you out of hot water. And if you’re surfing for something else on your computer, the next person who has to use or repair it will thank you for keeping your private info private.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• How cloud computing plus Facebook might mean the end of personal privacy
• Building a better paywall: strategies for monetizing news content

1. Create a service-only account

Often repair work involves administrator-level access to your Mac’s operating system. While I’ve never heard about privacy violations at Apple Authorized Service Providers, I like putting an extra barrier to protect my personal data, since I’ll sheepishly admit my account password is used in a few other places, and I’d rather nobody know it.

For added protection, I have another administrator account prior to sending my Mac in for service. An extra administrator account is good for testing purposes, so I already have one. If you don’t, then go to System Preferences, and then to Accounts and click the plus button and under “New Account.” choose “Administrator.” Create a full name and unique password and then click “Create Account.”

When checking in your computer at the repair shop, give them this password. Yes, your original account’s password could be reset and your data read, but at least this makes it a bit more difficult to do so. Even if your primary account’s password is reset, they still won’t have easy access to your keychain or be able to find out where else you use that admin password.

Now that your Mac is safely backed up and ready for service, here are two tips for an often overlooked part of the job — physically transporting your Mac.

2. Dress your iMac in a t-shirt

The iMac’s screen in particular can be easily scratched when lifting it in and out of the car. Shirt buttons and jewelry are common items that could cause scratches on your person, too. A large towel is a common protector for transport, but it’s difficult to keep that in place. My solution is an old t-shirt. If your screen size exceeds your shirt size, go to a thrift store and pick up an XL. Old shirts tend to be extremely soft and stretch easily, thereby protecting your iMac screen and keeping that protection in place during transit. The bonus is that your computer looks absolutely adorable.

Once you’ve got the T-shirt wrapped around the iMac, lift it carefully, making sure to grasp it firmly with two hands at the bottom and press the protected screen against your body. Don’t try to carry it by the stand. Unless you’re a weightlifter with unusually long arms, avoid carrying an iMac under one arm.

3. Keep it in the backseat

Just like people do with their other most precious cargo (ie., children and pets), keep the Mac in the backseat. Have the screen face backwards and strap it in with the shoulder and waist restraints. I typically place the shoulder strap over the back of the iMac and then use the waist restraint close to the base. This will not keep it in place as well as it will a child in case of an accident, but it serves to slow the Mac down, and if it does hit the back of the passenger seat, the screen is less likely to crack and the hard drive is less likely to get jostled. For an extra ounce of prevention, I push the passenger seat as far back as I can and brace it with a pillow if needed. This will also help if you have to make a sudden stop, or if you hit a few potholes long the way.

Any other tips for getting your injured Mac to and from service-related visits?

Photo courtesy of Flickr user kaikajus.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Building a better paywall: strategies for monetizing news content
• Flash analysis: Steve Jobs

Kickstarter-backed iPhone, iPod and iPad accessories

The PadPivot is a versatile iPad (or any other tablet or e-reader) stand that folds up for easy storage, and works both on hard surfaces like a table or desk, or on your thigh for holding your iPad steady while browsing or watching video on the couch. In my review, I wasn’t shy about calling the PadPivot the most practical stand I’d ever come across, and that remains true after a couple more weeks of usage.

PadPivot easily exceeded its funding goal of $10,000, raising $190,352 on Kickstarter, where anyone can pledge small amounts to see the project become a reality. Another project that blew past its initial funding target, the iPod nano watchbands called LunaTik and TikTok, also went on to pick up a prize retail distribution deal, and are now available on Apple retail store shelves.

Kickstarter’s advantage is its ability to act as a focus group (designers will change their product based on feedback during the funding period), test market (pledges act as pre-orders, so retailers have a ready-made sample of prospective buyer interest) and funding round. Thanks to that triple-pronged approach, consumers get to select from some unique accessories that might not have made it through the design-by-committee process that churns out relatively interchangeable designs at established accessory-makers.

When the PadPivot arrives on Best Buy and Future Shop (which is owned by Best Buy) shelves, it’ll bear in-house RocketFish branding. The device will still retain the same design that makes it so handy, and the PadPivot name, however, and should retail for around $39.99. Check it out in action below.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Why iPad 2 Will Lead Consumers Into the Post-PC Era
• How to Market Your iPhone App: A Developer’s Guide

The Blackbox Bamboo was originally designed based on creator Lance Atkins’ experiences travelling with a MacBook Pro on an African backpack safari, during which time the neoprene sleeve he was using provided inadequate protection, resulting in a broken Mac. He created the first Blackbox Case out of oak in 2010 to provide a heartier alternative to traditional soft sleeves. Now, the company wants to expand their business and provide an entire, new line of cases made out of the more sustainable bamboo.

The Blackbox Bamboo will come in a choice of two colors, either with a carbonized brown stain or in natural bamboo finish. It will also come in a variety of sizes, including one that fits the iPad 2 with or without the official Apple Smart Cover attached, one for both the 11 and 13-inch MacBook Air, and one each for 13, 15 and 17-inch MacBook Pro models. All varieties come with a leather strap with a snap closure for securing your device in the Blackbox Bamboo.

Kickstarter backers qualify for pre-orders starting at $79, which gets you the iPad 2 version, and range up from there depending on which model you’re interested in. It’s a pretty cool product that appeals to the outdoor adventurer in me, though I’m not sure I wear that mantle often enough to qualify. Anyone else’s fancy tickled by the Blackbox Bamboo? Be sure to check out the video below before you answer.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Why iPad 2 Will Lead Consumers Into the Post-PC Era
• How to Market Your iPhone App: A Developer’s Guide

There isn’t a specific timeline for when the update will be released, but when it does arrive, it’ll also shut down the ability to jailbreak iOS devices using the most recent JailbreakMe browser-based method. The jailbreak takes advantage of the same exploit which poses a potential security threat and involves the way in which Safari and Mail manage PDF file downloads.

Apple will likely be quick with an update, considering the nature of the German IT agency’s warning. The organization called the flaw a “critical weakness,” and one which is “sufficient to infect the mobile device with malware without the user’s knowledge.” It affects users running iOS 4.3.3, and possibly older versions as well, according to the German agency.

While users await a software update to patch the hole, the best way to avoid any potential security threats is to avoid downloading PDF files from any untrusted sources, either via email or mobile Safari. As mobile web access becomes more popular, it’s generally a good idea for users to practice the same kind of safe browsing that helps avoid malicious attacks on desktop computers as well, part of which means not downloading content when its origin is at all suspect or hazy.

A similar flaw was discovered in August 2010 that also allowed for web-based jailbreak, and also caught the attention of the German government. Apple took about a week to issue an iOS update to patch the problem at that time, so it’s reasonable to expect a similar timeline for release with a 4.3.4 update.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Mobile Q1: All Eyes on Tablets, T-Mobile and AT&T
• A Media Tablet Forecast, 2011 – 2015
• A Global Mobile Handset Platform Forecast, 2011 – 2015

Here are the eight apps contained in the bundle, which is available for just $50 for another 9 days:

• 1Password. One possible cure for all the rampant hacking of major sites and services going around is keeping incredibly complex, different passwords for each of your online accounts. But that’s almost impossible to remember. So use 1Password, which lets you store hundreds of distinct logins in one place. Just make sure the master password and PIN you choose to keep all that info safe is solid. 1Password is also great because it plugs into iOS apps to sync your login data across devices.
• Billings. Time-based billing is a chore that no freelancer enjoys, but apps like Billings at least make it easier than if you’re doing it using templates in Word, for instance. Billings has awesome time tracking tools that integrate into your Mac menu bar or can be operated with hot keys, and an iPhone app that syncs info with the Mac version.
• TextExpander. Thanks to keystroke shortcuts, customizable abbreviations and one-click coding shortcuts, this is the text editing tool that becomes the default mail composer, form-filler and report preparation tool for many a Mac freelancer.
• LittleSnapper. Take screenshots, send clients design samples, and save website effects that you want to recreate yourself. If you’re building a design inspiration scrapbook, you no longer have to depend on scissors and magazines. Annotations and tags make keeping your screenshot connection organized and highly searchable.
• WriteRoom. Distraction-free writing is a bit of a trend, and freelancers who do a lot of writing appreciate the benefit of being able to shut out the many demands for attention that a computer brings with it. WriteRoom is a solid distraction-free writing client that’s been around for a while, and you can sync with an iPhone client, too.
• Radium. Some people can work without a background soundtrack, but I am not one of those people. You might have jumped to something like Pandora, or the hot new kid on the block, turntable.fm, but if you prefer the set-it-and-forget-it ease of Internet radio, Radium is a good OS X front-end with a huge database of available stations.
• Arq. Backing up your data is key when you’re a freelancer, because no one but you will be responsible for preserving your documents in most cases. Arq is an OS X client that plugs into Amazon S3 cloud storage (which you have to sign up for separately) to keep your offsite backup needs taken care of.
• Alarms. This is a small utility that mostly resides in the OS X menu bar, syncs with iCal and can remind you about just about anything you need to do during the day. It offers drag-and-drop simplicity, so drag URLs from your browser or a file you need to work on from the finder, or just about anything else to bring up the reminder creation screen.

The total cost of all these apps taken alone is somewhere around $300, so if you’re a new (or experienced) freelancer looking to pick up a complete toolbox without straining your gray matter or your wallet, this is definitely a no-brainer.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Mobile Q1: All Eyes on Tablets, T-Mobile and AT&T
• The Future of Workplaces
• The Future of Work Platforms: An Overview

iPad passcode configuration

Even though it isn’t 100 percent foolproof, securing your iPad with a passcode is a good first step for security. On my iPad 2, I configured security to use the longer alphanumeric passcode, and I make sure that it will lock the iPad immediately when the cover is closed by doing the following:

1. Open Preferences and navigate to the General settings.
2. Set Auto-Lock to 2 minutes.
3. Turn the Passcode on and set Require Passcode to “Immediately.”
4. Turn the Simple Passcode off.
5. Turn Erase Data On to wipe the iPad after 10 failed logon attempts.

After you sync your passcode protected iPad with your Mac, you should notice that any user account on that Mac can still access the data on your iPad using any of the following methods. Attach that same iPad to any other Mac that has not accessed any data on that iPad in the past, and you will get an error indicating that the device is protected with a passcode.

Protecting your data in the real world

You may be surprised at how easy it is to access your iPad’s information even after you’ve set up a passcode when it’s connected to a Mac.  If you really don’t want others to have access to your information, there isn’t much you can do short of setting a hands-off policy. You may want to sync your iPad to a dedicated Mac which only you have access to. Anyone with access to both your iPad and the Mac it syncs with can see all of your data. You can avoid potential theft worries by keeping the iPad and Mac in separate cases, and by disabling the guest account on your Mac so that a user has to know your passcode to login.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Mobile Q1: All Eyes on Tablets, T-Mobile and AT&T
• A Media Tablet Forecast, 2011 – 2015

Before the release of the support note yesterday, it was reported by ZDNet’s Ed Bott that Apple support staff on the phone were indicating that they couldn’t provide instructions for dealing with specific instances of malware. The fix is not overly complicated, but explaining it individually over the phone to every affected customer would tie up a lot of customer service agents, and it could set a dangerous precedent for the future treatment of such situations.

The article promises that “Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants,” and that the update will arrive “in the coming days.” Users will also receive an explicit warning notification if they happen to download this malware once the update is installed.

The step-by-step instructions for removing the Mac Defender malware involve using Activity Monitor to kill all running instances of the program and its equivalents (MacProtector, MacSecurity), then dragging the applications to the Trash, and finally, emptying the Trash. Apple also provides instructions for removing the malware’s login item, though the login item is no longer a threat once the application is removed from your system.

Glad to see Apple responding to the valid security concerns of its users. Let’s hope this isn’t the just beginning of the Mac’s serious malware woes.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• The Structure 50: The Top 50 Cloud Innovators
• Connected Consumer Q1: The Over-the-Top vs. Pay TV Battle Heats Up
• Smart Grid Apps: Six Trends That Will Shape Grid Evolution