mac internet security?

[iceman]

I'm new to this whole mac thing, but isn't there soemthing I should be doing to protect this box?

Coming from the whole world of ZoneAlarm, AdAware, Macafee, spybot, etc. etc., this just seems weird.

Any suggestions?

[igBand]

Call me reckless, but about the only thing I've ever felt I needed for my macs is your everyday virus scanner. I've been using them for work for about 7 years now and have yet to encounter any problems (said while knocking on every piece of wood I can find).

[focus]

i switched to a mac 2 years ago... haven't done anything to secure it, not even a virus scanner. i just kinda do my thing, and haven't had any problems. i get a huge kick out of it, coming from pcland -- gleefully opening email virus attachments and yelling "What's up now, BITCH!?" at the monitor.

supposedly malware targeting macs is on the increase? i should probably look into some token anti-badstuff.

i have a buddy who scans his pretty regularly for badstuff, and the only things he's found so far are pc viruses (attached to mp3's and the like).

edit: i only open pc attachments....exe's and etc.

[Eldo]

I would suggest a few things.

Turn on the internet file wall, if it's not already on: Systems Preferences > Internet & Network > Sharing > Firewall. You can allow access if you need it on a certain port.

If you use Safari to browse the web, set it so that you have to manually open any downloaded items: Safari Preferences > General, then un-check the box titled "Open safe files after downloading." It's easy enough to manually open a downloaded file later on once you know what it is. (I've clicked on innocent looking web pages links and had them trigger a download of some sort. Most are likely Windows malware that wouldn't work on a Mac, but better to be safe.)

Otherwise I follow one common sense rule: Never open attachments in an email unless it is from someone you know.

I've been using Macs for a very long time (15+ years) and have never had a single virus or any other problem. I've also never had an anti-virus program. I'm not sure how people put up with all those things that affect PCs.

[Arty50]

Eldo pretty much covered it. Definitely turn on the software firewall built into OS X. If you're behind a hardware firewall, like the ones built into broadband routers, even better.

There still hasn't been a true virus for OS X. The only malware so far have been trojan horses. What's the difference? A virus can infect your system and spread itself automatically without you doing a thing. A trojan horse requires you to take some action (opening a file, starting a program, etc.) to infect your system. So unless you're really dumb with computers and open every single file that's sent to you no matter who it comes from, there's nothing to worry about. Which leads me to another point...

Otherwise I follow one common sense rule: Never open attachments in an email unless it is from someone you know.

You need to take this one step further. Never open an email attachment unless it's from someone you know and you know that the file was truly sent by them. Email worms only exist on the Windows side for now, but it's conceivable that an email worm which contains a Mac trojan horse could work its way through the windows world. This means that your grandmother's computer might be infected by a virus that sends you malware via her email address. This is all speculation and nothing like this has happened yet, but it's worth noting from a general security perspective. Bottom line, only open files that you trust 100%.

As for anti-virus software, it's really not needed right now. There is a slight exception. MS Office macro virii can infect your MS Office files. They can't harm your system in any way, so it's not a problem for you. However they can compromise your other Office files, so that when you send an Office file to someone else you may spread the infection. I haven't seen one in a long time, but they are out there. So if you want to be a good internet citizen and protect your friends computers too, buy some anti-virus software.

All that said, I keep laughing at the anti-virus companies. They're always trying to scare Mac users or potential Mac buyers. The bottom line is that Mac OS X is vastly more secure than Windows. I'm not saying there will never be a virus, but if and when it does come it will do a lot less damage than the ones on Windows. Apple did a great job of walling off the separate pieces of their OS. MS tied everything together too closely, and it's bit them in the ass big time.

[iceman]

Cool, thanks. Eldo, should I allow or disallow FTP sharing with the firewall?

edit: And Arty I don't have MS office, just word, that should be fine, right?

[Blatant]

Here's some interesting reads i ganked...for your use.


quite interesting tidbits that compare mac and windows... http://www.13idol.com/mac/macfacts.html


There seems to be a lot of confusion and misconception on the security of the two operating systems and I'm gonna try to clear it up right here and now. First off, forget all that you have heard, read, or seen on T.V. These reports are from, for the most part, non-techs who are regurgitating a report which was done by a company whose data was bought and paid for by ?. Not only is this being done, but it is being done in a way which is incorrect. Data is data, anyone can take data and distort it to make their point...

Let me say, as a guy who fixes computers and gets paid to break into networks for a living, that there is no comparison. Mac has far better security...

THERE IS NO COMPARISON...

This is not due to the market share...
I understand, and agree, that there are more Windows machines out there and, to do more damage, it would be more likely that a bad guy would try to break into, or write a virus, a keylogger, or a spybot for a Windows machine. That is a good and valid point, but the point that is rarely brought up is that, market share aside, it is easier to do.

If I write a virus, keylogger, or a spybot for a Windows machine, all I need is a "delivery vehicle" for it to infect the Windows machine (email, browser, an open port, etc). What I mean by this is: All I need is a Windows computer that is on and I can do my thing (and most people do just that - they walk away from their computer leaving it on and ready to go)...

A Mac on the other hand, is the complete opposite. To install anything, ANY PROGRAM OF ANY TYPE, the user has to "OK" it by giving the computer his/her username and password. Any time you try to install anything on a Mac, it will ask permission. This is why there have been no great infections on a Mac - if you suddenly got a pop-up asking if you want to install something what would you do? You'd hit the "Cancel" button, right? This simple step is probably the largest security measure which sets the two OS's apart from one another...

To install anything on a Mac, the user has to be there and he/she has to give permission; to install something on a Windows machine it just needs to be on. This is the largest security issue, in my mind, between the two OS's. There are other important issues to address, but this is, by far, the most important...

Why did I bring up Viruses, Keyloggers, and Spybots as security concerns? Cause this is a bad guy's way into your machine...

Let's say you have a 50 machine office of Windows machines. A virus via email, or one of your employess "clicks" on a link which takes them to a site which installs a virus, infects your system. One system infects 25 within a half-a-day. While the IT department is running around trying to get this virus beat, another email (or another employee clicks on a link which takes them to a website which installs ?) is sent to 5 other employees which installs a keylogger or spybot.

So while the IT department is running around dealing with a virus, a keylogger was slipped in through the backdoor. If this keylogger happens to be a worm which infects other computers, the bad guy will soon be able to spy on your entire organization and no one will know it. If that keylogger happened to be a worm of some type it will probably be on all of your computers within just a few minutes. A keylogger's job is to log all of the keys you type and send them to a database somewhere on the Internet. A spybot can do everything a keylogger does and more, and your IT department will never know what's going on, cause the data your computer is sending to the bad guy's server just looks like you're visiting a website on their screens...

Once the bad guy has the info he needs, he can access your computer. All he needs is one computer - one computer and he owns your network. Once he owns that one computer he can install and run a few programs to get everything else he needs to own every computer on the network, including your servers...

It's just a small step from there and then he owns your data. Once he has that - he's rich, and you have to make that embarrassing phone call to tell the world that your server and data has been broken into...

Notice that he never once tried to break through the firewall - he didn't need to...

Notice that he didn't need to use any social engineering skills - he didn't need to...

With Windows networks, the bad guys never have to leave their house. All they have to do is write a few lines of code (one virus and one keylogger/spybot), find a way to deliver it to your system (email is the most likely way), and read his server logs (the info your computer is sending him). He can do this to multiple computers on multiple networks over-and-over concurrently...

This scenario just does not happen on Mac, Linux, or Unix networks. The worst that would happen is that you would get a few users who would click on a bad email and maybe one or two who would give the program permission to install. So it ends at a few computers, the IT department deals with them in a few minutes and we all go on with our day...
On this last note, most viruses are in fact written for Windows, so even if the original virus made it all the way through the user's permission to install nothing would happen anyway...

Worst Case scenario on a Windows network - your data is owned and you never know about it, and you IT department is running around for a few days cleaning the computers. They miss the whole thing cause they're too busy dealing with the other...

Worst case scenario on a Mac - you have to deal with a virus on a few computers and have a talk with a few employees about that little pop-up box that says "Would you like to install this program?"...

++++++++++++++++++++++++++++

[Free Range Lobster]

you can silently install things on osx.
that article is flawed.

the fact of the matter is, osx/macs are still a minority of the market therefore are still not a "target"

build a better mouse trap and all you create is a smarter mouse.

[bio-smear]

That's one reason Linux is a superior OS (OS X is a derivative of BSD Unix) from a security standpoint. A regular system user can only make changes within their own realm. Many of you who have used college campus Unix or Linux systems are familiar with home directories on a shared server. You home directory is your quarantined userspace. Anything you do in there, or malicious viruses that try to move outside that space will be denied because they do everything as your user, which likely does not have the rights to write files outside your home directory.

The dialog in OS X asking for your username and password to confirm certain system changes is likely a version of "sudo" or a super user mask. It is asking you to re-authenticate to verify you are in the list of users who is allowed to act as superuser for a given focused system changing task.

That's why Macs and Linux rule. It isn't completely foolproof, but it's better that Windows.

[1000-oaks]

Just keep it turned off and you'll be happiest, we have Macs at work and EVERYBODY here (everybody but the computer-illiterate boss has PC's at home) pulls their hair out in frustration with these things...hell you can't even surf the internet, only about 2/3 of web sites work properly on Safari (yes it's updated) and maybe 1/3 on IE for Mac.

lol...no viruses is the only upside.

[Blatant]

the only time i don't like my mac is when i'm trying to down load videos of my friends ma and they have them as media player files.....

[fez]

you can silently install things on osx.
that article is flawed.

the fact of the matter is, osx/macs are still a minority of the market therefore are still not a "target"

build a better mouse trap and all you create is a smarter mouse.

keep in mind though that with improvements/more awareness in the windows side of things, osx/macs may not be a minority of unprotected computers out there for long.

[igBand]

Just keep it turned off and you'll be happiest, we have Macs at work and EVERYBODY here (everybody but the computer-illiterate boss has PC's at home) pulls their hair out in frustration with these things...hell you can't even surf the internet, only about 2/3 of web sites work properly on Safari (yes it's updated) and maybe 1/3 on IE for Mac.

lol...no viruses is the only upside.

Huh??? You guys must be using Mac OS 10.WhatTheFuck.
I can't remember the last site that I visited with Safari or IE (while on a Mac) that didn't work. Maybe 2 years ago, but definitely not now.

[Eldo]

Cool, thanks. Eldo, should I allow or disallow FTP sharing with the firewall?

I don't have it turned on even though I use an FTP app to upload files to my web page, and also sometimes download files from an FTP site via Safari.

Instead I have the passive FTP mode selected: System Preferences > Network > Proxies, then check the "Use passive FTP mode" box.

I think FTP sharing has to do with accessing your computer from a remote site? But I am only partially geeky about a lot of this stuff.

[Arty50]

edit: And Arty I don't have MS office, just word, that should be fine, right?

There are virii that infect Word also. I don't run a virus program, neither do my brother or sister. They interact with client files all the time on their computers and haven't spread virii. I've never gotten a complaint either. So it's not a big deal. I'd say don't worry about it, but it's something you should know about.

[Arty50]

Huh??? You guys must be using Mac OS 10.WhatTheFuck.
I can't remember the last site that I visited with Safari or IE (while on a Mac) that didn't work. Maybe 2 years ago, but definitely not now.

Exactly. This guy's system admin needs to get bitch slapped. Safari works with 99.9999% of all websites out there. And for the rest, Firefox does the job. IE is totally unnecessary. It hasn't been updated in years, development has been cancelled, and Apple doesn't even load it on their computers anymore.

[Lurch]

Cool, thanks. Eldo, should I allow or disallow FTP sharing with the firewall?

Disallow, you would know if you needed it. Disallowing only prevents your machine form acting as an ftp server. You will still be able to use an ftp client to send and receive files from other machines.

A good rule of thumb to follow is turn off everything you do not recognize and know that you need available. If you run into a problem selectively turn things back on.

[igBand]

Very timely article...not sure if any of you are educators out there, but eSchoolNews is a great site regarding technology in education.

They just sent this to me:

http://www.eschoolnews.com/news/show...ArticleID=6138

[iceman]

Cool, thanks for the advice fellas.

[Free Range Lobster]

keep in mind though that with improvements/more awareness in the windows side of things, osx/macs may not be a minority of unprotected computers out there for long.

The way applications are being managed in Vista makes me very very happy.

btw, on sudo, you can buffer overflow i think 10.4.1 to gain root and silently install apps.

once again, mousetrap analogy.

[golden powder]

All the MAC users out there (and a lot of the PC users) will say "you're an exception", "I had more viruses than I could count when I used a PC" and "my friend's PC is always plagued with spyware or worms," but I still offer you the following testimonial.

I've run my PC with WinXP for almost 4 years straight (24/7) (yes, awww, my poor suffering cpu) while continuosly attached to a high speed connection. To date I've had 0 viruses/worms. Some people say I'm lucky. Maybe I am, but I use NAV and ZoneAlarm (both auto-updating) and surf with Opera instead of IE. I can't remember the last time NAV caught anything legit on my computer or I saw some one abusing my ports with zonealarm.

Actually, the one program that has really done wonders for me is PeerGuardian. It's not quite as useful since I switched to BitTorrent for downloading... things..., but the thing blocks most advertising servers too, which is really sweet.

The only bad thing that's happened in four years is I accidentally formatted my main HDD while replacing a dead 8GB HDD with a new 250GB HDD. (note to self, don't play with harddrives at 2am). I could be wrong, but I don't think it's as easy (and cheap) to upgrade/swap harddrives and other hardware on macs.

Also, I've had bad experiences with MACs crashing hard while I was working with my schools computers one summer. Although I will say, I've never seen an easier network printer setup interface.

my $.02

[Lurch]

The problem with PCs is not that you get virus/ad-ware no matter what you do. It's that average users who do not know how to protect their computer get over run with viruses and ad-ware. I've never had a problem with my work PC but I've had to clean everyone of the PCs in my family mulitple times.

OS X just doesn't have that problem yet.

All the MAC users out there (and a lot of the PC users) will say "you're an exception", "I had more viruses than I could count when I used a PC" and "my friend's PC is always plagued with spyware or worms," but I still offer you the following testimonial.

I've run my PC with WinXP for almost 4 years straight (24/7) (yes, awww, my poor suffering cpu) while continuosly attached to a high speed connection. To date I've had 0 viruses/worms. Some people say I'm lucky. Maybe I am, but I use NAV and ZoneAlarm (both auto-updating) and surf with Opera instead of IE. I can't remember the last time NAV caught anything legit on my computer or I saw some one abusing my ports with zonealarm.

Actually, the one program that has really done wonders for me is PeerGuardian. It's not quite as useful since I switched to BitTorrent for downloading... things..., but the thing blocks most advertising servers too, which is really sweet.

The only bad thing that's happened in four years is I accidentally formatted my main HDD while replacing a dead 8GB HDD with a new 250GB HDD. (note to self, don't play with harddrives at 2am). I could be wrong, but I don't think it's as easy (and cheap) to upgrade/swap harddrives and other hardware on macs.

Also, I've had bad experiences with MACs crashing hard while I was working with my schools computers one summer. Although I will say, I've never seen an easier network printer setup interface.

my $.02

[focus]

I too had an old, slow PC with lots of memory that ran continuously and never had problems. I was, however, pretty proficient with the windows OS, and did have hardware firewalls and all the antibadstuff software installed. My same problem was, as Lurch said, families and friends PC's.

It's so refreshing to NOT have to deal with it...and it's also sorta nice to tell friends and family "I...uh...don't really remember much about XP anymore, if it was a Mac prob I'd be all over it. I guess I could figure it out for you, though I'll have to relearn it -- Why don't you go ask ****?"

All the MAC users out there (and a lot of the PC users) will say "you're an exception", "I had more viruses than I could count when I used a PC" and "my friend's PC is always plagued with spyware or worms," but I still offer you the following testimonial.

I've run my PC with WinXP for almost 4 years straight (24/7) (yes, awww, my poor suffering cpu) while continuosly attached to a high speed connection. To date I've had 0 viruses/worms. Some people say I'm lucky. Maybe I am, but I use NAV and ZoneAlarm (both auto-updating) and surf with Opera instead of IE. I can't remember the last time NAV caught anything legit on my computer or I saw some one abusing my ports with zonealarm.

Actually, the one program that has really done wonders for me is PeerGuardian. It's not quite as useful since I switched to BitTorrent for downloading... things..., but the thing blocks most advertising servers too, which is really sweet.

The only bad thing that's happened in four years is I accidentally formatted my main HDD while replacing a dead 8GB HDD with a new 250GB HDD. (note to self, don't play with harddrives at 2am). I could be wrong, but I don't think it's as easy (and cheap) to upgrade/swap harddrives and other hardware on macs.

Also, I've had bad experiences with MACs crashing hard while I was working with my schools computers one summer. Although I will say, I've never seen an easier network printer setup interface.

my $.02

[Arty50]

OS X came out in 2000 and people have been saying "Just you wait, they'll be a virus one of these days" ever since. That's 5 years without a single solitary virus. There have been a couple of trojan horses in that time, but trojans are low on danger scale because they generally require the user to actively do something stupid. Also, Apple has been good about patching these vulnerabilities rather quickly.

The fact of the matter is this: in 5 years there has not been one single solitary virus for Mac OS X. Sure this is due to the relatively small market share of the Mac, but it's also due to the fact that it's much easier to write highly damaging virii for Windows. That's because Apple didn't link all the core components of OS X willy nilly. So it's much harder to bring an Apple box to its knees.

[golden powder]

The problem with PCs is not that you get virus/ad-ware no matter what you do. It's that average users who do not know how to protect their computer get over run with viruses and ad-ware. I've never had a problem with my work PC but I've had to clean everyone of the PCs in my family mulitple times.

OS X just doesn't have that problem yet.

Yeah, I guess the lesson here is that idiots shouldn't be allowed to do stuff unless it's on a mac

I'm just waiting for some lawmaker to decide viruses are a threat to homeland security and require all computer users to pass a computer security knowledge test, and get their computers passed. Kind of like a driver's license and passing an emissions test.

edit: one of these days I'm going to have to switch over to linux so I too can claim I don't know how to fix windows problems. Although I enjoy troubleshooting friends' computer problems, I haven't had to in years. Something about attending an engineering school, everyone already knows how to fix their computer problems.