As of late one of the most talked about topics regarding Macs on the web today is malware, in particular the Flashback trojan. For nearly 10 years, the Mac has managed to successfully maneuver safely through the turbulent waters of the Internet with a pretty solid track record. But, as more Macs are increasingly being adopted and as the Internet continues to become more complex, the risk for contracting malware will continue to grow for some time to come. Apple is working to reduce the impact of infections in several ways:

  • using the Mac App Store to filter out harmful applications
  • providing software updates and patches
  • increasing security measures in each version of OS X.

It’s unlikely that Apple will ever completely protect Macs from the harsh realities of the web, but the Mac is indeed a very secure platform and with a little effort, you can reduce yours or your users’ risk of being infected.

Best practice tips for Mac users

First, remind Mac users of the basics of how one can be exploited by malware and viruses. Fully understanding a computer’s vulnerabilities helps to reduce the odds of contracting one in the first place. Users should understand that the most common ways to contract malware is by using applications that share files. Applications such as Mail, browsers such as Safari, Firefox, and Chrome, and iChat/Messages can be easily compromised by malware because they all have the ability to share files in one form or another.

In most cases, it is the naive or reckless user, and not the computer, that is easiest to convince into installing malware through social engineering. This is true for all systems, regardless of OS. Malware often times present itself as a harmless file or as a familiar application in which it will attempt to convince users to click and install.

More sophisticated malware attempts to take advantage of lesser known services or applications running on a computer. In the case of Flashback, two methods were used. Initially Flashback would present itself as an update to Adobe Flash, convincing the user that it was a necessary update. Eventually, Flashback evolved to take advantage of a flaw in the version of Java installed on the Mac. These are the most common ways in which a Mac or a PC can contract unwanted malware.

Since the most vulnerable application on any computer is the browser, I’m going to run through a few tips that should work with most browsers, but I’m using Safari, the default browser on the Mac, as the example.

Turn off open safe files

Safari, as well as other browsers and mail applications support a feature designed to make life a little easier that allows for known safe files to immediately launch after downloading. Disabling this feature reduces the possibility of initiating the installation of a file that could be passing itself off as something far less harmless. The setting can be found in Safari’s Preferences pane.

Disable Java

First and foremost I want to be clear, Java is not JavaScript, and where the Internet is concerned most of us experience a web where Java is rarely needed. JavaScript on the other hand is frequently employed on the web and though disabling JavaScript will indeed make your Mac more secure, it’s a technology that we on the web have become heavily dependent on. When Java is needed on the web, you will often be presented with a request to install Java when it is disabled. When you’re in a situation where you require Java, it is a simple as opening up your browser preferences and enabling it for use to accomplish your task. Disabling it once again when you’re finished will again assist in the prevention of contracting malware.

Disable plugins

Most of us will grapple with this request, however, the web is moving more and more away from the use of plugins such as Flash and more toward HTML 5. If you’re willing to compromise some of your web experiences, you will both be protecting yourself while helping the web to move in a positive direction. Many websites rely on Flash, however, if users are visiting these sites with plugins disabled, webmasters are able to see how many people are visiting the site and what technologies they are using to access it. If a significant number of users do so without plugins, webmasters will be more likely to consider making the jump from Flash, an application that is often unstable and vulnerable to attack, to using HTML 5 — and do it more rapidly. In the end, disabling plugins benefits us all.

Each of these steps will help to reduce the odds of infection, though it’s important to remember that there is no such thing as an impenetrable computer connected to the Internet.