Most Mac users gaze on smugly as reports of each new Windows security crisis break. And they have good reason – research from Sophos PLC showed that 68 viruses have affected the Mac while 97,467 have affected Windows. Of those 68, most are a decade old or older and don’t directly affect OS X.
However, although it may seem that there’s no reason to worry about security on your Mac, you shouldn’t think you’re completely safe. Apple’s regular Security Update releases prove that there is cause for concern, and common sense suggests that you’re most vulnerable when you let your guard down.
So how can you tell the difference between scaremongering and true dangers? We examined seven common beliefs about Mac security – and show you what you really need to worry about.
Mac users don’t need to worry about viruses. False
We’ve enjoyed a long, glorious stretch without serious malware affecting our platform. But that doesn’t mean we can afford to let down our collective guard. If there is a virus attack, those of us who have good, up-to-date antivirus software installed will have the best odds of escaping unscathed.
If you can’t name your antivirus program even though you’re positive you’ve got one installed, you’re half-way there. But this is a telltale sign that you haven’t used it recently enough.
Just as important as having the software is making sure its virus definitions – the frequently updated information that antivirus software uses to recognize a virus – are up to date. The best way to do this is to check for definition updates regularly. If you use a product that has an automatic update feature, make sure it’s turned on and set to a frequent update schedule.
Weekly updates should be adequate for most users, but if your computing involves accessing lots of files from lots of sources – whether via email, file servers, or Web downloads – then daily updates might be a better idea.
Be alert. Don’t open unexpected email attachments until you’ve confirmed that they’re from the sender they appear to be from. Research from Sophos shows that one in 18 emails circulating during November 2004 contained viruses.
Most malicious scripts affect only Windows machines, so if you click on one by accident, nothing will happen. But if you use Microsoft Word or Excel, you’re vulnerable to some platform-agnostic macro viruses. Protect yourself by turning on the Warn Before Opening A File That Contains Macros option in each program (under program name: Preferences: Security), but be aware that not all macros are malicious. The person who sent you the document might have included a useful macro on purpose.
To further reduce the risk of infections, don’t download free software or shareware from anywhere but reputable sources such as VersionTracker.com, MacUpdate (www.macupdate.com), or the Apple software download page.
You’re vulnerable to Windows viruses if you run emulation software. True
If you’re running Microsoft’s Virtual PC or another emulation product and running Windows, your Windows environment is susceptible to all the maladies that a stand-alone Windows PC is. Virtual PC and similar tools don’t merely let you access Windows-created documents and run software intended for Windows machines; you’re actually running the Windows operating system.
You can minimize the risk by keeping your Windows environment meticulously up-to-date via Windows Update, by turning on the built-in firewall in Windows XP’s Security Center, or by installing your own firewall. That might mean running a Mac firewall and a Windows firewall.
It’s also helpful to avoid some of the security holes that leave Windows users open to viruses and other malware. For starters, don’t use Virtual PC’s Virtual Switch network setting, which lets your virtual Windows computer act as though it were hooked directly to your network. If you put Windows right on your network with its own IP address, it’s vulnerable to any network-based attacks, such as those that exploit Windows file-sharing vulnerabilities. Once Windows has been compromised, portions of your Mac’s hard drive that have been shared within Virtual PC might be accessible.
Instead, use Virtual PC’s shared-networking scheme (select Shared Networking in the Networking tab of each virtual PC’s Settings dialog box). This offers protection similar to that of a company firewall or a home broadband router, separating your computer from the Internet at large.
Finally, if you’re running Windows, you need antivirus software installed in Windows, not just on the Mac side.
Mac users don’t need to worry about spyware. True
Breathe a long sigh of relief.
Spyware – programs that record information, such as browsing habits or keystrokes, and send it to a remote server – runs rampant on Windows, but there are currently no real spyware programs that affect the Mac. There are several programs that can monitor what you do by taking screenshots at different times and recording your keystrokes, but these programs are designed for people who want to monitor the activity of their Mac’s users.
If you’re a non-administrative user of a Mac on which an administrator has installed this type of program, there’s not much you can do about it: you’re not allowed to remove the software, since you don’t have administrative rights. The best you can do is ask why it’s there.
Sending chat messages is akin to throwing notes on loosely wadded paper across a crowded classroom. True
If you use any of the popular instant-messaging applications for OS X – iChat, AOL Instant Messenger (AIM), and MSN Messenger – someone watching your network traffic can read your messages easily. That sounds like the work of sophisticated computer hackers, but all it takes is access to your network (in your company, at home, or at a public Wi-Fi location, for example) and a packet-sniffing utility such as Brian Hill’s MacSniffer.
For example, the window at the left of “Network Obfuscation” displays a snippet of text sent by iChat as it appears in Interarchy’s Traffic window. Looking past the HTML coding (which iChat uses to define balloon colour and text formatting) and «spc» markers (spaces), you can see that the message reads, “It is easier to introduce new complications than to resolve the old ones.”
Before you swear off instant messaging forever, ask yourself a few questions. Is it really likely that someone is scanning your network’s data packets? You’re probably safer chatting with a friend from a single Mac at home than from a laptop connected to a free Wi-Fi network in a busy coffee shop. Does your conversation contain top-secret information? If most of your chats concern lunch take-out options, you probably needn’t worry.
It’s when you’re discussing information that’s private or proprietary that chatting can become the weak link your competition is waiting for.
When I’m using a wireless network at home, I’m totally safe. False
Wireless Wi-Fi networks use radio waves, which often extend well beyond the four walls of your home. That’s no big deal if most of the inhabitants of your neighbourhood are sparrows, but if you live in an apartment building or a dense urban area, it’s easy for a neighbour or a visitor to a nearby business to hop onto the network. Less frequently, people might make it their mission to enter your network and try to access your computers.
Because you’re not a Windows user, there’s no current need to worry about people on your AirPort network corrupting your computer with viruses or malevolent programs. So far, there’s no such animal that doesn’t also require an administrative password. But you should be concerned if your network has no protection. In that case, someone could try to connect to your computers and browse your shared folders.
By default, guests can connect only to the Public folder in each user’s Home directory, which means they can see only files that you’ve placed there on purpose. If you don’t want uninvited guests to access that, secure your computers. Go to System Preferences: Sharing: Services, and turn off Personal File Sharing, Windows Sharing, Personal Web Sharing, and FTP Access.
If you don’t want to risk anyone connecting to your computer, turn on wireless security. Under AirPort, you can enable WEP (Wired Equivalent Privacy). It’s not the best security standard, but it will rebuff all but determined crackers. If you use AirPort Extreme and all of your computers are running Panther or Windows XP, you can opt for the stronger WPA (Wi-Fi Protected Access).
When I’m using a public hotspot, all of my passwords are being stolen. False
It’s not technically true that your passwords for email, FTP, and Web sites are always being nabbed whenever you use Wi-Fi in a coffee shop, a hotel lobby, or an airport. But the potential is so high that you might as well consider it to be true.
People connecting to the same Wi-Fi network can see all the data passing over it if they have readily available free packet-sniffing software installed, and they can snatch your passwords, email messages, and files out of the air.
If you lug a laptop around for business or for pleasure, you can secure your Internet activities one by one. For instance, encrypt your email using a Web mail service that supports SSL (Secure Sockets Layer) for browsing or that can secure POP, IMAP, and SMTP with SSL. All major Mac email clients include SSL support.
In Apple’s Mail, go to the Accounts pane in Preferences and select the Use SSL option in Account Information: Server Settings (outgoing email) and the Advanced tab (incoming email).
Web designers often need to transfer files to update Web sites while on the road. You can encrypt FTP using SFTP (Secure FTP). If you’re running your own FTP server on OS X, turn on SSH (Secure Shell) on the machine that has the file repository. Go to System Preferences: Sharing: Services and turn on Remote Login and FTP Access. There is an increasingly large number of Web hosts that also support SFTP for transferring files. You need an SFTP-equipped FTP program such as Interarchy, too, on the computer that’s connected to your repository.
When you shop or bank online, your data is almost always already secured with SSL. But if you hate the idea of your surfing being observed, use a service such as Secure-Tunnel (www.secure-tunnel .com), which offers free anonymous surfing. Secure surfing costs $8 per month.
If you want a more comprehensive way to protect your wireless activities when you’re out and about, consider securing your sessions with a virtual private network (VPN) connection. A VPN encrypts all the data that enters and leaves a computer over a network connection, such as AirPort, preventing all snooping.
VPNs aren’t just for corporations anymore. OS X Server 10.3 (Panther) includes both flavours of VPN servers currently in wide use. The regular version of Panther includes a VPN client. (Go to Applications: Internet Connect, and select File: New VPN Connection).
The Mac’s default security settings are all you need to protect your computer from hacker attacks. False
Hackers attempt to attack your computer over the Internet by finding open, unsecured ports and exploiting them. A port is nothing more than a door through which computer data can be passed. Every computer has thousands of them, and every open port is a potential entry point.
Hackers attempt to find open ports by trawling the Net, sending out messages that your Mac understands as “anybody there?” When such messages hit your Mac (even if they hit a closed port), it behaves like a puppy dog, happily barking back, “Yep, I’m here!” That response lets hackers know there’s something out there they can attempt to exploit. They’ll then use port-scanning software to discover an open door they can get into.
To prevent this from happening, you need a firewall. A firewall is simply a piece of software or hardware that stands between your computer and the rest of the world, making sure that every piece of data coming or leaving through an open port on your Mac goes only where it’s supposed to.
OS X has a firewall that’s turned off by default. You can change that by going to System Preferences: Sharing: Firewall, and then clicking on the Start button. Frankly, there’s no reason not to turn the firewall on if you always have your Mac connected to the Internet.
As soon as you start the firewall, all the ports on your Mac are stealthed.