Parrot OS We are the Parrot Project Parrot is a worldwide community of developers and security specialists that work together to build a shared framework of tools to make their job easier, standardized and more reliable and secure. Kongregate free online game Pixel Defense - Pixel Defense game. Play Pixel Defense. Howdy, Stranger! It looks like you're new here. If you want to get involved, click one of these buttons! Ever since updating to 10.10.3 I've been getting kernel panics and random flickering pixels on my screen. Android Package Kit is an Android application package file format used for distributing files and installing them on Android OS devices. 1 (Full Unlocked) 2020 For Android latest version 2020 this apk is a fully moded Home Design 3D Mod Apk you can download for free and working with a high-speed download. About tech Mar 01, 2021.
Pixel art has seen a big resurgence in popularity. New generations of artists and designers have taken up the digital brush to create modern pixel art masterpieces.
And as popularity for the pixel has grown, so has the number of tools for making it.
Choosing which tools you want to learn can be a challenge. So to help you decide which program to pick we've compiled a list of the best software for creating pixel art.
Whether you're just starting out or looking to expand your skills, our guide will help you find the best pixel art software to fit with your needs.
Photoshop
Price: $9.99/mo
Platforms: Mac, Windows
Adobe Photoshop is the leading software for graphics editing & digital painting.
It should come as no surprise that it's also a popular choice among pixel artists. While not made specifically for pixel art, Photoshop contains all the tools necessary to create professional quality pixel art and animations(and so much more).
Photoshop can be somewhat cumbersome for beginners as it is feature-heavy.
But there are plenty of tutorials available on setting up the program for making pixel art.
If you plan to create high resolution images or textures then it's worth it to start in Photoshop so your skills are concentrated in one program. This is much better than having to learn multiple workflows for many different programs.
One of the biggest benefits to Photoshop is the volume of resources available.
There's a tutorial for pretty much anything you could image as well as free scripts and plugins for even more flexibility.
If you're working towards a career in game development or design then it's worth noting Photoshop is an industry standard. Having knowledge of the software will be a big help in landing a gig at a studio.
But this is also nice if you just want to make your own indie pixel art for fun. Photoshop really is the bee's knees for brilliant pixel art.
Krita
Price: Free
Platforms: Mac, Windows, Linux
Krita is a free and open source professional painting program aimed at digital painters, cartoonists, illustrators, and concept artists.
With some minor configuration changes Krita can be used for beautiful & professional pixel art.
Because the program is tailor-made for painters, many artists will find the workflow is very natural and easy to learn.
Krita is perfect for those with a traditional background in painting who want to transition into digital art. In 2015 the Krita community crowdfunded for an animation feature making it fully capable of adding motion into your pixel artwork.
While not as feature-rich as Photoshop or GIMP, Krita has many tools that you won't find in programs dedicated to pixel art creation alone.
Depending on your needs this may be a benefit.
If you're looking for a program that can handle both pixel art and high-resolution illustration work, and even animation, then Krita might be exactly what you're looking for.
When it comes to a digital painting program Krita is hard to match—especially for the price of free.
On the other hand, Krita's documentation is lackluster or missing in some areas, especially those features that have been recently added. Although you can find plenty of great tutorials online for free.
As a niche tool it also lacks the robust communities that you'll find around some other software.
But with its easy-to-use and customizable layout Krita is solid choice for beginners and experienced artists alike.
GIMP
Price: Free
Platforms: Mac, Windows, Linux
GIMP is an open source image editor probably best known as the 'free alternative' to Photoshop.
It boasts a powerful set of general image editing tools and painting tools.
Because of the easy-to-use layout and highly customizable interface, GIMP is a popular choice for artists of all backgrounds and styles.
GIMP comes with all the tools you'll need to make professional pixel art. There's even a built-in timeline and animation player much like Photoshop.
This makes it a great choice for those who are looking for a one-size-fits-all solution to image editing. It will be easy to transfer your pixel art skills to photo manipulation and graphic design if you choose to do so.
Because of its popularity GIMP enjoys the support of a large community of creators and you'll find plenty of tutorials for the program as well as a plethora of plugins to suit your needs.
It's a great choice for those on a budget looking for something that can handle pixel art along with image editing, painting, graphics design, and more.
Aseprite
Price: $15
Platforms: Mac, Windows, Linux
Aseprite is a very popular and highly recommended program designed for pixel art.
It's well worth the $15 price tag for the final software. But those with some tech skills will be happy to learn that Aseprite is available for free if you're willing to compile it yourself.
Now Aseprite is popular for good reason.
Many artists love the streamlined interface and pixel art aesthetic. It's a lightweight but fully capable program that is extremely easy to learn.
It comes with features like onion skinning – the ability to overlay frames before and after the one you're working on – that make animation a breeze. And the timeline itself is very accessible for beginners.
Aseprite can also automatically convert fonts to pixel art which is very handy for game development and user interface design.
There is a wrapping tool that makes it crazy easy to design tiles so that they repeat on the edges. This is a big deal in pixel art.
Aseprite has some of the best sprite sheet exporting tools I've seen in any software, making it a must-try for those who are serious about creating pixel art for video games.
Pyxel Edit
Price: $9
Platforms: Mac,Windows
Pyxel Edit is another popular program beloved by pixel artists worldwide.
It's known for its ease-of-use and user-friendly interface. While there is a free version available out there, it lacks many of the features that make Pyxel Edit a worthy choice.
The elegant interface is a big selling point for Pyxel Edit.
The program contains all the features necessary for creating static and animated images, including animation onion skinning which lets you overlay sequential frames in your pixel art.
At only $9 Pyxel Edit may be the perfect choice for those working with a low budget.
Pyxel Edit is best known for its powerful tileset creation tools.
Working with tilemaps can be a tedious process for any artist, but Pyxel Edit is here to help with a set of tools designed to speed up the workflow. Tilesets can be easily imported and exported or converted to XML or JSON filetypes for use in game engines.
Game designers working on multiple tilemaps might find that Pyxel Edit saves them a lot of time and hassle. It's just a great tool for anyone serious about(or getting into) pixel art.
GraphicsGale
Price: Free
Platforms: Windows
GraphicsGale has an old-school aesthetic to the GUI. But don't let that fool you since it packs quite a punch!
Not only is it available for free, but it comes with all the features you'd expect from a program dedicated to pixel art.
It supports drawing, animation, layering, palette control, and much more.
GraphicsGale can export to several file formats too. It can handle both GIFs and sprite sheets making the program flexible enough to fit most workflows.
With GraphicsGale you can preview your animations in real time, which can greatly speed up the animation process if you're into that kinda thing.
Another great feature is the ability to import images directly from a scanner or a camera using TWAIN imaging. This is great for artists who prefer to lay out their ideas on paper and then digitize them.
Unfortunately GraphicsGale is only available on Windows. It's also missing some hotkey support compared to other programs. Withered soul mac os.
This could be a problem for some artists but if you're on a Windows machine then GraphicsGale is worth checking out.
Paint.NET
Price: Free
Platforms: Windows
Paint.NET is widely used as an alternative to Photoshop and GIMP by the Windows crowd. It should run on all versions of Windows from XP to Win10 and beyond with frequent updates from the team.
While not as robust as either GIMP or Photoshop, I do think Paint.NET is easy to use once you get past the interface.
It'll also handle basic image editing so it's a good choice for pixel artist who are looking for a lightweight program that can handle more than pixel art.
Paint.NET has a great community with plenty of tutorials and an active user base that can help you get started making your own sprites and other images.
Support for advanced features are available through plugins making the program more flexible than some of its competitors.
Compared to Photoshop and GIMP, Paint.NET is very easy to learn and will not require much time to pick up.
There are, however, a few major limitations.
For one, Paint.NET is only available on Windows. In addition Paint.NET doesn't support multi-image editing, meaning you can only have one image open at a time.
This can be a big hindrance no matter what you're using this for.
Despite these drawbacks Paint.NET is still a fun choice to try for budding pixel artists working in the Microsoft ecosystem.
Piskel
Price: Free
Platforms: Mac, Windows, Linux, Online
Piskel is a streamlined program dedicated to creating pixel art and animation.
It's an excellent choice for artists looking for a free, bare-bones solution to their pixel art needs.
Not only is it offered as a free download, but there's a web version available so you can try it out in your browser!
The clean interface means you can get up and running with Piskel in no time. There's an animation previewer that provides real time playback which makes animating your sprites a breeze.
It packs enough features to meet most of your needs while being simple enough that beginners can easily learn the tools.
Piskel can export static images, GIF animations, and Spritesheets. Or all three!
I've seen some artist complain that Piskel is a little too limited.
And while it does lack certain advanced features, I think that may be part of the appeal for many of its fans. Sometimes minimalism is exactly what you're looking for.
Piskel is a fantastic tool for those artists looking for a no-clutter program that puts nothing between them and their art.
Pixie Engine Editor
Price: Free
Platforms: Online
The Pixie Engine Editor is a free online tool that offers the very basic features necessary for making pixel art.
Most artists will find this program too limited for professional work. But beginners might enjoy it as a hassle free starting point for learning pixel art.
Unfortunately you can't do much more than draw static images, but it does have a full color palette and the ability to save and open images.
There's a community gallery on the site for browsing the work of other artists which is a great way to study others and learn.
The Pixie Engine Editor also comes with a Tune composer which is handy for game developers looking to make some music or sound effects for their games.
As it stands I could see this editor being useful for game jams or prototypes where speed is more important than beauty.
The source code for the Pixie Engine is also available for free on GitHub if you'd like to fork the repository and use it as a base for your own pixel art creator.
GrafX2
Price: Free
Platforms: Mac, Windows, Linux
GrafX2 is a bitmap image editor inspired by Amiga Deluxe Paint. The original version was released over 20 years ago but the source code was later released as an open source project.
It has since been rebooted for contemporary machines and updated with brand new features.
Defense Zone Game
GrafX2 is a fan favorite not only because of its retro origins, but because it boasts a powerful toolset and an intuitive interface.
It has everything you'd expect in a drawing program plus many unique features that make it a popular choice for artists.
There's a 'Spline' tool which allows for drawing perfect curves and a 'Merge' tool which merges colors based on averages.
The 'Histogram' tool will show a pallet of all colors used in an image and how many pixels they populate.
GrafX2 is scriptable in Lua which allows for automation and custom functionality. It also has features for working with repeat tilesets.
Because of its age, GrafX2 also has a large community and plenty of learning resources on sites like YouTube.
Not only does GrafX2 have a wide set of tools and effects, but its supports frame animation as well.
And despite having so many features GrafX2 is very easy to learn. Beginners can be up and running in a matter of hours. The software is also totally open sourced meaning it's free to use, copy, and modify on all platforms.
The only complaints I've seen of GrafX2 is that the user interface looks ancient.
Personally I find the retro aesthetic charming and suitable to the art of pixel design, but that's just me. Even with that drawback, the amount of features you get with this free program make it a must-try for any pixel artist.
iDraw
Price: Free
Platforms: Windows
iDraw is another simple pixel art editor that is mostly used by the RPG Maker community.
It comes with all the basic features you'd expect: selection tools, drawing tools, a customizable palette, etc. iDraw is popular among pixel artist who work mainly in the JRPG style that was popular in the 90's.
Many years ago it was not unusual to see people using pirated copies of RPG Maker 2003 and iDraw to create their own RPG's with custom sprites.
Now that RPG Maker 2003 has been revamped and released on Steam for $5 bucks, I suspect some users will want to download iDraw to complete their nostalgia.
As far as pixel art editors go, iDraw isn't bad. But it lacks modern features for animation and the user interface is clearly dated.
This will probably turn off a lot of newcomers looking for a more contemporary program.
On the plus side, the RPG Maker community is alive and still going strong. So you'll find tutorials for using these programs together all over YouTube.
I expect to see a bunch of these old-school RPG's as people rediscover the joys of RPG Maker with iDraw.
Tile Studio
Price: Free
Platforms: Windows
Tile Studio is a graphics editor made for tile-based game art.
It contains a bitmap editor for creating tiles as well as a level editor for designing tile maps. Tile Studio will work with just about any programming language and can be customized to output maps, animation sequences, bitmaps, and color palettes to use with your own code.
This makes Tile Studio especially useful for level designers and game studios.
The program is open source and available for free on Windows.
With Tile Studio you can import tiles for existing images making it possible to reuse tiles from other programs. While the level editor is the main draw here, it also contains a fully capable bitmap editor complete with drawing tools and special effects.
Creating animations is easy and intuitive although it lacks some features compared to bigger programs.
After creating your frames you have the options of exporting them as either a sprite sheet or a tile sequence, which can be super handy for game developers.
While most of Tile Studio's features are easy to use, some of the advanced tools can be difficult for beginners. Luckily the documentation is detailed and complete with tutorials to get you up to speed.
If you're looking for a program designed to make tile-based level design as painless as possible then Tile Studio may be just what you're looking for.
PikoPixel
Price: Free
Platforms: Mac, Linux
Piko Pixel is a free and open source application for creating pixel art on Mac and Linux.
The program is both easy to use and offers several features including a customizable canvas, unlimited undos, hotkey-activated popup panels, and layering.
It's a good alternative to some of the Windows-only programs in the pixel art world.
While there are a few demos available to help you get started, the interface is so simple that I doubt you'll need them.
Everything is self-explanatory and uncomplicated. This is very common with Mac programs but I'm surprised how well it works on Linux too.
While it lacks the advanced features of other pixel art programs, Piko can produce quality graphics in the right hands. Decent for beginners but maybe a little better for semi-experienced pixel artists.
Pixilart
Price: Free
Platforms: Online
Pixilart is much more than a drawing app. It/s marketed as a free online social platform for creative minds and game enthusiasts who want to learn about creating digital art.
It boasts over 10,000 new users a month, offers art contests, and provides a strong community geared toward getting young people involved in game design.
Founded in 2013, Pixilart set out to become THE social networking site for pixel art enthusiasts.
Even without the social aspect, Pixilart is worth checking out.
The drawing app is a delight to use with a sleek and modern interface. It packs all the basic features you'd expect from a pixel art program as well as some advanced tools like pixel-perfect drawing, easy dithering, frame animation, pixel text support, full screen mode, an autosave feature, and so much more.
With a plethora of settings and options Pixelart is highly customizable to suit any workflow.
Despite being geared to children and beginners, Pixelart is capable of professional work too.
In fact some pro artists will love the simplicity of the design. And because of the social aspect of the application it's easy to find help others.
Also there's tooltips you can toggle to guide your learning in case you're having trouble.
Overall I found Pixelart to be one of the most impressive web-based pixel art apps available. I highly recommend it to beginners and advanced users alike.
Lospec Pixel Editor
Price: Free
Platforms: Online
Lospec is a relatively new web-based pixel editor designed to be accessible, pixel-perfect, and intuitive for all users.
Its goal is to be simple enough for the first time pixel artist while still being powerful enough for veterans.
As of writing this article the application is still in the early stages of development, but it already shows promise with a solid interface and an easy to understand toolset.
While currently lacking many of the top features necessary for serious professional work, Lospec is a good starting point considering the price and easy access(it all works online!)
It's definitely worth keeping an eye on as the developers continue to update the app.
Related Posts:
Hello and welcome to my User Tip
See this here for the latest Security Issues
'Do I need to run anti-virus/anti-malware software on a Mac?'
Apple has installed OS X anti-malware now in 10.6.8 and above OS X operating system versions, there is no need to install anti-virus software and it wasn't very good at catching the rare malware we get anyway as Apple acts fast and has the benefit of the Software Update and background checks.
Third party anti-virus tends to cause issues when Apple issues OS X updates, so it's not advised to install them.
If you need more to clean the Windows files of their malware, I suggest installing the free ClamXav as that's a run as you need it.
Warning about online banking:
No computer or device is 100% secure, even Macs (especially older versions) but they are a lot more secure than Windows machines depending upon usage. There is a minor amount of malware targeting Mac's, driveby's and trojans mainly, so you take some pre-cautions in that regard.
Like with gambling, do not deal with amounts online that your not willing to risk losing.
Your bank will NOT issue a refund if a loss occurs, it's out of their responsibility what occurs on your machine. Far as they know, you transferred all your money to another bank and then withdrew it all or worse, they can claim you had a accomplice! So you see their position why they don't issue refunds, they would be scammed by many often.
It's rather easy to set up a secure savings account with more substantial funds and use a more accessible online/checking/debit account with less funds and transfer some from one to the other occasionally (but not via online banking of course) with either no or very limited overdraft protection, only keeping what one is willing to lose in the less secure accounts that is exposed to the world.
Entire bank accounts have been drained by hackers, the money wired overseas and withdrawn before the thieves are caught (if so) or even anyone even knowing it occurred. If the hack occurs on your machine, there is little recourse, the government is swamped and you may get little or nothing back, certainly be without for quite some time even if they do mange to get it stopped in time.
Is that really worth risking for the convenience of online banking?
Take some precautions, separate your funds, increase the security and reduce / eliminate the outside electronic access for accounts in higher amounts, and only gamble with online, ATM, debit cards, checks etc., with what your willing to risk losing.
Don't completely buy the banks online banking game, they just love pushing it because it reduces their costs at your security expense, it can be used, but used WISELY. 🙂
See this:
Hardening your Mac and yourself to prevent future attacks
In the military there is a form of security called 'compartmentalized security' and basically it's about not allowing anything to have access to everything, but rather to place more barriers, 'hoops' and security checks in place before a target reaches it's goal, especially something of great value.
This method also reduces the attack surface area when surfing the web, sort of like channeling your enemy to have no other choice but to attack though one small door or limited opportunity, like only though the browser, instead of the browser + Java, JavaScript, QuickTime, Flash, Silverlight etc.
It assumes, like it should be, that the web is a hostile zone and you need to have no trust, until you establish that trust before lowering your defenses.
Unfortunately most web browsers and users today go around assuming the web is a warm, safe happy place, and one can click on and do anything.
'la la de da, I have a Mac and nothing can hurt me, because Mac's never get viruses' bad thinking.
Blackhole Exploit sites are just waiting to compromise your machine merely by visiting them or running a browser plug in on them, or clicking a link in a email or post on a untrusted forum.
You keep your security where your in the loop and keeping watch on things and the activity going on with your machine.
#1 Keep your OS X Software up to date by using the Apple Menu > Software Update also checking with third party software for updates.
Apple can't help you if you don't don't let them.
Attack methods of malware
Browser attacks
These depend upon a flaw in the web browser itself, which may or may not include the assistance of scripts or plug-ins installed in the web browsers.
Keep your web browsers updated by running the built in updater, via the developers site or for Safari via Software Update under the Apple Menu.
Obviously don't surf to websites that are going to attack your browser, even if there has been no exploits reported just for the fact that there are many that are NOT being reported.
If your going to engage in this sort of risky behavior visiting hostile sites, either use a virtual machine guest OS, 'guest account' or another General User account, or even another computer that you don't care out wiping and reinstalling the operating system, and certainly don't install anything with your admin password on these potential hostile sites.
Have more than one browser on your machine, this way you can switch to another until a update for your primary one occurs or in case you have problems with Safari.
Your alternate browser choices are Firefox (highly customizable, lots of add-ons), Chrome (more secure, but from a advertising company that tracks you online), Opera and some others.
Script & plug-in based attacks
Web browsers use JavaScript, Java, Flash, Silverlight, QuickTime and many others to do do things in your browser. You need to keep the ones you control updated.
If your not using any of these scripts on a constant basis then turn them off in your browsers preferences.
It's highly advised to turn off Java (not JavaScript) in all your browsers preferences (if installed) unless you specifically need it then only use it for trusted sites.
Flash (lots of security issues) and Silverlight (kept secret) is depending upon use, read about NoScript below.
JavaScript is used quite often, so you should leave that one on.
This handy online checker will inform you of outdated scripts, especially Flash and Silverlight which are the most commonly used ones that have to be maintained by the user.
Pixel Pop Defense Zone Mac Os Download
Direct links to trusted source downloads:
Bookmark these links in your browser
Flash - no matter what pops up in your browser etc., download and install from here,
Lots of websites have Flash content http://get.adobe.com/flashplayer/
Uninstall Flash:http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html
Silverlight - no matter what pops up in your browser, download and install from here, used for Netflix
Uninstall Silverlight: https://www.microsoft.com/getsilverlight/get-started/install/removing-silverligh t-mac.aspx
Flip4Mac - allows playback of copy protected Windows Media files on Mac's, optional install
Java, JavaScript and QuickTime
for these, just run Software Update under the Apple menu. Apple will take care of them, provided your on 10.6 or later that is.
Java should be disabled/removed on 10.5 and earlier machines if no update is available.
Virus attacks
Viruses are malware that attach themselves to known files and shared amongst users unawares. OS X based viruses are rare and so far non-existent in circulation.
A Mac can act like a Typhoid Mary and transfer Windows viruses to other Windows users on shared files, so perhaps it's would be good to clean these using the free ClamXav which you run as you need too.
Malware has the opportunity of getting around before anyone knows about it. The reason Windows machines still get infected despite having anti-malware installed is the anti-malware is looking for signatures, definitions or behavior of what it's supposed to find. Since there isn't any for new exploits, the malware gets on and disables the anti-virus or worst, uses it to keep other malware off and trick the user into thinking they have a clean machine.
The user experiences heavy CPU load, assumes it's the anti-virus and doesn't even consider malware is on their machine. So most all anti-virus / anti-malware software is sort of like closing the barn door after the horse has already escaped, but can help stop the spread of malware eventually but it's not a preventative measure against new threats if they can spread rapidly enough and silently enough. Later down the tip here I will explain LittleSnitch, which can help 'watch the backdoors' to alert you of strange outgoing network connections.
Malware writers use the same anti-virus software to 'test' if their malware gets by it, also they have the ability to spread their malware far and wide before anyone picks up there is a problem. So you can see why it's important to employ a strong defense on one's behavior and machine to reduce the chance of malware getting on.
The best offense against malware is a secure operating system and third party software, which so far the Unix/Linux based operating systems are more secure, like OS X your using.
Windows 7 has done a much better job of catching up compared to previous versions where malware outbreaks were a almost weekly occurrence, still not near as good as OS X, although no operating system or browser is 100% perfect. Apple has made some errors in judgement in regards to keeping OS X's security up to Unix's tough standards. Which I'm helping to assist you to overcome those weaknesses.
Problem with malware on the Mac's has mainly come from not viruses, but via exploits in third party browser plug-ins, driveby attacks, social exploits and Trojans.
Trojan attacks
Trojans are programs or files you think are one thing and turn out to be another, or do what they say but have sinister portions to it, you need to trust the source of your downloads. Check with many others about the developer, the site your downloading from etc., before committing.
Usually it's installing stuff from untrustworthy sources like from links on thread posts where there isn't a trust worthy site admin, P2P networks or other means like emails attachments, files and links and such avenues that it's hard to locate the person(s) responsible.
Apple has incorporated a Trojan check for all downloads, but again like viruses on Windows, it also suffers from the time delay with new ones.
A good rule of thumb is to wait and watch a site your thinking of downloading software from, usually if they are out to screw people over they won't be up for long or get bad reviews.
If you get a lot of files via e-mail, you may want to consider installing the free ClamXav to clean the filth, however most of them are going to be for Windows.
Social exploits, tricking the user attacks, phishing
If your asked for your password or to do something like install this or that 'codec to watch this movie', or 'update your Flash here' or Software Update window appears, or 'OS X has found a virus' window appears while a web browser is open, consider not going ahead, rather exit the browser and reboot the computer to clear the memory.
Check the status of your plug-ins using the trusted Mozilla check or links above, or from a site you know is the developers site, run the Software Update from the Apple menu. You might find out that you were lied too, and the site you were on was trying to trick you into giving up your password.
Don't believe everything that pops up to notify you of something when surfing, I know Flash and Software Update does this so don't click on it or give it your password, Force Quit the browser by switching to the Finder and using Apple menu, reboot the computer and then check Software Update and Flash for updates yourself with the links I've provided above.
Browser scripts have the ability to mimic OS X looking and other programs windows, like the Flash updater.
Browser and scripts based exploits have the ability to access the Users files and upload them online. So if one has a plain file containing password reminders, private information, consider using a small third party program to encrypt files or folder, a encrypted USB key, Keychain Access, etc etc.
IMO you shouldn't be doing any online banking, or using credit/debit cards in amounts your not willing to lose, most anyone can be fooled to enter their vital details into a rogue website.
Driveby attacks
Driveby attacks occur simply by visiting a website which then take advantage of a vulnerability in a browser or plug-in, no tricking of the user is needed. This is how Flashback first attacks, silent and deadly using your third party plugins, this time it was Java before that it was Flash. Since Java isn't used too much at all online, I suggest you turn it off.
Firefox has the ability to turn off not only Java, but Flash, Silverlight in the add-ons menu. A much better arrangement perhaps than Safari which can't. Again the objective is to reduce the avenues of attack as much as possible.
The Firefox + NoScript method below will reduce your browser/script exploit possibilities as you surf the web as you enable scripts only on sites you trust.
Driveby downloads
A website can initiate a download simply by being visited, so say your surfing a trusted site and get redirected really fast to another site or click a trick link you think is something else but is actually a link to download.
A download occurs, (especially on a fast connection with a small file you won't see it sometimes) and there is a nice neat little package of pain awaiting your click in the Downloads folder. Could be named something your used to installing like Flash, or Silverlight, and here you go giving it your admin password to install, directly into root and your pwned.
Well to stop this you use a browser that allows you the option to inform you before the download occurs. Firefox does if it's preferences are set that way.
Next you keep your Downloads folder clean and don't use it to store things or installers, move the trusted installer packages to a new folder somewhere else. When you go to download something, make sure the Downloads folder is empty first.
Consider running as 'Standard User'
There are four user permissions levels on Mac's. Root, , Admin, Standard and Guest
Root Level User - dangerous
This is the most dangerous user, it or anything else can do anything on the machine, it's disabled for a very good reason. Programmers work in root all the time (and offline mostly) as they prepare code, so for them having to enter a Admin password each time to gain Root is a pain.
Single User mode is Root, and used as a troubleshooting and problem solving means when the computer isn't functioning normally.
Running as root user all the time is suicide for most anyone else.
Admin Level User - very risky
When a Mac user first sets up a machine that account is called a Admin account. Most single users of the machine keep it this way either unawares or to facilitate doing things with the machine, installing programs and having Software Update automatically run.
Running all the time as 'Admin' is a bit dangerous, as anything that gets in via the web browser or anything else has a lot of freedom to move around and wait to attack at the opportune time, even alter other programs.
However to gain root level it must ask for the Admin password, trick the user or alter another program to use a 'sudo window' (super user do, aka 'root') which gives it a few minutes to do whatever it wants to your machine, once in root, it's all over.
If you in Admin Level user and something asks for your Admin password, it means it needs root user powers, so if this occurs while surfing with a fake pop-up window looking like a Software Update, you can see how easily a user can be tricked (that's how one of the Flashback attacks works)
If malware attacks while your in Admin User, even without needing your Admin password, the cleanup efforts likely still will require a complete erase of the entire OS X with a 'fresh install' of everything and returning vetted user files from a clean backup.
Unfortunately GraphicsGale is only available on Windows. It's also missing some hotkey support compared to other programs. Withered soul mac os.
This could be a problem for some artists but if you're on a Windows machine then GraphicsGale is worth checking out.
Paint.NET
Price: Free
Platforms: Windows
Paint.NET is widely used as an alternative to Photoshop and GIMP by the Windows crowd. It should run on all versions of Windows from XP to Win10 and beyond with frequent updates from the team.
While not as robust as either GIMP or Photoshop, I do think Paint.NET is easy to use once you get past the interface.
It'll also handle basic image editing so it's a good choice for pixel artist who are looking for a lightweight program that can handle more than pixel art.
Paint.NET has a great community with plenty of tutorials and an active user base that can help you get started making your own sprites and other images.
Support for advanced features are available through plugins making the program more flexible than some of its competitors.
Compared to Photoshop and GIMP, Paint.NET is very easy to learn and will not require much time to pick up.
There are, however, a few major limitations.
For one, Paint.NET is only available on Windows. In addition Paint.NET doesn't support multi-image editing, meaning you can only have one image open at a time.
This can be a big hindrance no matter what you're using this for.
Despite these drawbacks Paint.NET is still a fun choice to try for budding pixel artists working in the Microsoft ecosystem.
Piskel
Price: Free
Platforms: Mac, Windows, Linux, Online
Piskel is a streamlined program dedicated to creating pixel art and animation.
It's an excellent choice for artists looking for a free, bare-bones solution to their pixel art needs.
Not only is it offered as a free download, but there's a web version available so you can try it out in your browser!
The clean interface means you can get up and running with Piskel in no time. There's an animation previewer that provides real time playback which makes animating your sprites a breeze.
It packs enough features to meet most of your needs while being simple enough that beginners can easily learn the tools.
Piskel can export static images, GIF animations, and Spritesheets. Or all three!
I've seen some artist complain that Piskel is a little too limited.
And while it does lack certain advanced features, I think that may be part of the appeal for many of its fans. Sometimes minimalism is exactly what you're looking for.
Piskel is a fantastic tool for those artists looking for a no-clutter program that puts nothing between them and their art.
Pixie Engine Editor
Price: Free
Platforms: Online
The Pixie Engine Editor is a free online tool that offers the very basic features necessary for making pixel art.
Most artists will find this program too limited for professional work. But beginners might enjoy it as a hassle free starting point for learning pixel art.
Unfortunately you can't do much more than draw static images, but it does have a full color palette and the ability to save and open images.
There's a community gallery on the site for browsing the work of other artists which is a great way to study others and learn.
The Pixie Engine Editor also comes with a Tune composer which is handy for game developers looking to make some music or sound effects for their games.
As it stands I could see this editor being useful for game jams or prototypes where speed is more important than beauty.
The source code for the Pixie Engine is also available for free on GitHub if you'd like to fork the repository and use it as a base for your own pixel art creator.
GrafX2
Price: Free
Platforms: Mac, Windows, Linux
GrafX2 is a bitmap image editor inspired by Amiga Deluxe Paint. The original version was released over 20 years ago but the source code was later released as an open source project.
It has since been rebooted for contemporary machines and updated with brand new features.
Defense Zone Game
GrafX2 is a fan favorite not only because of its retro origins, but because it boasts a powerful toolset and an intuitive interface.
It has everything you'd expect in a drawing program plus many unique features that make it a popular choice for artists.
There's a 'Spline' tool which allows for drawing perfect curves and a 'Merge' tool which merges colors based on averages.
The 'Histogram' tool will show a pallet of all colors used in an image and how many pixels they populate.
GrafX2 is scriptable in Lua which allows for automation and custom functionality. It also has features for working with repeat tilesets.
Because of its age, GrafX2 also has a large community and plenty of learning resources on sites like YouTube.
Not only does GrafX2 have a wide set of tools and effects, but its supports frame animation as well.
And despite having so many features GrafX2 is very easy to learn. Beginners can be up and running in a matter of hours. The software is also totally open sourced meaning it's free to use, copy, and modify on all platforms.
The only complaints I've seen of GrafX2 is that the user interface looks ancient.
Personally I find the retro aesthetic charming and suitable to the art of pixel design, but that's just me. Even with that drawback, the amount of features you get with this free program make it a must-try for any pixel artist.
iDraw
Price: Free
Platforms: Windows
iDraw is another simple pixel art editor that is mostly used by the RPG Maker community.
It comes with all the basic features you'd expect: selection tools, drawing tools, a customizable palette, etc. iDraw is popular among pixel artist who work mainly in the JRPG style that was popular in the 90's.
Many years ago it was not unusual to see people using pirated copies of RPG Maker 2003 and iDraw to create their own RPG's with custom sprites.
Now that RPG Maker 2003 has been revamped and released on Steam for $5 bucks, I suspect some users will want to download iDraw to complete their nostalgia.
As far as pixel art editors go, iDraw isn't bad. But it lacks modern features for animation and the user interface is clearly dated.
This will probably turn off a lot of newcomers looking for a more contemporary program.
On the plus side, the RPG Maker community is alive and still going strong. So you'll find tutorials for using these programs together all over YouTube.
I expect to see a bunch of these old-school RPG's as people rediscover the joys of RPG Maker with iDraw.
Tile Studio
Price: Free
Platforms: Windows
Tile Studio is a graphics editor made for tile-based game art.
It contains a bitmap editor for creating tiles as well as a level editor for designing tile maps. Tile Studio will work with just about any programming language and can be customized to output maps, animation sequences, bitmaps, and color palettes to use with your own code.
This makes Tile Studio especially useful for level designers and game studios.
The program is open source and available for free on Windows.
With Tile Studio you can import tiles for existing images making it possible to reuse tiles from other programs. While the level editor is the main draw here, it also contains a fully capable bitmap editor complete with drawing tools and special effects.
Creating animations is easy and intuitive although it lacks some features compared to bigger programs.
After creating your frames you have the options of exporting them as either a sprite sheet or a tile sequence, which can be super handy for game developers.
While most of Tile Studio's features are easy to use, some of the advanced tools can be difficult for beginners. Luckily the documentation is detailed and complete with tutorials to get you up to speed.
If you're looking for a program designed to make tile-based level design as painless as possible then Tile Studio may be just what you're looking for.
PikoPixel
Price: Free
Platforms: Mac, Linux
Piko Pixel is a free and open source application for creating pixel art on Mac and Linux.
The program is both easy to use and offers several features including a customizable canvas, unlimited undos, hotkey-activated popup panels, and layering.
It's a good alternative to some of the Windows-only programs in the pixel art world.
While there are a few demos available to help you get started, the interface is so simple that I doubt you'll need them.
Everything is self-explanatory and uncomplicated. This is very common with Mac programs but I'm surprised how well it works on Linux too.
While it lacks the advanced features of other pixel art programs, Piko can produce quality graphics in the right hands. Decent for beginners but maybe a little better for semi-experienced pixel artists.
Pixilart
Price: Free
Platforms: Online
Pixilart is much more than a drawing app. It/s marketed as a free online social platform for creative minds and game enthusiasts who want to learn about creating digital art.
It boasts over 10,000 new users a month, offers art contests, and provides a strong community geared toward getting young people involved in game design.
Founded in 2013, Pixilart set out to become THE social networking site for pixel art enthusiasts.
Even without the social aspect, Pixilart is worth checking out.
The drawing app is a delight to use with a sleek and modern interface. It packs all the basic features you'd expect from a pixel art program as well as some advanced tools like pixel-perfect drawing, easy dithering, frame animation, pixel text support, full screen mode, an autosave feature, and so much more.
With a plethora of settings and options Pixelart is highly customizable to suit any workflow.
Despite being geared to children and beginners, Pixelart is capable of professional work too.
In fact some pro artists will love the simplicity of the design. And because of the social aspect of the application it's easy to find help others.
Also there's tooltips you can toggle to guide your learning in case you're having trouble.
Overall I found Pixelart to be one of the most impressive web-based pixel art apps available. I highly recommend it to beginners and advanced users alike.
Lospec Pixel Editor
Price: Free
Platforms: Online
Lospec is a relatively new web-based pixel editor designed to be accessible, pixel-perfect, and intuitive for all users.
Its goal is to be simple enough for the first time pixel artist while still being powerful enough for veterans.
As of writing this article the application is still in the early stages of development, but it already shows promise with a solid interface and an easy to understand toolset.
While currently lacking many of the top features necessary for serious professional work, Lospec is a good starting point considering the price and easy access(it all works online!)
It's definitely worth keeping an eye on as the developers continue to update the app.
Related Posts:
Hello and welcome to my User Tip
See this here for the latest Security Issues
'Do I need to run anti-virus/anti-malware software on a Mac?'
Apple has installed OS X anti-malware now in 10.6.8 and above OS X operating system versions, there is no need to install anti-virus software and it wasn't very good at catching the rare malware we get anyway as Apple acts fast and has the benefit of the Software Update and background checks.
Third party anti-virus tends to cause issues when Apple issues OS X updates, so it's not advised to install them.
If you need more to clean the Windows files of their malware, I suggest installing the free ClamXav as that's a run as you need it.
Warning about online banking:
No computer or device is 100% secure, even Macs (especially older versions) but they are a lot more secure than Windows machines depending upon usage. There is a minor amount of malware targeting Mac's, driveby's and trojans mainly, so you take some pre-cautions in that regard.
Like with gambling, do not deal with amounts online that your not willing to risk losing.
Your bank will NOT issue a refund if a loss occurs, it's out of their responsibility what occurs on your machine. Far as they know, you transferred all your money to another bank and then withdrew it all or worse, they can claim you had a accomplice! So you see their position why they don't issue refunds, they would be scammed by many often.
It's rather easy to set up a secure savings account with more substantial funds and use a more accessible online/checking/debit account with less funds and transfer some from one to the other occasionally (but not via online banking of course) with either no or very limited overdraft protection, only keeping what one is willing to lose in the less secure accounts that is exposed to the world.
Entire bank accounts have been drained by hackers, the money wired overseas and withdrawn before the thieves are caught (if so) or even anyone even knowing it occurred. If the hack occurs on your machine, there is little recourse, the government is swamped and you may get little or nothing back, certainly be without for quite some time even if they do mange to get it stopped in time.
Is that really worth risking for the convenience of online banking?
Take some precautions, separate your funds, increase the security and reduce / eliminate the outside electronic access for accounts in higher amounts, and only gamble with online, ATM, debit cards, checks etc., with what your willing to risk losing.
Don't completely buy the banks online banking game, they just love pushing it because it reduces their costs at your security expense, it can be used, but used WISELY. 🙂
See this:
Hardening your Mac and yourself to prevent future attacks
In the military there is a form of security called 'compartmentalized security' and basically it's about not allowing anything to have access to everything, but rather to place more barriers, 'hoops' and security checks in place before a target reaches it's goal, especially something of great value.
This method also reduces the attack surface area when surfing the web, sort of like channeling your enemy to have no other choice but to attack though one small door or limited opportunity, like only though the browser, instead of the browser + Java, JavaScript, QuickTime, Flash, Silverlight etc.
It assumes, like it should be, that the web is a hostile zone and you need to have no trust, until you establish that trust before lowering your defenses.
Unfortunately most web browsers and users today go around assuming the web is a warm, safe happy place, and one can click on and do anything.
'la la de da, I have a Mac and nothing can hurt me, because Mac's never get viruses' bad thinking.
Blackhole Exploit sites are just waiting to compromise your machine merely by visiting them or running a browser plug in on them, or clicking a link in a email or post on a untrusted forum.
You keep your security where your in the loop and keeping watch on things and the activity going on with your machine.
#1 Keep your OS X Software up to date by using the Apple Menu > Software Update also checking with third party software for updates.
Apple can't help you if you don't don't let them.
Attack methods of malware
Browser attacks
These depend upon a flaw in the web browser itself, which may or may not include the assistance of scripts or plug-ins installed in the web browsers.
Keep your web browsers updated by running the built in updater, via the developers site or for Safari via Software Update under the Apple Menu.
Obviously don't surf to websites that are going to attack your browser, even if there has been no exploits reported just for the fact that there are many that are NOT being reported.
If your going to engage in this sort of risky behavior visiting hostile sites, either use a virtual machine guest OS, 'guest account' or another General User account, or even another computer that you don't care out wiping and reinstalling the operating system, and certainly don't install anything with your admin password on these potential hostile sites.
Have more than one browser on your machine, this way you can switch to another until a update for your primary one occurs or in case you have problems with Safari.
Your alternate browser choices are Firefox (highly customizable, lots of add-ons), Chrome (more secure, but from a advertising company that tracks you online), Opera and some others.
Script & plug-in based attacks
Web browsers use JavaScript, Java, Flash, Silverlight, QuickTime and many others to do do things in your browser. You need to keep the ones you control updated.
If your not using any of these scripts on a constant basis then turn them off in your browsers preferences.
It's highly advised to turn off Java (not JavaScript) in all your browsers preferences (if installed) unless you specifically need it then only use it for trusted sites.
Flash (lots of security issues) and Silverlight (kept secret) is depending upon use, read about NoScript below.
JavaScript is used quite often, so you should leave that one on.
This handy online checker will inform you of outdated scripts, especially Flash and Silverlight which are the most commonly used ones that have to be maintained by the user.
Pixel Pop Defense Zone Mac Os Download
Direct links to trusted source downloads:
Bookmark these links in your browser
Flash - no matter what pops up in your browser etc., download and install from here,
Lots of websites have Flash content http://get.adobe.com/flashplayer/
Uninstall Flash:http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html
Silverlight - no matter what pops up in your browser, download and install from here, used for Netflix
Uninstall Silverlight: https://www.microsoft.com/getsilverlight/get-started/install/removing-silverligh t-mac.aspx
Flip4Mac - allows playback of copy protected Windows Media files on Mac's, optional install
Java, JavaScript and QuickTime
for these, just run Software Update under the Apple menu. Apple will take care of them, provided your on 10.6 or later that is.
Java should be disabled/removed on 10.5 and earlier machines if no update is available.
Virus attacks
Viruses are malware that attach themselves to known files and shared amongst users unawares. OS X based viruses are rare and so far non-existent in circulation.
A Mac can act like a Typhoid Mary and transfer Windows viruses to other Windows users on shared files, so perhaps it's would be good to clean these using the free ClamXav which you run as you need too.
Malware has the opportunity of getting around before anyone knows about it. The reason Windows machines still get infected despite having anti-malware installed is the anti-malware is looking for signatures, definitions or behavior of what it's supposed to find. Since there isn't any for new exploits, the malware gets on and disables the anti-virus or worst, uses it to keep other malware off and trick the user into thinking they have a clean machine.
The user experiences heavy CPU load, assumes it's the anti-virus and doesn't even consider malware is on their machine. So most all anti-virus / anti-malware software is sort of like closing the barn door after the horse has already escaped, but can help stop the spread of malware eventually but it's not a preventative measure against new threats if they can spread rapidly enough and silently enough. Later down the tip here I will explain LittleSnitch, which can help 'watch the backdoors' to alert you of strange outgoing network connections.
Malware writers use the same anti-virus software to 'test' if their malware gets by it, also they have the ability to spread their malware far and wide before anyone picks up there is a problem. So you can see why it's important to employ a strong defense on one's behavior and machine to reduce the chance of malware getting on.
The best offense against malware is a secure operating system and third party software, which so far the Unix/Linux based operating systems are more secure, like OS X your using.
Windows 7 has done a much better job of catching up compared to previous versions where malware outbreaks were a almost weekly occurrence, still not near as good as OS X, although no operating system or browser is 100% perfect. Apple has made some errors in judgement in regards to keeping OS X's security up to Unix's tough standards. Which I'm helping to assist you to overcome those weaknesses.
Problem with malware on the Mac's has mainly come from not viruses, but via exploits in third party browser plug-ins, driveby attacks, social exploits and Trojans.
Trojan attacks
Trojans are programs or files you think are one thing and turn out to be another, or do what they say but have sinister portions to it, you need to trust the source of your downloads. Check with many others about the developer, the site your downloading from etc., before committing.
Usually it's installing stuff from untrustworthy sources like from links on thread posts where there isn't a trust worthy site admin, P2P networks or other means like emails attachments, files and links and such avenues that it's hard to locate the person(s) responsible.
Apple has incorporated a Trojan check for all downloads, but again like viruses on Windows, it also suffers from the time delay with new ones.
A good rule of thumb is to wait and watch a site your thinking of downloading software from, usually if they are out to screw people over they won't be up for long or get bad reviews.
If you get a lot of files via e-mail, you may want to consider installing the free ClamXav to clean the filth, however most of them are going to be for Windows.
Social exploits, tricking the user attacks, phishing
If your asked for your password or to do something like install this or that 'codec to watch this movie', or 'update your Flash here' or Software Update window appears, or 'OS X has found a virus' window appears while a web browser is open, consider not going ahead, rather exit the browser and reboot the computer to clear the memory.
Check the status of your plug-ins using the trusted Mozilla check or links above, or from a site you know is the developers site, run the Software Update from the Apple menu. You might find out that you were lied too, and the site you were on was trying to trick you into giving up your password.
Don't believe everything that pops up to notify you of something when surfing, I know Flash and Software Update does this so don't click on it or give it your password, Force Quit the browser by switching to the Finder and using Apple menu, reboot the computer and then check Software Update and Flash for updates yourself with the links I've provided above.
Browser scripts have the ability to mimic OS X looking and other programs windows, like the Flash updater.
Browser and scripts based exploits have the ability to access the Users files and upload them online. So if one has a plain file containing password reminders, private information, consider using a small third party program to encrypt files or folder, a encrypted USB key, Keychain Access, etc etc.
IMO you shouldn't be doing any online banking, or using credit/debit cards in amounts your not willing to lose, most anyone can be fooled to enter their vital details into a rogue website.
Driveby attacks
Driveby attacks occur simply by visiting a website which then take advantage of a vulnerability in a browser or plug-in, no tricking of the user is needed. This is how Flashback first attacks, silent and deadly using your third party plugins, this time it was Java before that it was Flash. Since Java isn't used too much at all online, I suggest you turn it off.
Firefox has the ability to turn off not only Java, but Flash, Silverlight in the add-ons menu. A much better arrangement perhaps than Safari which can't. Again the objective is to reduce the avenues of attack as much as possible.
The Firefox + NoScript method below will reduce your browser/script exploit possibilities as you surf the web as you enable scripts only on sites you trust.
Driveby downloads
A website can initiate a download simply by being visited, so say your surfing a trusted site and get redirected really fast to another site or click a trick link you think is something else but is actually a link to download.
A download occurs, (especially on a fast connection with a small file you won't see it sometimes) and there is a nice neat little package of pain awaiting your click in the Downloads folder. Could be named something your used to installing like Flash, or Silverlight, and here you go giving it your admin password to install, directly into root and your pwned.
Well to stop this you use a browser that allows you the option to inform you before the download occurs. Firefox does if it's preferences are set that way.
Next you keep your Downloads folder clean and don't use it to store things or installers, move the trusted installer packages to a new folder somewhere else. When you go to download something, make sure the Downloads folder is empty first.
Consider running as 'Standard User'
There are four user permissions levels on Mac's. Root, , Admin, Standard and Guest
Root Level User - dangerous
This is the most dangerous user, it or anything else can do anything on the machine, it's disabled for a very good reason. Programmers work in root all the time (and offline mostly) as they prepare code, so for them having to enter a Admin password each time to gain Root is a pain.
Single User mode is Root, and used as a troubleshooting and problem solving means when the computer isn't functioning normally.
Running as root user all the time is suicide for most anyone else.
Admin Level User - very risky
When a Mac user first sets up a machine that account is called a Admin account. Most single users of the machine keep it this way either unawares or to facilitate doing things with the machine, installing programs and having Software Update automatically run.
Running all the time as 'Admin' is a bit dangerous, as anything that gets in via the web browser or anything else has a lot of freedom to move around and wait to attack at the opportune time, even alter other programs.
However to gain root level it must ask for the Admin password, trick the user or alter another program to use a 'sudo window' (super user do, aka 'root') which gives it a few minutes to do whatever it wants to your machine, once in root, it's all over.
If you in Admin Level user and something asks for your Admin password, it means it needs root user powers, so if this occurs while surfing with a fake pop-up window looking like a Software Update, you can see how easily a user can be tricked (that's how one of the Flashback attacks works)
If malware attacks while your in Admin User, even without needing your Admin password, the cleanup efforts likely still will require a complete erase of the entire OS X with a 'fresh install' of everything and returning vetted user files from a clean backup.
So essentially, Admin and Root user require the same cleanup efforts if something unawares gets on the machine.
Standard Level User - best security
The next level down is Standard User, this restricts some things one can do (and thus malware) unless one enters the Admin name and password to effect change outside the Standard User account.
Use the Standard User all the time in your daily use of the machine as a form of protection by restricting whatever gets on one's machine unawares to less privileges and permissions access of only the Standard User account.
One would have to consciously give further permission to the malware, so it reduces the potential for behind the scenes malware from gaining further access to programs or OS X, forces the hidden malware to announce itself or try to deceive the user via a social exploit or Trojan to do so.
If one suspects a attack occurred, they can reboot the machine, log into Admin user and delete the Standard User account, reboot, recreate it. Restore clean copies of files from backup.
To convert your present Admin level user account to Standard User, simply head to System Preferences, create a new Admin account, (different password obviously) and then log out and into this new Admin User. Head to System Preferences there and change the first Admin account to Standard User, log out and into the Standard User and use that.
When one needs to do more things that isn't allowed in Standard User, like trashing or installing a program, a window will appear to ask for your Admin name and password just to make sure it's you making the change. 🙂
Run the Software Update manually once in awhile as it doesn't run automatically in Standard User. One must have at least one Admin User account on the machine, it's also beneficial to have another (admin) account on the machine for data recovery purposes if one can't log into their Standard user account.
Guest Level User - private browsing
This is a temporary user account given to those who want to let someone to use their machine for a short period with nothing saved when they log out. It has no access to anything and nothing is saved.
Dispelling the misinformation 'it needs your Admin password to infect your machine'
Because code can run in any user account with any permissions level, malware can run there also and still do unseen damage without the tell tale 'needs your Admin password' window to show itself or install.
It can upload your files, place malicious images, log your keystrokes and monitor your behavior. All right from Standard User which has the lowest permissions level on the machine.
If one is running as Standard User, the Admin name and password is needed for most malware to escape and make changes to Applications and System/root.
Of one is running as Admin User (the default setup on Mac's) then the Admin password is only needed to get root access.
If malware code runs in your lowly Standard User account, it can copy say a admin password requiring program out of Applications (write protected, but not read protected) and paste it into a hidden folder in the Standard User, then change the program into a trojan and replace the Dock icon link with the trojan.
The next time you click the Disk Utility icon in your Dock, instead giving your admin password to Disk Utility, your giving it to the trojan which then can do anything it wants too.
If you don't believe me, go ahead and try it for yourself. Create a Standard User and then right click on a standalone program (one that is self contained) in Applications folder and click copy, then paste it into say your Movie folder, then replace the Dock icon with the copy and go ahead and click it. It runs.
Users of Firefox know that it auto-updates in the background without requiring a admin password each time it does, how is this possible right?
Since a web browser can log keystrokes and upload user files, so can malware all without needing the Admin password.
If it wanted to escape and make changes outside Standard User and/or into root, it certainly would require the password.
Patches not being applied fast enough
Browser exploits are the prime attack vector with the third party plug-ins vulnerabilities being the main cause. However any program that contacts the Internet is potentially exploitive, also there is no iron clad law that vulnerabilities will be immediately patched.
It's been widely known that once a vulnerability is discovered, sometimes the operating system maker is not told, or knows but intentionally doesn't do anything about it for some time. The vulnerability is sold and used as a means to gain access to people's machines by governments, it's only until it's widely exploited by malware writers that the problem becomes great and the vulnerability is closed.
I advise using browsers like Firefox that get more timely and rapid updates, disable as many browser add-ons that are not being actively used.
Getting at your files may be the objective of the malware
Sometimes malware is after your personal information, which if it is in the account your accessing the Internet with and a exploit occurs, is theirs for the taking. Law enforcement types have been known to try to trick criminals to rigged websites which then use a browser or other exploit to read/upload personal files, since the law can do this, it stands to reason so can the bad guys.
Filevault likely won't help much if the malware already has access to your account or even root, your browser certainly has read/write capability to your account, Filevault or not.
Enabling Filevault is not exactly so private, it's more for if you should lose your machine the bad guys can't get your data, that's about it. Because if you need your machine repaired, you have to give Apple etc., the password to fix your machine. Also law enforcement types will demand the password, along with Customs searches, court orders etc.
Filevault makes it hard to retrieve files or fix software on the machine in a indirect manner, like if OS X isn't booting for some reason. If you engage Filevault, make sure you maintain unencrypted backups someplace with physical security (like a safe) less you forget the password or other issue arises.
The fact that your machine may die at any moment and need repair, you might want to consider having a self encrypting external drive or USB (like a Iron Key) to store personal data on and off the machine at all times, and thus can take to any machine or program that can read the files. Hardware based encryption is more secure than software based which can be changed by malware.
You might want to consider less confining and more tailored alternatives.
Safari hardening
Most browsers allow the continuous running of all third party scripts, giving malware writers more of a surface area of attack to get into your machine if they find a exploit. So they can use Java, Javascript, Flash, Silverlight and even Quicktime to gain access to your machine.
Safari is a good browser, it's fast, it's designed like most all other browsers to be easy for users as it must cater to all user experience levels.
Safari does have the ability to disable web plug-ins, but it's a all or nothing approach and you have to head to Safari > Preferences to do it.
Your Safari > Preferences > Security should appear as such (ignore the Google Safe Browsing Service warning)
Safari improvements
Apple has updated Safari to disable Java if it's not used recently (if you have it installed). Also they won't allow older versions of Flash to run, displaying a update window if a newer version exists. These changes are welcome and should reduce some of the attacks via these vectors, however they still allow a exploit window of opportunity.
Safari 6 currently for 10.7 and 10.8 users only!
10.6 or prior users, use Firefox or Chrome instead as it gets updated more often.
Consider using Firefox web browser + NoScript
I'm recommending a method that doesn't run the plug-ins and scripts all the time on every web site you visit, especially JavaScript which is heavily used online (and used for those deceptive popup windows), until you first decide if you trust the website your visiting, then you can enable that trust for that website, either temporarily (ideal) or permanently.
Firefox has the NoScript Add-on that's only available on that browser and I haven't found anything even close to it on any other browser. Install from here first.
Use the Firefox's > Customize Toolbar option to drag the 'Temporally Allow All' NoScript button to the toolbar. That's all you need to do to get started, no need to mess with the finer controls.
NoScript is hands down the best 'web cop' on the Internet and will protect one against web side based trickery and attacks. Instead of all the web browser scripts and plug-ins running all the time, and taking your chances as you visit various web sites, they are turned off by default and only enabled as you need it. Once you trust the site and it requires it, then click the Temp button and the page reloads with the scripts on.
You'll be mildly surprised how little you'll use it, many sites run fine without any scripts running.
If you visit a site often and trust it completely, you can whitelist it in NoScript too. Also have NoScript allow scripts for all your Bookmarks. So you can control your security better as you surf.
If your surfing and get a 'redirect' to a hostile site which can occur in a matter of milliseconds, your scripts are automatically turned off by default, reducing their attack possibilities to only the browser, instead of any of the scripts or plug-ins running in the browser which can be many for some.
If one had the NoScript method enabled and came across a MacDefender or Flashback malware attack, they likely went by unscathed and unaware a attempt was even made. Because Javascript was used to display a fake OS X Software Update or Flash update window trying to gain further access to your machine.
I recommend you clean out your NoScript 'whitelist' once in awhile and start over with a new one
Also enable the 'Show downloads window' in Firefox preferences to alert one of unauthorized or accidental downloads as it gives a window and a button to proceed or cancel before starting, not automatically downloads any link a user clicks like some other browsers do.
Consider installing the WOT add-on for Firefox (Web of Trust) that flags each link for trustworthiness and opinions of other users around the web this way before you click a link it will tell you the status of that site via public opinion.
I also advise using Ad Block Plus and only enabling it on sites you trust, because advertising is fetched from other sites than the one your viewing, so it provides a nice attack angle for malware to get on many sites. Usually quality sites will retain quality advertisers and poor quality sites with low character will care less about if their advertisements are infecting users computers.
Consider installing LittleSnitch (advanced)
LittleSnitch is a payware outbound firewall checker that loads upon boot time in root (kernel extension file: kext) and watches for outgoing network traffic. It's useful for the fact that it pops up quick window alerting you of the outbound network traffic. If a program that hasn't already been cleared with you attempts to contact the network or Internet, use a different port that you initially allowed. LS will stop that from occurring until you give it the clear and set the access.
Most web traffic occurs on port 80, however sometimes you load a video or a game into the browser and it can open another port, LS will flag this to make sure it's ok before allowing it out, as it could be malware.
If the malware uses the browser and port 80, then there isn't much LS can do obviously as it can't determine if the outbound traffic is malicious or not, but it's added another level of defense as it confines browser based malware to port 80 to hide itself, hacking/using another process or program that has another port access or gaining root access to disable LittleSnitch itself. To gain root access, it would have to trick the user into giving up their Admin password.
Modern computers have a whopping 65,535 ports, gives lots of places to hide and communicate to the world without your knowledge. A remote port scan of all 65,535 ports to see if any are responding would take a very long time and have to be run frequently.
Only small fraction of these 65,535 ports are used for legitimate purposes which LS is default configured to match OS X and allow out (or your computer would act unstable) so LS watches everything else for any unusual behavior.
BTW, Flashback malware deleted itself if it saw LittleSnitch, not saying all malware will do this, but it didn't want LS to alert to it's presence on the machine or to those curious enough to inform others unusual behavior.
OS X Crisis trojan can be reduced if your running as Standard User and using LittleSnitch (installs in root) to detect the background calls to the command server.
Deep Freeze (advanced, restrictive)
Is payware software that does just that, it 'deep freezes' your boot drive so when you reboot it returns everything to like it was before the freeze occurred. There can be 'thawed zones' for users files, so those are allowed to change, but everything else can be frozen, thus no change to the boot drive is permanent. Apple uses this software in their stores where all the people fiddling around and then at night a shutdown and a morning reboot puts things right back where they want it.
One can use this type of software as part of a defense, to protect kids computers etc., however like anything, once the malware has the admin password it can gain root and do whatever it likes. Also since malware can run on the machine in the meanwhile or in a 'thawed zone', despite not getting root, can certainly do a lot of damage in the meanwhile, grabbing or encrypting files (ransomware), gleaming other data etc., while it has control. Anyway it's something to consider, perhaps a whole machine frozen and user files stored on a external drive instead would work good with this type of software.
I advise this sort of defense tactic for Mac's with operating system versions Apple no longer supports (10.6 and earlier) and common area uses where a lot of people access the machines and thus make it difficult to track down who is responsible for the machines unauthorized changes.
Note: If your locking down the machine, and especially with 10.6.8 and earlier not getting Safari security updates, you might want also to consider using Firefox + PublicFox add-on which will lock down the browser from downloads, changes etc.
Backup and prepare for the worst (everyone)
Everything can be replaced except your unique users files, keep at least two copies of these on separate hardware in easily accessible formats (in addition to TimeMachine and bootable clones) so you can take your files to any machine, Mac or PC and go on with your life.
My view in regards to malware, since it can take a long time to discover, is to have a archived bootable clone(s), DVD's/CD's of your files, dated so you can go back before the malware started making the rounds. Your computer, operating system and programs can all be replaced, but not your personal files, so take the time to burn files to DVD's as a archive, you may need to use them someday.
Something learned about the Conflicker malware on Windows, the thing 'hopped' to any rewriteable media, USB flash drives, hard drives, you name it, so it made eradication most difficult. Only DVD's archives of files, programs and operating system burned before the infection started were considered safe. CD-R and DVD-R (BlueRay-DVD's too) have the asset that once they are burned, they can't be changed later on by malware.
TimeMachine used as intended isn't going to protect one against a malware attack as it's connected too often. Having a couple of archived clones of one's boot drive pre-dating the attack will, provided before the restore occurs, the entire malware infected target drive (OS X , Recovery, Partition map, EFI etc) is Zero erased from a non-writeable boot DVD first or all rewritable media simply replaced with a new ones, which in some Mac's can't be done by the user less they violate their AppleCare/warranty.
Given that DVD's and CD's are sort of on their way out, and with 10.7+ there are no boot disks, some Mac's have no optical drives, one must plan ahead for malware of the Conflcker magnitude affecting OS X and all rewritable media with a eradication method that can insure a compete erasure or replacement of a targets machines storage drive, firmware etc.
Secure your WiFi and privacy
Some advice I have to share here
If this User Tip has benefited you, take a second to rate it down below.
Thank You 🙂
