Spark and GrowlTunes

When I got the new computer, it came with OS X 10.4. This gave me an opportunity to dally with Quicksilver, a keyboard-based program launcher. This is a grass-roots effort to build a better mousetrap than ObDev's LaunchBar. Some nice features, but ultimately, it proved too flaky for regular use. When I switched back to the tried and true, however, I found myself missing some of Quicksilver's features. Notably, the iTunes Growl notifications and system-wide keyboard shortcuts.

GrowlTunes was an obvious replacement for the first. The hotkey situation was little stickier, due to the fuzzy language needed to describe what the app does. Eventually I came across Spark, which—while poorly described and poorly documented—provides exactly what I need. The configuration app, called Spark, allows you to associate a function (such as Advance Track in iTunes) with a keyboard shortcut (cmd-F3). The Spark Daemon, which runs as a hidden process viewable in the Activity Monitor, handles the actual dispatching of the commands. And with that, I can now put my Mac to sleep with Ctrl-Alt-Delete. Take that, Windows users!

A sense of security

There's been a lot of press lately about the rise of Macintosh-based viruses. None of these has been particularly insidious, but the time will come that someone finds a truly ghastly exploit and works it for all its worth. Certainly, I'm under no illusions that the OS X operating system is without its fair share of oversights and loopholes that allow for that sort of attack. Up until recently, I ran without anti-virus support. I had reasonable protection, I rationalized. I was behind NAT, the firewall was locking down virtually every port, etc.

I knew the bad guys were out there. Apache server logs showed that I was getting scanned for well-known port 80 vulnerabilities at least every other day. I'm sure the firewall was indiscriminately rejecting scads of other promiscuous assaults. But my software was fully patched, and I had shut off mod_perl. With these small provisions, until recently I felt safe.

Last week, I installed ClamXav, an OS X wrapper for the open source ClamAV anti-virus scanner. It's about as easy to set up as any open source software. That is to say, it takes some research before you'll get anything out of it. It's definitely different from the more familiar Windows anti-virus products.

The thing is, even after reading an introductory article, and spending a couple hours scanning and configuring, I still don't feel like I've "locked up" all the attack vectors. The commercial anti-virus vendors have done a fine job of feeling comprehensive. They're poking at your web browser, your email client; they scan memory, read all your opening files; and benignly get in the way of everything you want to do.

There's a sense of relief in that. The smart people at Symantec, Microsoft and Macaffee have put their heads together to come up with every possible way a malicious hacker might bust into your box. ClamXav lacks that friendly layer of reassurance. It might be just as secure as the protection offered by the commercial vendors, but have I configured it well enough to provide the defenses that I need? I really couldn't say.

This makes me think that maybe the real value in anti-virus software isn't in actually preventing attacks, but in making you feel like it is.

First post

The requisite first post. I've driven by this site a few times in the past, but never really stopped for a look around. Evidently this is a free service. That's mighty magnanimous of someone. Google, I suppose.

Anyway, nothing to see here. Move along.