Cancel Cable Part 2

In the Open With window, select the new default program (if it isn't listed, then click Browse and select it).

Click OK and then Close.

To open a file that has an unregistered extension (or no extension): Double-click the mystery file.

Do one of the following: If you don't know which program can open the file, click "Use the Web service to find the appropriate program" to try to look up the extension on Microsoft's website. If Microsoft draws a blank, refer to one of the websites listed in "Unregistered Extensions" earlier in this chapter.

To open the file in a program that's installed on your computer, click "Select the program from a list of installed programs," select a compatible program in the Open With window, and then turn on "Always use the selected program to open this kind of file" if you want.

OS X Tasks OS X maintains a master list that pairs each filename extension with its default program. A file's Info window shows its file type and a.s.sociated program (and other metadata). You can override the default program for specific files.

To open a file's Info window: Do any of the following: Right-click (or Ctrl-click) the file and choose Get Info from the shortcut menu.

Select the file and choose File > Get Info or press Command+I.

Note: These actions also work when multiple files are selected.

To show or hide the filename extension for a specific file: Right-click (or Ctrl-click) the file and choose Get Info from the shortcut menu.

In the Name & Extension section of the Info window, turn on or off "Hide extension."

To show or hide filename extensions for all files: In Finder, choose Finder > Preferences or press Command+, (comma).

In the Preferences window, click the Advanced pane and turn on or off "Show all filename extensions."

Note: Some filename extensions (such as those of imported photos) will show even if extension-hiding is turned on.

To show or suppress warnings when you change a file's extension: In Finder, choose Finder > Preferences or press Command+, (comma).

In the Preferences window, click the Advanced pane and turn on or off "Show warning before changing an extension."

To open a specific file with a nondefault program: Do any of the following: Right-click (or Ctrl-click) the file and choose Open With from the shortcut menu.

Select the file and choose File > Open With.

Select the file, click on the toolbar, and then choose Open With.

Drag the file onto the program's icon in Finder or the Dock.

Open the program that you want to use, choose File > Open, and then locate the file.

Note: If the program isn't listed in the Open With menu, choose Other to locate it.

To change the default program for a specific file: Do any of the following: Hold down the Option key, right-click (or Ctrl-click) the file, and then choose Always Open With from the shortcut menu.

Select the file, hold down the Option key, and then choose File > Always Open With.

Select the file, hold down the Option key, click on the toolbar, and then choose Always Open With.

Select the file, choose File > Get Info (or press Command+I), and then choose a program from the "Open with" drop-down list. (Don't click Change All.) If multiple files are selected, hold down the Option key, choose File > Show Inspector (or press Option+Command+I), and then select a program from the "Open with" drop-down list.

Note: If the program isn't listed in the Always Open With menu, choose Other to locate it.

To change the default program for all files of a specific file type: Select any file of the target file type.

Choose File > Get Info (or press Command+I).

In the Info window, choose a new default program from the "Open with" drop-down list or choose Oher to locate a different program.

Click Change All.

To open a file that has an unregistered extension (or no extension): Double-click the mystery file.

Click Choose Application, select a compatible program in the Choose Application window, and then click Open. If you draw a blank, refer to one of the websites listed in "Unregistered Extensions" earlier in this chapter.

Chapter 4 Malware.

File-sharing networks are infested with nasty bits of software that will wreak havoc with your computer and perhaps your well-being. If you're thinking "My kid takes care of that," "That's a background task for my computer" or "I own a Mac," then you lack healthy paranoia.

About Malware.

Malicious software, or malware, includes viruses, spyware, adware, trojan horses, worms, and rootkits, whose attacks range from mild (slowing your machine) to irritating (spewing pop-up ads or cras.h.i.+ng your system) to transforming (destroying your data or stealing your ident.i.ty). Some malware conceals itself. If your PC is a malware-infected zombie, it secretly obeys a remote server, typically sending spam in the background by using your bandwidth and processor. (A collection of zombies is a botnet, which third parties can rent from the infector for spam campaigns, remote attacks, or click fraud.) Malware spreads via email attachments, networks, USB flash drives, rogue antimalware programs, and websites that push installable "add-ins." Pirates are threatened mainly by malicious links and infected files.

Malicious Links.

A poker-book torrent has no reason to contain but one file: the book. But some payloads also contain links to no-name poker rooms, dodgy rakeback programs, online casinos, and other places best avoided. Such links, which can be part of any torrent, come as separate URL (.url), MHTML (.mht, .mhtml), or HTML (.html, .htm) files. Double-clicking one of these internet shortcuts opens your browser to a particular webpage. These links almost always lead to spammy, crooked, useless, or for-pay sites. And you risk a drive-by download: malware that exploits browser security holes to secretly self-install when you simply visit a website. Fortunately, these threats can be easily sidestepped: If the links come as separate files, turn them off when you first open the torrent (see Chapter 10).

If the links are bundled in an archive (.rar or .zip file), download the archive and extract only the files of interest (see Chapter 5).

If a pa.s.sword-protected archive requires that you visit a website to get the pa.s.sword, don't visit the site. Either delete the download or, if your alarm bells aren't ringing, scan the torrent's user comments for the pa.s.sword (see Chapter 10).

If you're unsure about a link file (say, instructions.url or readme.html), open it in a text editor rather than in your browser.

Infected Files.

Download and double-click the wrong file, and you're infected. Wary beginners have rules of thumb to protect them: Text files that don't contain scripts are always safe.

Video, picture, and audio files are rarely unsafe.

PDF and HTML files can link to malicious code. PDF and CHM files can also be infected with malicious code (but usually aren't).

The default security settings for Microsoft Office stop macro viruses embedded in Word (.doc, .docx), Excel (.xls, .xlsx), and PowerPoint (.ppt, .pptx) doc.u.ments.

Applications, games, screen savers, scripts, key generators, cracks, disk images, and other executable files are where danger lies. Application-support files (.dll, .vbx, .vxd) can also be dangerous.

Popular torrents aren't a threat (hundreds of savvy peers quickly spot subterfuge). Lots of piracy groups, identified by their aliases, have popular reputations for providing safe, quality downloads.

Pirate sites let users post comments about torrents and flag their quality. Antimalware false positives result in often-ignorable user comments like "This torrent has a trojan horse."

Vigilance.

These rules soon will coalesce to a feel for suspicious torrents. It's a step toward vigilance. The only way to protect yourself online is to act like everything on the internet is a scam; that people are always trying to trick and rob you by playing on your ignorance, loneliness, greed, empathy, guilt, or stupidity.

True vigilance is rare in cultures grounded in the idea that people don't have to live with the consequences of their actions. But humans are built to be vigilant. You see it in soldiers, pilots, loggers, athletes, cops, roofers, and hunters. It kept your ancestors from being shredded by lions, and keeps your kids from being pounded by bullies. Online, threats abound: Microsoft didn't take security seriously until Windows Vista in 2006 (far too late).

At this writing, no viable Mac OS X malware has emerged. But Apple issues security updates regularly, so weakness is there should malware writers attack.

The web was designed to be open (specifically, to share academic research). Implementations for banking and other secure transactions are bolted to an architecture made for sharing.

Data and executable code occupy contiguous memory (that is, they share the same address s.p.a.ce). This security hole lets code self-modify and lets data execute as code, permitting common and destructive code injection attacks.

Other offenders: unauthenticated email, WEP, ActiveX controls, permissive C compilers, null-terminated strings, Flash cookies, evercookies, unencrypted IP packets, plaintext pa.s.swords, FTP, backward compatibility, security through obscurity, statelessness, invalid certificates, and misleading user interfaces.

Prevention.

The best way to avoid malware is to behave safely and develop a sense of what the real risks are. A few tips: Operating system. Use the current release of your OS and keep it updated with the latest security patches. Always update immediately. Windows and OS X auto-update by default. Don't use Windows XP - Microsoft's XP security updates have become rarer over time.

Programs. Uninstall any old versions of your software and keep the latest versions up to date. Programs usually let you update from the Help menu, the Options or Preferences dialog box, or (in OS X) the application menu.

Firewall. A firewall is a gatekeeper that can block internet traffic, usually based on its source or destination. Windows and OS X have built-in firewalls that are turned on by default. Your router/modem probably has its own firewall and network address translation (NAT) enabled by default, protecting even ancient OSes from outside threats. (Not sure? Ask a geek.) Third-party software firewalls often cause problems with BitTorrent clients.

Wireless network. Change your router's default pa.s.sword and enable WPA or WPA2 security (don't use now-compromised WEP security).

Filename extensions. Always show them (see Chapter 3). If extensions are hidden, the file love-letter-for-you.txt.vbs appears without the .vbs, looking like a harmless text file while actually carrying a hostile Visual Basic script. Millions opened this file in 2000, infecting themselves and millions more via email with the ILOVEYOU worm, forever convincing system administrators that ordinary users will click anything. Even with extensions showing, the file FreeMP3s.txt .exe will appear to be harmless if the embedded s.p.a.ces hide the .exe extension in a narrow column.

Browser. Browse with Mozilla Firefox, not Internet Explorer or Safari. Use Firefox's Adblock Plus, FlashBlock, and BetterPrivacy extensions. More-advanced users can look at NoScript. Other privacy and security extensions are at addons.mozilla.org.

Hosts file. Instead of using a browser extension, you can use a hosts file to block ads and third-party cookies. A hosts file is a text file that doesn't use system resources and isn't browser-dependent. Try mvps.org/winhelp2002/hosts.htm or hosts-file.net.

Education. Read Wikipedia's article about social engineering. For current threats, read RISKS Digest and Bruce Schneier's Crypto-Gram Newsletter. For Windows-specific threats, visit Microsoft Security. Browse through the lectures at the Chaos Communication Congress.

Backups. If you back up an infected file, it'll reinfect you when you restore it to your computer.

Ads. Never click them, including those disguised as "sponsored results."

Pa.s.swords. Use a different pa.s.sword for each account. Write them down or use a program like Pa.s.sword Safe. Cormac Herley writes critically of common pa.s.sword advice; for starters, try "So Long, And No Thanks for the Externalities" and "Do Strong Web Pa.s.swords Accomplish Anything?"

Antimalware. Don't use it.

Antimalware.