Thursday, August 14, 2025

Are Macs, Linux safer than Windows PCs - 2025 Update

You would be amazed at how many people believe and how Apple Store representatives perpetuate the following myth;

"Mac's don't need an anti-virus solution". It's a Mac, it's safe by design. 

FYI, Macs (5% of marketplace) come with XProtect which is an antivirus(AV) software. XProtect is not well known. It's a lightweight, behind-the-scenes guardian which uses only signature-based (known threats only) rules. 

Windows (75% of marketplace) comes with Microsoft Defender is a full-featured antivirus and anti-malware suite and uses signature-based + behavioral analysis + cloud protection rules.

Linux (4% of marketplace) does not have a default AV. The common free (sudo apt install clamav) ClamAV, which is signature-based and has basic heuristic capabilities. ClamAV can perform on-access scanning and process memory scanning, though these features require setup and aren’t enabled by default. ClamAV is open-source but was purchased by Cisco Systems Inc. in 2013.

The problem with signature-based solution is you are always behind and have to play catch-up. Any new malware will easily spread before it's identified and quarantined.

Generally speaking, according to the Common Vulnerabilities and Exposures (CVE) All Time Board (see image below) macOS and Windows are virtually tied for number of vulnerabilities. 

TL:DR

Don't surf on your phone, or bank on it, use a desktop and buy the best malware antivirus solution available.

Phone Security Brief

Both Android and IOS market their security using sandboxing, which is a good technique but has not prevented the number of vulnerabilities for attack. Again, phone companies, will never tell your phone needs an antivirus, even though it's a full blow computer. Open up a  Mac Book Air and inside is an iPhone. According to ESET, Android malware attacks surged by 160% in the first half of 2025. A major contributor is the "Kaleidoscope" ad fraud operation, and drive-by malware that require no-click activation (this would be block by an AV). So major AV players just added AV into browsers, that's how they got around phone restrictions. See below for more info.


CVE All Time Leaders Board



















Source: Top 50 products having highest number of cve security vulnerabilities (cvedetails.com)


Mac OS X covers a longer historical period, including older versions like Leopard, Snow Leopard, etc.

macOS versions (like Catalina (2019), Big Sur, Monterey) benefit from more advanced security features and sandboxing.


Phone Security Details

Sandboxing implementation for phones, neither promote or have a built-in antivirus, for fear of bad publicity and performance.

Android

  • Kernel-Level Sandbox: Each app runs with a unique Linux UID, isolating it at the process level using standard UNIX-style permissions.

  • SELinux Enforcement: Since Android 5.0, SELinux adds mandatory access control, and by Android 9, each app gets its own SELinux context.

  • Seccomp Filters: Android 8.0 introduced syscall filtering to limit what apps can do at the kernel level.

  • App Runtime (ART): Replaced Dalvik VM, offering process-level isolation and performance optimization.

iOS

  • Strict App Sandboxing: Every app is confined to its own directory with limited access to system resources and other apps.

  • Entitlements System: Apps must declare specific permissions (e.g., access to iCloud or camera), which are cryptographically signed and enforced.

  • ASLR & Execute Never (XN): Memory protection techniques like Address Space Layout Randomization and marking memory pages as non-executable prevent code injection attacks.


🔐 iOS App Security

Strengths:

  • Closed ecosystem: Apple tightly controls the App Store, vetting apps for malware and enforcing strict privacy guidelines.

  • Sandboxing: Apps are isolated from each other and the system, reducing the risk of cross-app data leaks.

  • Frequent updates: Apple supports older devices longer, ensuring timely security patches.

  • Privacy-first features: iOS includes indicators for microphone/camera use, approximate location sharing, and tracker blocking in Safari.

Weaknesses:

  • Limited customization: Users have less control over app permissions compared to Android.

  • Apple-centric data flow: A study found iPhones send more data to Apple servers than Android does to Google—but less to third parties.

🔐 Android App Security

Strengths:

  • Customizability: Users can fine-tune app permissions and install apps from outside the Play Store.

  • Security platforms: Some manufacturers (e.g., Samsung with Knox) offer enhanced device-level security.

  • Google Play Protect: Scans apps for malware, though effectiveness varies.

Weaknesses:

  • Fragmentation: Different manufacturers and OS versions lead to inconsistent security updates.

  • Third-party exposure: Android apps tend to send more data to external servers, including those in countries with questionable privacy laws.

  • Higher malware risk: Open app ecosystem makes Android more vulnerable to malicious apps.



Original post in 2016

Saturday, August 2, 2025

The Crabwood binary source code revisited with AI

The Crabwood binary code refers to a complex crop circle discovered in 2002 near Crabwood Farm in England, which contains a binary message. The message is encoded in ASCII binary code and is believed to contain warnings about deception and the existence of extraterrestrial intelligence. The binary code consists of a detailed humanoid face and a spiral sequence of dots, which some researchers interpret as a warning about false gifts and promises. The message has been analyzed for its meaning, with interpretations suggesting it may relate to advanced technology and the potential presence of extraterrestrial life.

The binary-ASCII code from Crabwood 2002: a second message embedded somewhere?   by Red Collie (cropcircleconnector.com)




















Grok 

Beware the bearers of FALSE gifts & their BROKEN PROMISES.Much PAIN but still time.EELIEVE.THERE is GOOD out there.WE OPPOSE DECEPTION.CONDUIT CLOSING\


ChatGPT


The binary you've provided translates to the following ASCII text:

Beware the bearers of FALSE gifts & their BROKEN PROMISES. Much PAIN but still time. BELIEVE. There is GOOD out there. We Oppose DECEPTION. Conduit CLOSING.

This is a well-known message associated with a **Crop Circle phenomenon**—often called the "Arecibo reply" or the **2002 Crabwood Crop Circle**. The binary message was found encoded in the design of a crop formation near **Winchester, UK**, featuring an alien-like figure and a disc with binary code.

It's widely discussed in UFO and conspiracy circles, but it's almost certainly a human-made artistic hoax. Still, it’s a clever example of binary ASCII encoding used in speculative or fictional communications.

Would you like a breakdown of how the binary was decoded or the history behind the crop circle?


Edited source Crabwood Binary Code

01000010
01100101
01110111
01100001
01110010
01100101
00100000
01110100
01101000
01100101
00100000
01100010
01100101
01100001
01110010
01100101
01110010
01110011
00100000
01101111
01100110
00100000
01000110
01000001
01001100
01010011
01000101
00100000
01100111
01101001
01100110
01110100
01110011
00100000
00100110
00100000
01110100
01101000
01100101
01101001
01110010
00100000
01000010
01010010
01001111
01001011
01000101
01001110
00100000
01010000
01010010
01001111
01001101
01001001
01010011
01000101
01010011
00101110
01001101
01110101
01100011
01101000
00100000
01010000
01000001
01001001
01001110
00100000
01100010
01110101
01110100
00100000
01110011
01110100
01101001
01101100
01101100
00100000
01110100
01101001
01101101
01100101
00101110
01000101
01000101
01001100
01001001
01000101
01010110
01000101
00101110
01010100
01101000
01100101
01110010
01100101
00100000
01101001
01110011
00100000
01000111
01001111
01001111
01000100
00100000
01101111
01110101
01110100
00100000
01110100
01101000
01100101
01110010
01100101
00101110
01010111
01100101
00100000
01101111
01010000
01110000
01101111
01110011
01100101
00100000
01000100
01000101
01000011
01000101
01010000
01010100
01001001
01001111
01001110
00101110
01000011
01001111
01101110
01100100
01110101
01101001
01110100
00100000
01000011
01001100
01001111
01010011
01001001
01001110
01000111
01011100

Friday, August 1, 2025

iCloud Phishing email with subject Nous avons bloqu votre compte Le 31 juillet 2025, vos photos et vidos seront supprimes.

For the record, this is a iCloud phishing email attempt that is recently going around, with subject line "Nous avons bloqu votre compte ! Le 31 juillet 2025, vos photos et vidos seront supprimes. Agissez !". 

What to do?  
Report them, goto bottom of page. 


From : Paiement refus<newsletter@advancedroadcrafttechniques.com.au>

Subject
 : Nous avons bloqu votre compte ! Le 31 juillet 2025, vos photos et vidos seront supprimes. Agissez !




PHISHING LINKs;

1. https://4.magnitudenetwork.net/xxxx


How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.
  3. The best way is to 

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

  1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx