As Mac users we’ve always been so proud to point out the lack of malicious software to worry about. Sure there were some “concept” viruses but they required administrator access and pretty much a complete idiot to do even the slightest amount of damage. We can thank the incredible UNIX system in which OSX is built off of. It may also help the fact that we are in the minority.
Virus authors really don’t want to concentrate on attacking the Mac family since therea is a much bigger market out there. Until recently, we’ve been seeing only two Mac viruses come out into the open, and both of them require your admin/password to break through the rock solid UNIX core of Mac OS X. And even then, they just changed some DNS setting which pointed your Mac to a hacked site, the damage which could be reversed by manually changing your network settings.
First let me say this, you really have nothing to fear if you’re smart. Now I want to go through a few things about what exactly viruses intend to do, what these viruses are, and how to protect yourself.
The Objective of a Virus
Wikipedia defines a computer virus as being:
A computer program that can copy itself and infect a computer without permission or knowledge of the user.
In the early days of virus’ most of the programmers really just wanted to show off their stuff. They used to first only say “Hey look at me! I got on your system without you knowing”, then they progressed to actually harming your files and now days they are used to either steal from you are steal from others. Viruses have become a money maker for their authors and it’s also become a business.
You don’t need Anti-virus software!
It’s true! Did you know that the majority of security experts on Windows really don’t need to run anti-virus software? They know how you can get viruses on their system so they just avoid doing those things. Consumers (like you and me) are not quite as knowledgeable and will click something they shouldn’t have. Anti-virus software doesn’t keep viruses away 100%. It’s only a second line of defense, a moat surrounding your fortress. Enemies can still get smart enough to vault over that moat and get in your castle.
The first line of defense is yourself! You just need to be smart when you’re on the internet. Unfortunately Mac users have become so lax in what they do because they don’t have to worry about viruses. This might our downfall because we are quite a few years behind in thinking securely (as a whole) than Windows users.
You are the first line of defense
Mac users have really nothing to worry about if we play it smart when it comes to viruses. OSX is still inherently more secure than Windows and Apple has included some fairly nice security features in it. Leo Laporte of the TWiT network has some pretty good advice that I think can be applied to Mac users:
- Don’t click unknown links in emails This is basically how phfishing works. People get an email from their banks saying they need to come and confirm their account. Someone clicks the link, enters their account info and bam! The scammer has your bank info. The safest way to deal with email links is just to copy and paste the link or enter in the URL yourself and navigate to the desired address.
- Don’t open unknown email attachments For Mac users this isn’t quite so bad because if anything wants to run it needs administrator access. On Windows you typically want to verify that you were expecting the attachment and then just run it through a scanner. Eventually Mac virus authors will find a way to circumvent the Administrator install feature.
- Run Windows update automatically Well obviously Mac doesn’t have Windows update but you should still run Software Update regularly. Usually though you’ll find out about a security patch because it’s been blogged thousands of times.
- Don’t go to sites you can’t trust Pretty much the same thing for email links/attachments. If your not sure about the legitimacy of a website get out of there right away. Of course, Safari 3.2 now features phishing and malware protection so you will be mostly safe from this.
- Run as a regular user and not Administrator It’s just a good way to keep yourself from mindlessly pressing the allow install buttons. Also makes it harder for viruses to install themselves. [Ed note: I've done precisely this on my dad's MacBook. He can't install or do any damage with his 'regular' account.]
If you’re still paranoid then here’s a recommendation
If you’re even partially smart with what you do on the internet you really don’t need any AV software (even Apple thinks so!) but if you really must get some then check out ClamX, a free and open source app for the Mac. You may also want to install an AV if you don’t want to unknowingly pass on viruses to Windows computers. [Ed: Personally I like it when my Windows friends get infected with the virus!]
{ 8 comments… read them below or add one }
I use a Mac. I don’t get viruses and I don’t get paranoid. I’ll leave that behavior for our PC brethrens.
Nice article though. Some good tips for sure.
)
“Tips for Living in a World Where Mac Viruses Actually Exist!”
Here is a better tip: Move back to planet Earth!
Just being careful can’t and doesn’t protect you.
One example – my wife was browsing for technical information on Speech Therapy and got hit by the phony XP Anti-Virus virus.
http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/
If we’d been running Windows, then the machine would be gubbed! No user error involved – all the mistakes taking place at a remote, but legitimate website.
The new school of malware writers are doing it for profit, and they want to take control of your machine to make money. Therefore they make sure that their warez take the minimum amount of user intervention. On Windows currently this means no intervention.
Some of your advice seems a bit draconian, never click on e-mail links or docs, what never? Drastically reducing the usefulness of e-mail links or attachments.
I usually get viruses from people touting the ‘I’m too smart to get a virus’.
Good article. It’s nice to read something about viruses that isn’t “YOUR COMPUTER WILL DIE! DOWNLOAD AV SOFTWARE. NOW!!!” Instead, it points out that common sense is the best AV, which I couldn’t agree more with.
Good writeup. IMO we wil know when we need an Antivirus for our Macs. The day one virus hits the scene (that circumvents the password barrier) the whole tech world will know it and only then will I install an antivirus. Till then, I’ll follow that last rule you mentioned.
I’ve been using windows, macos and linux for quite a long time. The truth is that in windows enviroment, just been cautious doesn’t do the job. For example, if you work over a net, your terminal may get infected anyway… A good AV and a nice firewall will be more effective. It’s different in macos and linux, the administrador rights are more difficult to get for a malicious piece of soft, anyway, have an AV and get used to scan your computer is a good advice…
I’ve been using windows, macos and linux for quite a long time. The truth is that in windows enviroment, just been cautious doesn’t do the job. For example, if you work over a net, your terminal may get infected anyway… A good AV and a nice firewall will be more effective. It’s different in macos and linux, the administrador rights are more difficult to get for a malicious piece of soft, anyway, have an AV and get used to scan your computer is a good advice…
But shouldn’t we make a distinction between valuable cluelessness as espoused in Kathy’s post as opposed to that of, say, politicians who are not usefully clueless?