PCs

Me and my Mac- Safety and security


This is the final part of my series on my transition from a Windows environment to a Mac. This week I talk about security issues.

Here are the first four installments in the series:

As an experiment, I decided to see how long a "naked" Mac would last on the Internet. What I have discovered is that I haven't got an answer yet.

I will preface this by saying that any time you're on the open Net, you should be using AV and a firewall at a base minimum. In other words, DO NOT TRY THIS AT HOME!

When I set the Mac up, I created two accounts. An Administrator that can do anything and a User that can do almost nothing. When I am on the Net, I am most commonly in the User account. If I need to do something that requires an elevation of privilege, I can go to the Terminal and sudo to Admin for the task I want to do. This is similar to the way that Vista works, I believe.

On a Windows box, I would never dream of taking a limited User account to the Web and surfing without both a hardware and software firewall and anti-malware protection. I would be infected pretty quickly if I did. But I wanted to find out what would happen if I did exactly that on a Mac. My reasoning was simple. I had nothing on the box, not even my mail. I had disks for anything that I installed, and I had my OS disks. If (thinking when) anything happened, the machine was under warranty and I could just wipe and reload.

I have been on this machine since 11/5/07. My 90 days are up on 2/5/08. So far, so good. No virus attacks, no malware. I don't even get spam anymore.

As a side note, I will be putting up additional defenses before this goes to post. I'm intrepid, not stupid!

The point is this, securing machine has been dead easy. I just turned on the built-in firewall and let her go. This tells me that I am either not a target, or I'm reasonably safe.

Security through obscurity is not a guarantee of safety. It shouldn't be. I believe that it is very important to know what your risks are and to mitigate them properly. Please see capitalized warning above. That said, the point of the experiment was to try to gauge just how vulnerable a Mac in the wild is.

In listening to Mac forums, I discovered people who got their first taste of a virus after Boot Camping their machines to run an XP partition. While the Mac side of the machine might have been safe, the XP side had to be protected. This is not a bad thing as it is teaching Mac users to be more secure in their habits.

I recently posted about a report released from Sophos warning Mac users to be aware that as marketshare grows, the threat from crackers grows too. Late last year saw a Trojan for the Mac and there are doubtless others to follow. If you're using a limited account, getting through your defenses should be more difficult since it would require an action on your part.

There are a number of security features that are native to the Mac that help to keep you safe. My favorite of these is the Secure Empty Trash. As in Windows, merely tossing something in the Trash and emptying the trash doesn't mean that the item is gone forever. It CAN be recovered if one is diligent. But Secure Empty Trash will overwrite the files several times. Is this a guarantee?  Nope. But it is one step closer.

Another tool on the Mac is the ability to create a secured area of your hard disk that is a password protected "image." You see it on your desktop as a hard drive icon that, when clicked, will require the password you've set to access. This means that I can create an area that I can put sensitive data into and access as I need to, knowing that if someone else accesses my Mac, that data will remain secure.

Another thing that I find I use more and more is the Keychain. This is a password repository that is tied to the User account. If I am in the Admin account, I can access only those passwords associated with that account. If I am in the User account, I access only those passwords associated with the User account. While I can use any password I need to, having Keychain tap me on the shoulder and tell me that the password hasn't been set for that user is a good reminder of who I am and what I am doing. Theoretically, looking at my Airport status or at my network cable would do the same thing but I'm managing to the senility challenge too. Keychain doesn't let me make mistakes. Like going out to the Internet in the Admin account.

As I mentioned, this is the last in the series on my Mac. But not the last of the blogs. Last week I asked people to tell me what they would like to see moving forward. One reader said that he was interested in the difference between command line in the Terminal and UNIX or Linux command line. Next week I will be looking at those differences and hope to provide you with some reference material so you know what to do when you find yourself with a blinking cursor in a place that looks nothing like DOS.

35 comments
mikaelb
mikaelb

I've been running on a Mac for many years, using nothing but a Linksys router and the internal software firewall of the Mac OS. I have no anti-virus packages. Never needed any. There is a reason why there are no Mac viruses, and only a handful of reported trojans - and it's not because the Mac has been less popular than Windows. It's because the Mac OS is better designed and built, by far, pure and simple. Even the hackers contending for a cash reward at a conference couldn't do anything to a Mac until they got given extra special access to it. Yes, if you set up an XP partition on a Mac and let it have access to the Net, then you're going to be exposed to some of the standard Windows vulnerabilities. What did you expect? But if you don't do Windows at all, then you don't have to deal with the consequences of using such a poorly designed and built product.

jdclyde
jdclyde

After your naked romp, how do you know you didn't pick up anything undesirable if you don't run an AV/Malware scan? Just because it doesn't crash and burn doesn't mean it isn't compromised. The next step (only for the bold and daring) is to go and try to INTENTIONALLY expose yourself directly. After all, was it really that the MAC is above such silly things as a virus or malware, or was it your pure living that kept you from going to the deviant sites the rest of us frequent?

Tig2
Tig2

Have you ever taken a "naked" machine out on the Web? I did and it went surprisingly well. Still looking for suggestions on what you are interested in reading. And certainly hope that you have enjoyed this series!

Tig2
Tig2

Still nice and clean. You don't have to have AV installed to scan. I also watch my traffic. It doesn't try to go anywhere I haven't asked it to go. For some reason, it never occurred to me to try to surf porn or anything like that. I'm not certain why that is, it just never occurred to me. Site Advisor helps too, I think.

seanferd
seanferd

Nice to have something that secure right out of the box. As for streaking, I regularly run a Win 98 box with no protection other than a secure router firewall (just what came with a commercial 2Wire router/modem). I never have any problems, and I don't find unauthorized connections. I don't keep anything important on the box, either. I can only assume that the router firewall is good, and I attribute anything else to blind luck.

Michael Kassner
Michael Kassner

Tricia, A very interesting series, thank you for the information. I was curious if you gave any thought to running a comparison test to validate your following statement? "On a Windows box, I would never dream of taking a limited User account to the Web and surfing without both a hardware and software firewall and anti-malware protection. I would be infected pretty quickly if I did."

OldER Mycroft
OldER Mycroft

...and as you say, I've not had any great surprises. It wouldn't really matter if I did - I reinstall about once every five days or so, I just want to see how far I can 'push' the drive before it finally shuffles off this mortal circuit. I'm starting to wonder if all the hype is justified OR maybe I'm just starting to get lucky in my old age! :D

jdclyde
jdclyde

go to the game hack/cheat sites. There is as much going on those sites as the porn, without having to subject yourself to the actual content of the porn. I have one system I have to reload every few months because that is the one the Things use to get game cheats and tips with. I don't ALLOW them to use the other systems to do this. I have GOT to load a linux desktop for them to use!

Tig2
Tig2

It lasted 14 minutes. I would consider doing it again with the setup I have now and using a few tools to increase my chance of being stealthy. My first stop would be Steve Gibson's site. What I really want people to get is that running naked on the Net- even if you get away with it- is a bad plan. I know that the Mac "security through obscurity" is going away as Macs gain market share. That said, Mac users need some attention from someone other than Norton and McAfee. My firewall is open source. I am looking for a Mac AV that is open as well.

Tig2
Tig2

And what does dear Velcro think of this? You do realize that to a cat, EVERYTHING is a cat toy? Are you behind a firewall? Do you run as a limited user?

Jaqui
Jaqui

nekkid except for software firewall, linux box they didn't get any infestations on it. I used a box in the routers dmz so the hardware firewall was not in effect. and only had an iptables based software firewall running for security. 10 different "hacking" sites, including that osx one. [ not really anything but expert system tweaks on that site. and how to read specific system calls. ] edited to add: though it is interesting, one search result I got was for a specific document I have read before, that is a literal step by step tutorial on how to become an expert hacker. [ note, hacker in the true I.T. definition, not cracker ] it's actually a pretty good read, for programmers.

Tig2
Tig2

I'll take a look. But while I don't believe in security through obscurity, I do believe in lurking behind a hardware firewall and using a limited account. My user account is limited enough that I end up elevating priv at least daily. Fortunately, that is a painless process. I had always figured that I would blow away this install and install fresh on Feb 5th.

jdclyde
jdclyde

just look for "game cheats" and "game hacks". If you get really brave, look up "hacking tools". The hacker sites have a lot of boobytraps to nail the noobs coming in looking for an easy answers to pretend to be L33T. I even saw a listing for "Mac OS X Hacking Tools". At work, so I wasn't brave/stupid enough to actually go to any of them to get the site links though. Will check back tomorrow to see how it goes. If you don't post by then I will know that you crashed and burned, hard! :D

Tig2
Tig2

I am not so much a gamer- I own the Sims and Age of Empires but don't get a lot of time to play. Can you find links to those kinds of sites through a Google search?

rkuhn040172
rkuhn040172

I was really just making fun of him. Although I do think that the media and others greatly exaggerate things at times. I know it isn't the topic at hand, but c'mon, a Windows box with a few common sense measures in place becomes a pretty solid platform. Turn off unnecessary services, run adware, spyware detection, AV, a hardware firewall, etc and you're for the most part good to go.

Dumphrey
Dumphrey

which is just someone hade a piss-poor bad luck day. Soetimes things just happen in spite of the odds. There are TWO ends to a bell curve, not just the middle, and falling in either end is not only possible, but required (for a certain number of responses) for there to be a "statistic" at all. I wouldmark the 14 min down to really bad luck, as even SANS rates XP sp2 at much more then 14 min (XP sp1 is rated at an avg of 8 min).

rkuhn040172
rkuhn040172

1) That PC was on a dirty network and that caused the infection not Windows or the Internet 2) You work for Norton, Trend, etc and are just trying to fatten your paycheck by scaring everyone :)

Tig2
Tig2

http://www.clamxav.com/index.php?page=dl ClamXav is the AV that you want if you are looking for a small footprint and prefer to support Open Source. Be careful to install the version that meets your OS version. The link will take you to the download page. Let me know how it goes for you!

Dumphrey
Dumphrey

are important as well. I have a slipstreamed disk for xp with sp2, hotfixes, a few programs etc, so I only have 6 months of hotfixes to update after a new install, not a SP and 2 years worth. I am not sure how comfortable I would be with even a SP2 XP machine straight on the internet with only the XP firewall. Maybe if I could install Ghostwall, Nod32, and configure all my services first...may be worth trying out one weekend. anyone know of any "scanning" softwarer that will just log attempts? not try to fix or prevent them?

Tig2
Tig2

I've been trying to find the Mac download for Clam and have been unsuccessful. I've used Clam for Windows and like it so figured it would be a good solution for my Mac. Do you by any chance have a link for Clam? Us switchers are getting more numerous. My SO has serious Mac envy. His kid already uses one.

williamjones
williamjones

As a long time Mac user, I've been watching reading your posts with interest, Tricia. I've been working with Macs for so long, it's useful to be reminded what a "switcher" faces. I have some thoughts on the Mac AntiVirus software question. My experience with commercial options is thin because I use ClamXav on my Macs. I second the earlier recommendation of that package. Were I looking for something with corporate support behind it, I'd consider the products offered by Intego. They have well reviewed Mac antivirus products, and they offer a "Dual Protection" series aimed at Boot Camp users who want to protect their Windows partition as well. http://www.intego.com/virusbarrierdp/

Tig2
Tig2

The commercially available AV is nothing I would use. I hear on the Mac forums that there are a few developers that are looking at the problem and anticipate fielding a product but I haven't seen a URL yet. Soon as I do, you'll have it!

brian.mills
brian.mills

When you find a good AV product, please share with the class :) I haven't gotten one for my wife's iMac yet, and though she has the built-in firewall enabled, practices safe surfing habits and is behind a couple Linksys routers, it'd be nice to have some AV software to make sure nothing bad happens. Plus we're thinking about getting a Macbook Pro sometime soon (hopefully) and I want to lock it down for when It's out in the wild.

Michael Kassner
Michael Kassner

I guess I forgot to ask what the exact meaning of running an unprotected computer was. Whether that meant the computer had a public IP addr or not is a very different scenario from one having a private IP addr. Very good point.

Dumphrey
Dumphrey

moving the third buisness yesterday, so my routine should settle down and I should get lunch breaks again =) Anyway, I will start burning the OTR I have for you. I have the Sherlock Holmes on a share here at work, all the pre-press guys are loving it. Edit: my dad sent me this link, he uses it on his macbook. I will ask him where he got the clamav package its self. http://www.clamxav.com/

Tig2
Tig2

I finally found a reference for Clam for Mac. I just can't find a download. The link gives me all sorts of Windows options but no Mac options. While running the test, I was using the built in firewall and a limited user account. I also bypassed the hardware firewall in my router and did a direct connect to the modem. I went out last night in this configuration and surfed game hack and Warez sites. A scan later and I can tell you that I'm still clean. I will say that it felt like playing Russian Roulette! This morning I am behind both the hardware firewall and an open source add on to my native firewall. Told you I wasn't going to streak the Net any more! Sorry about the Dwarf delay. We're burning the Adder now and I figured I would just send it all together.

Dumphrey
Dumphrey

And does clamav not have a Mac option?

Dumphrey
Dumphrey

I had a new install of XP (sp2 and all hotfixes untill June 2007 integrated). I browsed the internet for an entire day, no av no malware protection... I was running as a limited user, and I was behind a cisco 871 with firewall enabled, XP firewall was enabled. But, I was also only going to vendor sites, looking for specific drivers for my motherboard, sound card etc (this is an old, first gen amd64 board). I set up an old win2k box for my Boss's wife. It had no hardware firewall, so I installed AVG and commodo. She decided commodo was nbothering her and uninstalled it (admin password was written on the front of the case, as her regular log in was just that, normal). It lasted about 6 more days befor she called me to complaine it was working slow. I asked a few questions, bought a cheep router on my way over, re-imaged the computer and but the router inline. She has had no problems since. Its really amazing how much protection a simple NAT layer adds against script kids and worms.

Tig2
Tig2

I bought Mac and OS X because the idea of buying more HP hardware made me ill and I didn't want Vista. I like UNIX and I am very comfy with running OS X. As the series pointed out, I had a learning curve. Still, I think that it is really important to first know what your requirements are and then buy the hardware and software that most closely meets/exceeds those requirements and will provide the best value for money. Have a wander through Steve Gibson's site- http:www.grc.com. There is a tool there that will tell you what you look like to the Internet. Your goal is to get a "Full Stealth" result. In my opinion, one of the best tools available for telling you what you need to block/fix. There are also many free tools there that I use to secure Windows systems- all very small (they measure in kb, not mb)- and free. He also has a business focused commercial product but the site doesn't shill that product. And he provides some in-depth information about security.

normhaga
normhaga

That is real good. Using a fully updated SP2, after a software test I forgot to re enable my antivi/firewall and went on the internet. I lasted six minute.

Jaqui
Jaqui

I watched as a fresh install of xp went to windows update on the first boot, and was infected by the time they got the first update installed. less than 2 minutes. xp home and no service packs installed at the time. The owner of the system was trying to get sp1 installed when he went to windows update.

Michael Kassner
Michael Kassner

I appreciate your information. It makes more sense when you mentioned that you were using SP1. IMO, WinXP has become a great deal more solid since then. I am running similar tests to determine the minimal requirements for a secure WinXP system. The reason I am running the tests, is that in the business world users typically do not have the luxury of choosing one or the other, i.e., business equals MS products. Also, I have yet to see any what I call call unbiased head to head test results between Apple and MS in this regards.

Tig2
Tig2

I saw traffic that I wasn't sending and shut down the box. And scorched and rebuilt it. At the time, it was an XP SP1. It is possible that I would have different results today. Mycroft is running naked on a Win system and I am looking forward to hearing how he's touching the Net and if he is behind anything. He said that he's had no problems also. Still- I would only do something like that to feed my intellectual curiosity. I feel much better when I have good security tools in place.

Michael Kassner
Michael Kassner

I am again curious as to what happened. I have ran similar tests and really had little if any issues with an up-to-date WinXp box and its firewall enabled in the default condition. I expected more problems, but did not have any just by using safe practices. Please realize I am not trying to stir a hornet's nest, just looking for verifiable test results.

OldER Mycroft
OldER Mycroft

After each reinstall (they're becoming more frequent!) I don't bother with AVG or ZoneAlarm any more. Standard Windows firewall, no updates post-SP2, wireless router has hardware firewall, personal id - admin status. Velcro has NO IMMEDIATE ACCESS to dangly-bits anymore, ever since she 'discovered' them one night (@ 4 months old) underneath my duvet. :( :D