• United States



by Ben Camm-Jones

Opinion: You are the biggest security risk to your Mac

Apr 10, 20125 mins
AppleData and Information SecurityMac

We all need to use anti-virus, but above all we need to use our common sense

The debate over whether you, as a Mac user, need to have anti-virus and other security software installed on your computer is all but finished. You do, because cybercriminals are actively targeting the OS X platform.

But a poll run late last week on the Beta News website found that 75 percent of Mac users questioned didn’t run any anti-malware protection, whereas around 90 percent of Windows users did.

Given that the Flashback Trojan that Macworld reported extensively on last week has managed to infect some 600,000 Macs – even some within Cupertino, according to reports – there is no more excuse for having your head in the sand.

Earlier last week, I received a tweet from a Mac user saying that neither he nor anyone he knew had ever encountered malware on a Mac. But is this necessarily indicative of low infection rates for Mac? Or could it be that the infection or infections have gone completely undetected? After all, cybercriminals want to not only recruit your Mac for their botnet, but use it to recruit others as well. To this end, a computer of any kind that has been turned into a bot may not display any obvious signs of infection, but right under your nose it is sending out malware to other computers across the globe without your knowledge.

Free tool detects Flashback Mac malware pestilence

Any illusions you might be under about OS X being inherently safer than other platforms – Windows, say – should be consigned to the bin marked ‘BS’ as well. It is simply that OS X isn’t targeted as often as Windows, because it has a much smaller share of the market. But in their never-ending quest to pick the lowest-hanging fruit, cybercriminals are now well aware of the fact that the number of Macs being sold is grwoing at a much higher rate than the number of Windows-based PCs. They are also tuned into to general lack of Mac users who protect themselves with anti-virus software.

The Flashback Trojan is a good example of how Mac users are now very much targets of cybercriminal gangs – no longer are these people a ragtag bunch of hackers simply looking to make a name for themselves but well-organised, profit-motivated gangsters – as was the MacDefender (and numerous variants) scareware campaign from last year. Don’t be fooled into thinking that Apple necessarily has your back either – it seriously dropped the ball when it came to the Flashback threat, not issuing an update for Java for weeks after Oracle had made it clear that a vulnerability existed and had fixed the threat for Windows.

This is why you have a responsibility to not just yourself but to others – the rest of the world, in fact – to use anti-virus software. Given that at least two security companies offer free anti-virus protection for Mac, there’s also no excuse for not having security software installed. It would be nothing short of irresponsible to fail to protect your data and your Mac, but it would also be neglectful to think that installing an anti-virus program will give you immunity.

Though anti-virus protection is all very well, you need to keep your brain fully engaged while you’re using your Mac. This means making sure your system is always up-to-date – not just OS X, but all software programs you have installed. As we’ve seen in the past, it isn’t always vulnerabilities within OS X that pose the problems, but in plug-ins such as Flash and Java.

There are other best practice rules that you need to follow in order to ensure your Mac’s security. Safe surfing is very important – following links to unfamiliar websites, particularly when a URL-shortening service has been used, is something you need to be very wary of. How did you stumble on this link in the first place? If in an email or on a social network, do you know the person who sent or posted the message? If not, then alarm bells should be ringing. Downloads are another area where you should be very careful. Can you be sure the file is what it is claimed to be? If not, proceed with caution, or better yet, just don’t do it.

Having written about security threats – largely on the Windows platform, admittedly – for the last dozen or so years, I’ve repeated advice about safe surfing many, many times. I often get tired of saying the same thing over and over again, but every time I suspect that most of my audience is getting just as bored as I am of preaching what should be common sense, I hear about someone who should have known better falling victim to infection, or fraud – often as a result of their own misjudgements.

It’s not that these people are inexperienced or naive when it comes to computing. It’s generally not even complacency borne out of believing that a particular platform makes them immune to cybercrime that’s the problem. It’s just that they’ve taken their eye off the ball for long enough to cause them to do something that they wouldn’t have done in a million years had they been concentrating.

We can all make silly mistakes, so having some form of safety net in place is necessary. Sure, anti-virus programs won’t protect you against many online threats – as Graham Cluley recently pointed out in conversation with Macworld, “the majority of the attacks do not exploit any weakness in the operating system but instead take advantage of the bug in people’s brains”.

So if I repeat myself I make no apologies. The more often you hear the messages about best security practices, the less likely you are to let yourself slip into a state of mind where you do something stupid.