Macs don’t get viruses, right? While this is technically true, there have been a number of trojans that affect Mac users, and users of all desktop platforms remain vulnerable to spyware, tracking cookies, phishing attacks, and other sorts of security concerns.
In a recent MacWorld report, Sophos security expert Graham Cluley warns Mac users that they should not cast aside security worries simply because they’re using a Mac. As Cluley points out (and rightly so, I’d say):
As we have seen on the Windows platform, the majority of the attacks do not exploit any weakness in the operating system but instead take advantage of the bug in people’s brains. Mac users can be just as easily duped as their Windows cousins into making poor choices, and could end up infected as a result.
One of the most frequent ways for malware to infect a system is exactly that – trick the user into allowing the exploit to run, or into giving up sensitive banking or credit card information. This can be done through fake installers (such as the fake Adobe Flash installer trojan), scam websites that trick you into thinking you’re at another site, such as an online shopping site, a bank, or some other typically trusted website.
Some of these tricks are very convincing, and even experienced computer users sometimes fall victim to a clever ploy. He also points to a specific new threat that takes advantage of a malicious Microsoft Office for Mac file, and could take control over your entire system. What’s worse is that OS X is not able to detect or remove the malware:
Don’t be fooled into thinking that you are protected by Mac OS X itself, which will ask for an administrator’s username and password to install software. You won’t see any prompt for credentials when this malware installs, as it is a userland Trojan. Neither the /tmp/ nor /$HOME/Library/LaunchAgents folders on Mac OS X require root privileges – meaning that software applications can run in userland with no difficulties, and even open up network sockets to transfer data.
While significant malware threats on the Mac are still relatively rare, they do exist – and they’re getting better as time progresses. So what’s a Mac user to do? Cluley provides a few suggestions that Mac users follow a few steps to make sure they remain safe, and I’ve added a few of my suggestions as well:
- Make sure to regularly check for and install system updates.
- Keep your software updated (many attacks target a specific program, and updating that program can render them ineffective).
- Use caution and be sensible on the internet. Don’t provide sensitive information to any site you don’t trust.
- Don’t click on email links to sites such as banks or online stores. Instead, go directly to the website yourself.
In short, keeping yourself and your Mac safe on the internet isn’t just about using antivirus software or keeping your software up to date. It’s also about using caution and making sensible choices. Antivirus software is merely a safety net.