Exposé debuted with Mac OS X 10.3 (Panther) in October 2003. Panther was a vast improvement over 10.2 (Jaguar) in terms of speed, stability, and features. I found that Jaguar would lock up at random, no matter the hardware it was running on; restarting could take up to ten minutes on my Power Mac G5 when it would lock up. Thankfully, Panther resolved that restart bug.

Panther introduced Fast User Switching, forever changing the way families and workgroups share computers. For me, however, the greatest new feature of Panther was Exposé–the iconic and copied window management system we are all used to. Just this morning I discovered what was, to me at least, a hidden feature of Exposé.

I had a dozen or so Safari windows open, a spreadsheet, and a keynote presentation, and could not see the desktop. I could switch applications using the Command-Tab keystroke, and then hide others once in the Finder–but that would be a bit disruptive. I had to drag a block of text from a web page onto the desktop to make a clipping. So, I highlighted the text I needed, began dragging it, then pressed F11 (the default keystroke to show the desktop using Exposé), and was then able to place the text clipping where I wanted on my desktop. With this done, I pressed F11 again, and picked up right where I left off.

You can use F9 to show all windows for a similar effect. Say you have an unsent email on your screen behind an active Pages document. Save the Pages document, and drag the icon in the window’s title bar. Now, press F9 (the default “show all windows” keystroke for Exposé) to show all your windows. Drag it over the email you’re writing and wait a second. Just like Finder’s spring-loaded folders feature, you’ll see the destination window flash a few times and then come to the forefront. Let go of your mouse or trackpad button, and you’ve attached the file to your email.

As mentioned on our “blog,”:http://blog.smalldog.com/article/modified-macdefender-skirts-security-apple-responds/ Apple has released a security update for Snow Leopard that will monitor downloads and alert you if Mac Defender attempts to install itself. Dubbed Security Update 2011-003, it was released on May 31st and should have appeared in your Software Updates list. (If not, you can download it directly from Apple “here”:http://support.apple.com/kb/DL1387. Sorry Leopard users, it’s for 10.6.7 only.) Just as Apple released the update, a new variant of Mac Defender surfaced in an attempt to bypass the malware filter. Rather than play cat-and-mouse with the malware writers, Apple included the ability to update malware definitions automatically in the Security Update. This means if a new version of Mac Defender were to come out tomorrow, your Mac would be ready for it.

If you took our “advice”:http://blog.smalldog.com/techtails/tt767/ and disabled the Safari option to Open “safe” files after downloading, you may have wondered how Safari determines what is and what isn’t a “safe” file. Mac OS X has built-in malware detection that will watch what you’re downloading via Safari and alert you if it shows up on the list. (Even if the file is not on the list, you will still get a warning about the file being downloaded from the Internet.) This list of “safe” files is updated from time to time with Security Updates, but not everyone downloads updates when they come in.

Given how many people have fallen for the Mac Defender “virus warnings,” the 2011-003 update sets your system to automatically check for updates to this list every 24 hours. You don’t have to do anything, it just quietly grabs the latest list from Apple once a day. If you’re *really* paranoid, you can force it to update more often. To do this: go to System Preferences -> Security -> General and look for the new option: “Automatically update safe downloads list.” Remove the checkmark, wait a few seconds, then check it again. If you want to check what version of the malware definitions are installed, you can download a utility called “Safe Download Version,”:http://www.macobserver.com/tmo/article/stay_on_top_of_apples_malware_definitions_with_safe_download_version/undefined/ courtesy of The Mac Observer.

As has been said in the past, the best way to avoid malware is to pay attention to what you see. First, a web site cannot detect viruses on any computer just by loading a page. Second, you should never enter your administrator password unless you are absolutely sure you know what you’re allowing access to. Do a quick search on Google if you aren’t sure what the program is doing. If you’re really concerned, don’t use an Administrator account for everyday use. There isn’t any legitimate reason to set your account as Administrator, even if you are the only person using your computer. Use a separate Administrator account for system updates, and use a Standard account for email and web surfing. That way if something does slip through, it can’t do any damage. Finally, stay on top of security updates. Snow Leopard is up to v10.6.7 now, with v10.6.8 just around the corner–there’s no reason you should still be on v10.6.3.

As if people didn’t have enough trouble with Mac Defender, there is a new round of phishing attacks floating around. Most of the time, these attacks come via email, but now that social media is incredibly popular, hackers are targeting people via Facebook and Twitter.

Phishing, which is an intentional misspelling of fishing, is an attempt to fool users into giving up their personal information. If you’ve ever received an email telling you that you’ve won a foreign lottery, or the recently dethroned Prince of Sheckylvania is trying to move some money and wants to share his riches with you, it is likely a phishing attempt. The email tries to thwart users into logging into a website and filling out a form with their banking information. However, instead of giving you the promised $25 million for your help, you’ll now start getting notices from your bank that your account is overdrawn.

The “Prince” didn’t deposit the millions he promised; instead he drained all of your funds. It sounds silly, and you may ask “How anyone could fall for such a thing?”, but you would be surprised how often greed rules over common sense. People receive a promise for free money and immediately fill out whatever information the message asks for, without even considering the dangers of doing so. Giving someone your bank account or routing number not only allows them to put money in, but also means they can take it out–what they wanted in the first place. There have been many news stories about people who have fallen for these scams and lost their entire life savings.

The latest version of this scam is now starting on Facebook. You may receive a mysterious post on your wall from someone you don’t know, that tells you to check out a video. Often times the accompanying video will attempt to entice users with a subject like: “President Obama, OMG what’s he doing?” If you click on the link, you’ll be taken to a page that asks you to log into Facebook. If you enter your login info, it will be sent to a hacker, who will then have control of your Facebook account. Phishing attempts of this sort typically claim to be something that guarantees people will click on it, such as the Japanese Tsunami or the Royal Wedding.

As with anything else, it pays to read carefully before you do anything. In this example, there are some very obvious signs cluing you into the scam. First off, you just clicked a link on Facebook, so why are you being asked to log in again? Second, check the URL–it most likely is *not* a Facebook address. Also, look out for typographical errors and poor grammar–many phishers are not English speakers.

Another way to detect fake sites is to look at the address they try to send you to. A lot of fake sites will use addresses such as .cc, .co, .cz, etc. Be wary when you see these sites.

With scams like these, it’s important to remember: if it sounds too good to be true, it probably is. Also, if a message came unsolicited from someone you don’t know, it’s most likely fake. However, if it *did* come from someone you know, but it seems out of character for them (like the famous “Help me I am stuck at a train station in London” email) try to contact them first before you start calling Western Union. People who fall for these scams often end up with their email being hacked, which is then used to send out even more scams. If you receive a note saying your PayPal account has been locked, but you don’t even have a PayPal account, there’s no reason to even click on the “verification” link. Another thing that’s important to remember is that online services will *never* ask you to verify your password in the event your account has been compromised. This is a common trick used to steal World of Warcraft accounts–scammers pretend to be from Blizzard, and claim that your account has been locked.

Practice safe surfing by thinking before you click!