The Mac Skeptic: Straight Talk on Mac Security Risks
Rebecca Freed, special to PC World
Are Macs impervious to malicious software? No. Have Macs been the
subject of catastrophic attacks? No again. Should Mac users be
vigilant anyway? Of course.
It's time for me to fess up: I've been as complacent as most Mac users
when it comes to taking precautions to safeguard my data and the
integrity of my system. Although my Windows PC is swaddled in
antivirus, anti-spyware, and firewall software, my Mac has been fairly
undefended, up to now. I just haven't felt much urgency to put up
barriers against threats that don't seem to exist.
But at Macworld Expo last month, I stopped by the booths of several
security software vendors and began to wonder if they are pushing
products people don't need, or if they know something I don't. After
all, Mac users are just as vulnerable as anyone to the social
engineering used by many computer exploits to install
themselves. (While Mac fanatics will insist that they're more
sophisticated than the Wintel rabble, there are plenty of innocents in
Apple-land as well.)
Justifiable Confidence?
The complacency about Mac security has some basis in fact: OS X comes
with many of the ports that could allow snooping closed; you have to
change a System Preference to activate file sharing, personal Web
hosting, or even printer sharing. If you don't use these features,
you're protected by default. If you want to give other users access to
some areas of your system, you should turn on the firewall that's
built into OS X.
OS X's built-in firewall lets you specify which types of connections
you will allow.The firewall is in the same System Preference window as
the sharing services, and it lets you close all ports except those for
services you want to allow. The firewall has some advanced features,
including activity logging and a stealth mode. If enabled, the stealth
mode makes your Mac invisible to incoming data inquiries, which is
essentially the same thing that hardware firewalls do. If your home
network includes a router with a built-in firewall, it probably gives
you the same kind of protection.
Turning on OS X's firewall is a no-brainer, but finding it isn't. I
looked for this control under the Security heading--but instead you
need to double-click the System Preferences icon in the Dock, then
double-click the Sharing icon in the Internet & Network section.
The Security preference in the Personal section deals with managing
passwords for account access and FileVault, OS X's built-in encryption
capability. I think FileVault is a great idea, but it's something of a blunt
instrument. I would like the ability to encrypt just some folders, not all
of my hard drive. And as someone who regularly forgets passwords, I'm scared
of the possibility that I could irretrievably lock up the contents of my
hard drive.
Another reason that Mac users tend not to worry about exploits is that Apple
tends to patch discovered vulnerabilities quickly. In 2005 Apple issued nine
security updates as well as product updates incorporating security patches.
These patches addressed exploits that were theoretical; as with most Windows
vulnerabilities, no one had used the security holes to create a worm or
virus and release it into the wild.
For example, last May an independent developer revealed a
proof-of-concept exploit in a Dashboard widget, but no malicious
activities were reported as a result of the security hole. Within
days, Apple had released a security update that fixed the problem: You
are now warned with a dialog box when you download and open a widget,
and you can remove them, unlike in the first iteration of Dashboard.
Like using the built-in firewall, taking advantage of OS X's Software
Update is also a no-brainer. To set up automatic updates, open System
Preferences, click on Software Update in the System section, and
choose an interval at which to check for updates.
Safety Software
All the precautions I've just discussed are nonintrusive and no-cost,
since they are included in the operating system. But are they enough?
Just because almost no Mac vulnerabilities have turned into full-blown
exploits in recent years, does that mean it won't happen? It would be
foolish to think so, and OS X's defenses aren't foolproof. I tried
downloading the malicious widget mentioned above, and found that the
system's warning said only "do you want to install the program
'zaptastic'"? That doesn't tell me anything about the program or warn
me that it's potentially harmful. Only by comparing the name of the
applet to a database of known viruses or spyware would I learn that I
shouldn't install it.
I checked out a spyware scanner from Securemac.com called MacScan 2.0,
after speaking with the vendor at Macworld Expo and secretly thinking
"Yeah, right. Mac spyware. Show me, dude."
What the vendor showed me was a list of programs that its system had
been intentionally infected with. So back at home, I downloaded a
trial version of the $25 program and scanned my system. Predictably,
MacScan found no malicious apps. I checked out the company's list of
known spyware, and it consists mostly of keyloggers -- programs that can
be surreptitiously installed on a computer to record a user's
activities -- although MacScan does identify some Trojan horses and
remote dialers as well.
Since I don't share my Mac with anybody, and there's no one in my home
office who'd want to spy on me, I don't need to worry much about
keyloggers. And I wasn't completely satisfied with the amount of
information provided by MacScan: There are generic descriptions of the
various general categories of malicious software, but no information
about the specific programs, such as how prevalent they are or how
much damage they are capable of. Spyware scanners for Windows often
give you this kind of information.
Antivirus Scanner
ClamXav lets you schedule virus scans and choose folders to watch for
infected files.I also tried a free, open-source antivirus scanner for
OS X, called ClamXav. I found it to be reasonably full-featured,
allowing me to schedule scans and specify folders to watch. It was
easy to install and run, and scanned everything on my system,
including my e-mail files. When I ran it, ClamXav found a potentially
harmful attachment.
Scanning e-mail is important because Mac users could unwittingly
forward an infected message attachment received from a Windows
user. In fact, catching and containing crud received from Windows
users is currently the best reason to use a virus scanner on the
Mac. I haven't used ClamXav for long, but I'm keeping it on my
Mac. I'd recommend giving it a try.
A Firewall That Tells Too Much
Little Snitch alerts you if programs on your Mac try to phone
home. And then there's Little Snitch, a complement to the OS X
firewall that monitors which programs on your system are calling out
to the Internet, and through which ports. This $25 shareware has a
trial that lasts for only 3 hours, but that's probably long enough to
alert you to any suspicious programs -- or drive you crazy, whichever
comes first.
When I tried Little Snitch, it repeatedly popped up warnings for
innocent connections (such as my e-mail program sending a message)
even if I checked the "allow forever" option. And Little Snitch
requires a rather high degree of computer know-how: It doesn't give
you any hints as to which programs are legitimate and whether they
should or shouldn't be using a particular port. I got numerous
warnings related to my system connecting to my iDisk remote
storage -- but they weren't easily recognizable and could have been very
worrying.
ZoneAlarm for Windows does a much better job of interpreting
connections and allowing you to turn off particular alerts. Little
Snitch is getting kicked off my system.
Other Options
There are a handful of commercial antivirus programs and security
suites for the Mac as well, including McAfee's Virex, Symantec's
Norton Antivirus and Personal Firewall, and Intego's collection of
security products for the Mac, including ChatBarrier (an iChat
encryption product), NetBarrier, and Virus Barrier.
Last winter, sibling publication Macworld compared Mac security
products, and the reviewer liked Intego's $70 VirusBarrier best among
the antivirus products reviewed. And in a Macworld roundup of
third-party software firewalls, the reviewer found that these products
didn't add significant improvements over the built-in OS X firewall.
After mulling all of this over, I think I've reformed a bit. I now
have a few more defenses in place and a healthy caution about
downloading and installing unknown files -- but I'm not paranoid. I'll
fork over a donation to the developer of ClamXav, to make sure he
keeps updating the product, and I'll keep an eye on information
sources like Mac Security News and MacInTouch.
Mostly, I figure that I'll take the same reasonable, sensible security
precautions that I take with my Windows PC to keep out most of the
crud -- and I won't be surprised when the Mac crud inevitably surfaces.
Comments or questions? Drop a line to
Copyright 2006 PC World Communications, Inc.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html
Rebecca Freed (pcworld@telecom-digest.org)