Macs Aren’t Safer, Just a Smaller Target

When news like the rampaging Conficker virus hits, Mac users often feel a certain sense of comfort — if not smug superiority — knowing it doesn’t affect them.

16macfilmstripjpg

But just how relaxed (or smug) should Mac users be? It’s true that very few viruses have been written for Macs — and none are spreading actively right now. Similarly, hacker programs distributed by malicious Web sites typically run only on PCs.

Yet Macs’ relative safety is primarily due to their still-slim market share. They’re simply a waste of time for today’s attackers, who are trying to accomplish crime on a large scale by infiltrating millions of computers. And there’s nothing inherently more secure about a Mac. Researchers found 26 vulnerabilities in OS X in 2008, about the same as in Windows Vista (27), according to the security software maker Symantec. If its market share rises enough, the Mac will become a target and attacks will succeed.

So, what does this mean for Mac users? Should they buy security software just to be safe? Are there steps to take to minimize risk? I called up Rich Mogull, founder of the security consultancy Securosis and a contributor to the Mac news site TidBITS, to get some answers.

Here’s the lowdown:

* For most, security software isn’t necessary. “The risk to Mac users at this time is too low, and the benefits provided by extra software are not worth the cost,” Mogull says. (Products from Symantec run from $50 a year to $90, while Intego’s sell for $40 to $100. See product reviews here.) The exceptions: people whose employers require it and people who are into pornography, online gambling or file sharing. On sketchy sites, you could stumble upon a Trojan horse for Macs, “and they are pretty bad if you get one,” he says.

* Use the built-in firewall, especially if you use a laptop in cafes, hotels or other public places. Go to “System Preferences,” click “Security” and then “Firewall.” Mogull recommends choosing “Set access for specific services and applications,” and then allow connections as you need them.

* Use e-mail services that provide virus and spam filtering, like Yahoo Mail, Hotmail, Gmail or Apple’s own MobileMe. These providers will quickly block any new viruses.

* For browsing the Web, consider using Firefox with the no-script plug-in. Some users will find it annoyingly disruptive to have every JavaScript blocked, but it’s a blessing “for the really paranoid, like me,” Mogull says. Also consider using one browser just for banking, a tactic that will protect you from some Web-based attacks.

* Say yes to the software updates Apple sends your way. Many are fixes for security vulnerabilities that could leave you open to attack.

* Keep in mind that many common scams exploit the vulnerabilities of humans, not machines. You are not immune from “phishing” scams that aim to trick you into disclosing sensitive information that can be used in fraud schemes.

So be cool, just not too comfy.

.

Gadgetwise – New York Times

By RIVA RICHMOND, April 7, 2009, 6:08 PM

Advertisements

One thought on “Macs Aren’t Safer, Just a Smaller Target

  1. It isn’t either that your security is better or you shouldn’t be complacent and smug. Even if your security is better, you still shouldn’t be complacent and smug.

    And Mac’s security is better than Windows. But that doesn’t mean it’s invincible. Linux and Mac both have vulnerabilities that get patched all the time.

    More importantly, all operating systems have stupid users on them. Conficker got a lot of press, but it wasn’t Microsoft who dropped the ball. Microsoft had the vulnerability patched at least a month before Conficker hit. Conficker was able to spread because stupid users did not install Windows updates regularly.

    And the latest Mac trojans (from pirated iWork and Photoshop) were able to thrive because stupid users installed untrustworthy software.

    The user is always the weakest security link, and most malware now (rogue viruses, for example) take advantage of easy social engineering instead of actual software flaws.

    Security software (antivirus, antispyware) is generally useless on any system. I definitely agree on the recommendations for installing regular system updates and using the NoScript extension on Firefox, though. And if you’re using Windows XP, use a limited user account. If you’re using Vista, don’t turn off UAC, no matter how annoying you think it is.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s