As a longtime Windows user I'm accustomed to malware. When I switched to Mac OS X I found a different world that seemed immune from security threats. I really wanted to believe the prevailing mantra that "things are different here", but I don't buy into that theory.
While I am a big believer that Mac OS X is more secure than its more popular counterpart, the small size of the Macintosh market has virtually guaranteed that criminals would ignore it. The "return on investment" to the criminals just wasn't worth their time and effort.
This is changing, however. With the recent "cool" factor of Mac and the ever increasing Apple market share, criminals will start to take notice.
This lens is about how to get your defenses in place before its too late. Shields up!
While I am a big believer that Mac OS X is more secure than its more popular counterpart, the small size of the Macintosh market has virtually guaranteed that criminals would ignore it. The "return on investment" to the criminals just wasn't worth their time and effort.
This is changing, however. With the recent "cool" factor of Mac and the ever increasing Apple market share, criminals will start to take notice.
This lens is about how to get your defenses in place before its too late. Shields up!
Threats to Your Mac
Top 5 Threats to You and Your Mac
- Malicious Software
- Phishing / Social Engineering Scams
- Prying Eyes Invading Your Privacy
- Network Attacks
- Physical Theft
Protection from Malicious Software
Techniques to prevent infestation and to detect when you have been exposed
Update, Update, Update!
The most critical step is to keep your OS X software up-to-date.
Detection
Detect when keyloggers or other trojans leach themselves with TripWire.
Hardening Your System
Make it harder for criminals by hardening the common places malware targets. Run Apple's Disk Utility to ensure your file/folder permissions are correct.
Harden newly created files by changing the default umask.
Prevent trojans from grabbing root access by fixing the sudo weaknesses.
Keyloggers
Keyloggers are one of the worst security threats around. This site covers how to protect your Mac from Keyloggers.
Automatic Form Filling
Keyloggers would be useless if you never typed sensitive information. This is exactly what this unique password manager does. It fills web forms without using the keyboard or clipboard so keyloggers can't steal your online account information.
Network Monitor
Trojans and Spyware exist to send the gathered information back to its owner. Keep an eye on who your programs are talking to with Little Snitch.
The most critical step is to keep your OS X software up-to-date.
Detection
Detect when keyloggers or other trojans leach themselves with TripWire.
Hardening Your System
Make it harder for criminals by hardening the common places malware targets. Run Apple's Disk Utility to ensure your file/folder permissions are correct.
Harden newly created files by changing the default umask.
Prevent trojans from grabbing root access by fixing the sudo weaknesses.
Keyloggers
Keyloggers are one of the worst security threats around. This site covers how to protect your Mac from Keyloggers.
Automatic Form Filling
Keyloggers would be useless if you never typed sensitive information. This is exactly what this unique password manager does. It fills web forms without using the keyboard or clipboard so keyloggers can't steal your online account information.
Network Monitor
Trojans and Spyware exist to send the gathered information back to its owner. Keep an eye on who your programs are talking to with Little Snitch.
Phishing Defenses
Techniques to prevent scammers from stealing your information
This site covers Mac phishing protection techniques in depth. Below are the highlights.
There are not that many products on the market yet that protect you from phishing scams. There are a few but they are not all created equal:
Automating the Login Step
Automating the login process is the best way to protect yourself. If you always rely on the computer filling in the password, you will never accidently give your information to a scammer because the computer won't let you.
AutoFill for Safari doesn't work for all websites and is not enabled by default. This makes it easy for you to accidently give your data to a scammer (oh man, is Safari not working again! I better type it...)
The Firefox password manager is much better and always works. It only works in Firefox of course.
The 1Passwd password manager works on all sites and most browsers.
Toolbars
The Google firefox toolbar is a fair attempt, but it does have a few issues. Ebay also has a toolbar, but it is designed to protect your eBay/PayPal accounts.
Aside from not providing complete protection, these toolbars don't support all the diverse browsers available on Mac.
Firefox 2.0
The new Firefox browser comes with a "black list" of phishing sites. Trying to keep up with the criminals is a bad idea.
Emblems and Seals
Some sites allow you to create "seals" or "emblems" that are supposed to help. This is a pathetic attempt at phishing protection.
There are not that many products on the market yet that protect you from phishing scams. There are a few but they are not all created equal:
Automating the Login Step
Automating the login process is the best way to protect yourself. If you always rely on the computer filling in the password, you will never accidently give your information to a scammer because the computer won't let you.
AutoFill for Safari doesn't work for all websites and is not enabled by default. This makes it easy for you to accidently give your data to a scammer (oh man, is Safari not working again! I better type it...)
The Firefox password manager is much better and always works. It only works in Firefox of course.
The 1Passwd password manager works on all sites and most browsers.
Toolbars
The Google firefox toolbar is a fair attempt, but it does have a few issues. Ebay also has a toolbar, but it is designed to protect your eBay/PayPal accounts.
Aside from not providing complete protection, these toolbars don't support all the diverse browsers available on Mac.
Firefox 2.0
The new Firefox browser comes with a "black list" of phishing sites. Trying to keep up with the criminals is a bad idea.
Emblems and Seals
Some sites allow you to create "seals" or "emblems" that are supposed to help. This is a pathetic attempt at phishing protection.
Keeping Your Privacy Private
Strategies to keep your private information and usage habits secret
Network Protection
Protect yourself from network attacks
Network and Port scanners
Enable your firewall.
Securing Your Wireless Network
Enabling encryption and authentication on your Wireless Network does provide a fairly good level of security. However, there are easy ways to break WEP.
It is therefore important not to rely on the security of you network as your only defense. In fact, security expert Bruce Schneier doesn't use WEP at all. Since WEP is not secure enough to guarantee his machines' safety, he doesn't bother to enable it.
Network Sniffing
Assume that everything you send over the network can be read by criminals, because it can. You must encrypt everyting that you don't want people to see.
Be sure to secure your email access, especially over insecure wireless networks.
Enable your firewall.
Securing Your Wireless Network
Enabling encryption and authentication on your Wireless Network does provide a fairly good level of security. However, there are easy ways to break WEP.
It is therefore important not to rely on the security of you network as your only defense. In fact, security expert Bruce Schneier doesn't use WEP at all. Since WEP is not secure enough to guarantee his machines' safety, he doesn't bother to enable it.
Network Sniffing
Assume that everything you send over the network can be read by criminals, because it can. You must encrypt everyting that you don't want people to see.
Be sure to secure your email access, especially over insecure wireless networks.
Physical Theft Defenses
Techniques to keep your data protected even if your Mac is stolen.
Once you lose your machine, account logins and firmware passwords can't help you anymore. It's trivial to copy your harddisk contents to another machine and scan your data.
Keeping your information encrypted is your only defense. You should use one of the various Mac password managers to keep all your confidential information.
FileVault and Encrypted Disk Images are also good defenses but they are not that easy to use.
Keeping your information encrypted is your only defense. You should use one of the various Mac password managers to keep all your confidential information.
FileVault and Encrypted Disk Images are also good defenses but they are not that easy to use.
Reader Feedback
Like this lens? Want to share your feedback, or just give a thumbs up? Be the first to submit a blurb!
by dteare
Historically a longtime Windows user and enterprise consultant, I've converted to Mac OS X and started my own company. (more)
