Security

1 Sep 2010 23:01:06

Graham Caves

I was reading about a bank scam here in the UK where it is possible Mac computers and PCs have been hacked into to retrieve login details for online bank accounts.

So my question is are we as Mac users becoming complacent about security?

Do we need to look at using Norton or other protection software or can I sleep easy knowing my hard earned money is safe?

David Pogue in his missing manual says sleep well and don't worry - interested to know what people think?

Re: Security

4 Sep 2010 14:38:28

Euan Williams

Hi Graham, security and virus stuff is a hardy perennial, and well-suited to raise paranoia. Are you a glass half-full or glass half-empty person? Have you migrated from Windows?

This is a tentative MacOS lay-person’s view to invite discussion as there have been no posts in reply to your question -- so far.

The worst enemy on any platform, is human weakness and sloppy web use. You can of course scare yourself witless by pursuing every Google security link and fiddling with perfectly good settings when unsure of the consequences. An unhealthy habit of messing with MacOSX’s innards will do wonders to ensure a quick descent into chaos.

A few years ago a White House security chief chose Macs for himself because of the built in security, and if you want to, you can lock down your Mac so that not even Apple can get into it.

1. Background:
MacOSX is basically the FreeBSD variant of Unix, which has been around for so many years that many of us have gone grey just trying to remember when it started out. Google > History of Unix < and look out for the Wikipedia entries.

Early ‘Unix’ variants found favour (and therefore development effort) among academics and, as is widely known, there are no more creative hackers than an academic looking to see “what happens if”. It was thus always necessary to build in swathes of security locks and these lead to passwords and permissions, and much else besides to keep the show on the road.

(Windows adopted a ‘live and let live’ policy toward hackers which ultimately led to the well known infestations in that OS.)

Sun’s Solaris, iOS, Linux (and Android) draw on the Unix heritage too, and as with academic hackers, open source software writers are all interested in trying stuff to see what comes up.

So there are white witches and black witches. Most of the exploits that we read about in the Mac press are ‘proofs of concept’ i.e. they are used to alert OS techies to possibilities.

So far these haven’t reached the MacOSX mainstream with one or two very rare and well-known exceptions and, generally, users who have ‘caught’ a virus, trojan, keystroke recorder, have either visited a pretty murky site, tried to download a freebie version of expensive commercial software, been fatally attracted to some exciting gossip or image -- or simply not used their common sense. For example not checking for phishing scams, entering a password without thinking, etc.

Provided you are sensibly wary, visit well known sites for your downloads (VersionTracker is a great example), and don’t try to download something awesomely irresistible, these threats are on the low to very low side.

2. Security updates (Apple)
NB. Apple never confirm or deny any security issue until they have worked out a fix.

Sometimes it’s best not to be on the cutting edge of updates, since reports of odd bugs and flaws may take a few days to appear, along with work-arounds. Be reasonably punctual, but maybe not the first to arrive at the party.

Software Update (Apple menu) is the number one place to go. However there are some things to watch for, not least because Apple SUs work deep down in the bowels of your OSX:
a. make sure your digital housekeeping is in good order with Disk Utility, Safe Boot (hold down the shift key at startup -- and wait!) followed by a normal reboot to clear caches etc. before you apply system updates, especially security updates.
b. If at all possible download and use the Combo updaters for major system upgrades. These are often huge, but can sometimes give rather better results than the Software Update quickies.
c. always consider making a clone of your OS before a major system update (Carbon Copy Cloner is free). That will get you out of many a hole that TimeMachine can’t help with.

3. Security updates (Adobe Flash and Adobe Reader)
Adobe Flash and .pdf technologies are so ubiquitous that they attract evil intentions like fruit flies to a ripe banana. Keep an eye on the ‘check for updates’ menus.

4. Security updates (Microsoft Office)
MS Office attracts a fair amount of malice, so keep an eye open for updates.

5. Apple Reference pages
visit Apple.com, turn to Support and enter > security < as the search term. All the background most of us need is there.

6. Keep up with the news
Macworld’s Mainline email newsletter, and CNET’s MacOSX email newsletters are two good sources of information, plus some of the plethora of Mac news sites.

7. Anti-virus software for the “worried-well”:
Norton isn’t so wonderful on the Mac these days, although it is well known on PCs. Intego offer security suites with up to date code signatures, and a free open-source based solution is Clamxav. All need to be kept up to date.

Hope this helps a bit.