All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Thank you for buying via links and ads on this site,
which earn me advertising fees or commissions.
As an Amazon Associate I earn from qualifying purchases.

Other World Computing...
B&H Photo...
Amazon
As an Amazon Associate I earn from qualifying purchases.
Upgrade the memory of your 2020 iMac up to 128GB
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$300 $175
SAVE $125

$999 $799
SAVE $200

$2798 $2198
SAVE $600

$348 $278
SAVE $70

$389 $299
SAVE $90

$2098 $1298
SAVE $800

$1479 $1079
SAVE $400

$322 $242
SAVE $80

$1479 $1079
SAVE $400

$330 $330
SAVE $click

$498 $398
SAVE $100

$180 $140
SAVE $40

$500 $275
SAVE $225

$180 $136
SAVE $44

$130 $100
SAVE $30

$2997 $2497
SAVE $500

$3498 $2998
SAVE $500

$370 $370
SAVE $click

$4899 $4499
SAVE $400

$1000 $1000
SAVE $click

$1699 $1149
SAVE $550

$280 $230
SAVE $50

$1899 $1499
SAVE $400

$4499 $3499
SAVE $1000

$2198 $1998
SAVE $200

$3998 $3498
SAVE $500

$1799 $1699
SAVE $100

$18599 $16599
SAVE $2000

$1149 $799
SAVE $350

$650 $450
SAVE $200

$199 $119
SAVE $80

$280 $200
SAVE $80

$1399 $1049
SAVE $350

$1199 $779
SAVE $420

$250 $200
SAVE $50

$1699 $1149
SAVE $550

$195 $125
SAVE $70

$79 $49
SAVE $30

$120 $30
SAVE $90

$189 $159
SAVE $30

$3699 $1299
SAVE $2400

$3899 $1499
SAVE $2400

$2999 $1999
SAVE $1000

$1699 $849
SAVE $850

$1698 $1198
SAVE $500

$1149 $799
SAVE $350

$1399 $1049
SAVE $350

$1498 $998
SAVE $500

$2797 $2497
SAVE $300

$280 $230
SAVE $50

$700 $500
SAVE $200

$899 $549
SAVE $350

$1699 $1149
SAVE $550

Procedure for Minimizing Risks with a Software Updater that Runs as 'root'

This follows:

Sea Change: Security is Your Job Also, the Writing is on the Wall.

Sony Pictures Hacked: Do You Really Want to Update your Camera Firmware with a Sony Updater that Runs as 'root'?

This discussion actually applies to any software updater, signed or not, for a camera or anything. Because as the Sony fiasco shows, private keys can be stolen.

Even a signed app or updater does not preclude a version modified to contain malware by a hacker who cracks a stolen private key file. And then signs the app so that it looks legitimate*.

  1. Erase a drive, and clone the system to it. (see also How to upgrade your system/boot drive).
  2. Disconnect all drives including the original system drive. Or at least dismount the volumes (sophisticated malware can still infect at the driver level though).
  3. Boot off the clone.
  4. Download the updater, update the camera. Of course, infected firmware could still infect the camera, but the only solution to that is never to update firmware. And even then, really good malware might infect modifiable firmare RAM. Well, it’s all odds.
  5. Disconnect the clone.
  6. Reconnect previous devices, boot up.
  7. Ideally, physically destroy the clone drive (e.g hammer and saw, so to speak). Alternately (and carrying some risk), connect the clone drive (do not boot off it!) then using Disk Utility, erase it, then wipe all blocks (one pass secure erase). SoftRAID 5 also has an even better “Wipe” function.

Obviously if the update is for software you want on your computer, you’re out of luck—in it goes.

You want that software on your system—or do you? It is why MPG installs only absolutely essential software and loathes vendors deliver crapware and automated agents of various kinds. More software means more updates, each of which is a potential vector for compromise.

* That is why it is so critical that a vendor immediately revoke a certificate if there is any suspicion of the private key having been obtained, encrypted or not.

For that matter, a computer containing the private key that signs software should ideally never be connected to the internet. Certainly the private key should not be on a laptop taken for travel. But given reality, the password for the private key should be very long and complex.

Another option — virtualization

Mark A writes with an excellent suggestion of using virtualization via VirtualBox for the temporary bootable system:

I know this is obvious to you, being a software engineer like I am, but your readers may benefit from the understanding that a virtual hard drive can have its changes "rolled back" for free after such a potentially dangerous upgrade and restored to a condition ready for the next one.

Mac OS X is on the official virtualbox list of supported guest OSes. It's just a "normal" EFI-booted Intel OS. I believe Apple changed their license policy for hosting in a VM back in the Lion days.

https://www.virtualbox.org/wiki/Guest_OSes

There's the longer, hackier way ala https://www.robertsetiadi.net/install-os-x-virtualbox/

Or the way you suggest creating a pristine install and where I'd add a last step to clone the raw drive into a dmg image and then to a virtualbox image via https://www.virtualbox.org/manual/ch08.html#idp59618720 so something like

$ VBoxManage convertfromraw NewImage.dmg NewImage.vdi --format VDI

And a young geek's view (the kind my son would probably prefer rather than actually reading instructions) https://www.youtube.com/watch?v=Nod7cpxzxLc


Deals Updated Daily at B&H Photo
View all handpicked deals...

Apple 13.3" MacBook Air with Retina Display (Early 2020, Space Gray)
$999 $799
SAVE $200

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__