Security optimize

Reducing the risk of contracting malware on Macs

Wil Limoges offers best practices for Mac users to reduce their exposure to malware like the Flashback trojan that has been taking its toll on the unwary.

As of late one of the most talked about topics regarding Macs on the web today is malware, in particular the Flashback trojan. For nearly 10 years, the Mac has managed to successfully maneuver safely through the turbulent waters of the Internet with a pretty solid track record. But, as more Macs are increasingly being adopted and as the Internet continues to become more complex, the risk for contracting malware will continue to grow for some time to come. Apple is working to reduce the impact of infections in several ways:

  • using the Mac App Store to filter out harmful applications
  • providing software updates and patches
  • increasing security measures in each version of OS X.

It’s unlikely that Apple will ever completely protect Macs from the harsh realities of the web, but the Mac is indeed a very secure platform and with a little effort, you can reduce yours or your users' risk of being infected.

Best practice tips for Mac users

First, remind Mac users of the basics of how one can be exploited by malware and viruses. Fully understanding a computer’s vulnerabilities helps to reduce the odds of contracting one in the first place. Users should understand that the most common ways to contract malware is by using applications that share files. Applications such as Mail, browsers such as Safari, Firefox, and Chrome, and iChat/Messages can be easily compromised by malware because they all have the ability to share files in one form or another.

In most cases, it is the naive or reckless user, and not the computer, that is easiest to convince into installing malware through social engineering. This is true for all systems, regardless of OS. Malware often times present itself as a harmless file or as a familiar application in which it will attempt to convince users to click and install.

More sophisticated malware attempts to take advantage of lesser known services or applications running on a computer. In the case of Flashback, two methods were used. Initially Flashback would present itself as an update to Adobe Flash, convincing the user that it was a necessary update. Eventually, Flashback evolved to take advantage of a flaw in the version of Java installed on the Mac. These are the most common ways in which a Mac or a PC can contract unwanted malware.

Since the most vulnerable application on any computer is the browser, I’m going to run through a few tips that should work with most browsers, but I'm using Safari, the default browser on the Mac, as the example.

Turn off open safe files

Safari, as well as other browsers and mail applications support a feature designed to make life a little easier that allows for known safe files to immediately launch after downloading. Disabling this feature reduces the possibility of initiating the installation of a file that could be passing itself off as something far less harmless. The setting can be found in Safari’s Preferences pane.

Disable Java

First and foremost I want to be clear, Java is not JavaScript, and where the Internet is concerned most of us experience a web where Java is rarely needed. JavaScript on the other hand is frequently employed on the web and though disabling JavaScript will indeed make your Mac more secure, it’s a technology that we on the web have become heavily dependent on. When Java is needed on the web, you will often be presented with a request to install Java when it is disabled. When you’re in a situation where you require Java, it is a simple as opening up your browser preferences and enabling it for use to accomplish your task. Disabling it once again when you're finished will again assist in the prevention of contracting malware.

Disable plugins

Most of us will grapple with this request, however, the web is moving more and more away from the use of plugins such as Flash and more toward HTML 5. If you're willing to compromise some of your web experiences, you will both be protecting yourself while helping the web to move in a positive direction. Many websites rely on Flash, however, if users are visiting these sites with plugins disabled, webmasters are able to see how many people are visiting the site and what technologies they are using to access it. If a significant number of users do so without plugins, webmasters will be more likely to consider making the jump from Flash, an application that is often unstable and vulnerable to attack, to using HTML 5 -- and do it more rapidly. In the end, disabling plugins benefits us all.

Each of these steps will help to reduce the odds of infection, though it’s important to remember that there is no such thing as an impenetrable computer connected to the Internet.

About

Wil Limoges is a Louisville, KY freelance web designer and Digital Savant at the vimarc group. He has had the pleasure of working for Apple as a Genius, loves science, and aspires to make great things!

6 comments
Ed.Piasecki@Clarafy.com
Ed.Piasecki@Clarafy.com

You left out the most important one. Never work under the admin account. Use a standard user account and only login as admin when needed.

mp
mp

Unless I have missed it in spite of searching all over the Preferences, neither Firefox nor Chrome offers the choice to enable or disable the "Open 'safe' files after downloading" that Safari does. I must assume that neither browser gives you this protection, although it is possible that you don't have the choice of even enabling this option. That's why Safari remains my primary browser, even though version 5.1.x is such a trainwreck.

Info Dave
Info Dave

When I saw the headline I thought, here we go again. Some PC guy going to tell me how to keep my Mac clean. What a refreshing surprise! Well done Wil. First you take a broad view of how Apple has addressed security and how a curated app store will be a huge benefit. Apple has not been smug about security and has added much security in the last few versions of OS X. Second, no mention that I must run AV software and go down that path. To date, Apple has provided updates and my machine has been fully patched before any of the AV "solutions" could detect the nefarious software. As a casual observer, signature based detection is worthless against a zero-day exploit. Third, user education, first and foremost. I think PC and Mac admins would agree that today's problems are less technical, and more social. The computer is no longer the weak link, it is the user. That's a great place to start. The only thing I could add is that I don't think we will ever see anything like we've seen in the past. Security caught Microsoft by surprise, but that was a long time ago. Since Windows XP SP2, Windows is a much more secure environment. The bar has been raised, across all platforms. And that will continue to be the case.

aureolin
aureolin

I read this article with a vast sense of amusement - remembering all the fanboi arguments and bragging about how the Mac was perfectly safe and didn't (couldn't!) get malware. Even this year, when MS Windows was being affected by some malware or other, a good percentage of the forum posts were going on about how this just wouldn't happen if everyone used a Mac. Stupid boasts, in retrospect, and even those who posted that Macs really were vulnerable were drowned in a tide of pro-Mac shouting. My, how things have changed.

AnalogJoystick
AnalogJoystick

for remote access apps like GoToMyPC and LogMeIn, so most of using Macs for work need it.

JacquesLopez
JacquesLopez

Thanks for raising awareness on this and your suggestions!