Mac Security: Don’t Get Overconfident!
May 28th, 2005You have to feel smug when you hear the statistics. Over 80% of PC users have been infected by spyware, and, dozens of spyware applications are typically found on their computers. Even the fastest Pentium-based workstations can slow to a crawl under this abuse. If you want to get a small picture of the damage Windows users face, read attorney Eric J. Sinrod’s article in USA Today on the subject. No wonder Congress is struggling over bills to protect us against the malware scourge.
Of course, these are Windows problems, right? Serves them right for using an operating system that wasn’t originally designed with security in mind. Whether home or business computers, I just wonder how many hours of work are squandered fighting the losing battle against these security leaks. Shouldn’t they all just switch to the Mac and enjoy a safe, secure computing experience? I mean, when was the last time a Mac OS X virus appeared, other than a few “proofs of concept”? In fact, when was the first time such a threat appeared?
Despite the apparent safety of the Mac platform, that hasn’t stopped such companies as Intego and Symantec from delivering virus protection software for the Mac. So what’s the point, other than to sell product, you may ask?
Well, it’s not as simple as that, not by a long shot. First and foremost, even if there is no immediate Mac virus threat, consider what might happen if you unknowingly forward a virus infected message to a Windows user. Today’s Mac virus prevention software is designed to detect a Windows virus, so you don’t end up being the “Typhoid Mary” or “Typhoid Martin” who unwittingly infects a PC user. Maybe you don’t care that much, but when you consider the fact that you have to interact with Windows users all the time, why do you want to be the source of even more misery?
Just as important, don’t get complacent! Every month or so, Apple releases a Mac OS X update designed to eradicate security leaks. For example, yesterday’s Keynote 2.0.2 update which, among the bug fixes, addresses a problem where “A maliciously modified Keynote presentation could be constructed to retrieve files from the local system.” So if you’re a Keynote 2 user, you are best advised to launch Software Update and let it do its thing.
Every time Apple plugs a security hole, it just shows that we are vulnerable. No operating system is immune. Yes, Mac OS X may be more resilient in protecting us from such things, but you have to be on guard anyway. Right now, with the Mac’s market share in the low single digits, maybe we’re not targets, at least not yet. But if the Mac’s market share continues to increase, the situation may very well change. In a recent published report, Steve Jobs warned that “”One thing you never want to do in dealing with security and viruses is be cavalier.”
Now I don’t want to have to say “I told you so,” but over the years, a few dozen Mac viruses have been unleashed. In fact, I still remember, back in 1989, when I installed a new Mac in my home, and, within minutes after installing a shrinkwrapped commercial application, encountered a virus infection. I probably wouldn’t have recognized the problem immediately had another application, QuarkXPress, delivered a warning that it couldn’t open because a virus had infected the system. I don’t know if today’s versions of XPress have similar features, but I have to thank the programmers at Quark Inc. back then for saving the day. I hadn’t thought about a virus threat, and, without software at hand to combat the problem, I ended up wiping the hard drive and reinstalling everything from scratch.
In the days just prior to the arrival of Mac System 7, large numbers of Macs were infected by a desktop virus, which damaged the database files that kept track of icons and application links. At the time, I was running the Mac section of a graphic arts service bureau, and nearly every floppy we got from clients was infected. Fortunately, after that exasperating close encounter back at home, I had the foresight to make sure all the office Macs were equipped with virus prevention software. I never regretted that move for a moment.
Although I have been skeptical of claims that Tiger’s Dashboard widgets are vulnerable to malware infections, the fact of the matter is that any application you run on your Mac has the potential of being infected in some fashion. In addition, Apple provides lots of system level features that application developers can tap to ease the process of creating new products. There are tools for both audio and imaging programs, for example. And, of course, there’s AppleScript. Consider for a moment what might happen if someone creates a script that masquerades as something useful, but, behind the scenes, deletes your files.
Spyware? Well, it hasn’t happened to us yet. The fact that you have to enter an administrator’s password to install an application should give you pause to think of what you’re doing, so you only install software you really want. But some applications don’t have installers. You just drag them to the Application’s folder and they’re ready to roll. Remember, the big problem on the Windows side of the world is that applications install themselves behind the scenes, without warning, without the option to just say no.
At the sime time, you should make sure you get your software from a trusted source, such as one of the popular software update sites, or direct from the publisher. Don’t be tempted by the ease of finding stuff on a peer-to-peer network, and before you break out that copy of Bit Torrent, think carefully what you’re doing. It’s always possible that a seemingly benign system enhancement might just secretly monitor your keystrokes and send it off to an Internet criminal to use as part of an identity theft scheme.
Remember what Steve Jobs is telling you. Be careful. Yes, it can happen here, and, yes, I do recommend virus prevention software for anyone who shares files with another computer or travels the Internet. And that means the vast majority of Mac users.
Print This Post
