JonHoyle.com Mirror of MacCompanion
http://www.maccompanion.com/archives/November2006/Columns/Security101.htm


 

 

 

 

 

Mac Security 101

http://www.applemacpunk.com applemacpunk at cox dot net Copyright ©2006 Kale Feelhaver

Why Do I Need Anti-virus Software? What You Should Know

By Kale Feelhaver aka: Applemacpunk, November 2006

“Macs don’t get viruses, those are for Windows PC’s.” I hear this statement all of the time, and I want every Mac user to know that this is NOT true. Any OS can get a virus, and every OS has vulnerabilities, Mac OS X included. In this day and age, every Mac connected to the Internet should be running virus protection.

It is true that most viruses are written specifically for Windows. This is because most computers are running Windows, and it allows a virus programmer to do the most damage. However, as Macs become more popular, Mac OS X becomes an increasingly visible target. Apple release their quarterly results on October 18, 2006. The results showed that new Mac sales are the highest they have ever been. The results also showed that Apple has gained a lot of market share. Gartner rated Apple as #4 in the computer industry. Apple passed Toshiba (#5) and is close on the heels of Gateway (#3). As the Mac grows in popularity, more and more Mac-specific viruses will start showing up.

In order to understand what viruses can do to your Mac, it is necessary to understand a little about them. First of all, not all viruses are viruses. The last statement may sound a little confusing, so I’ll clarify. The word virus is often interchanged with the word malware. Not every piece of malware is a virus, but every virus is a piece of malware. The word malware is an abbreviation of malicious software. Other forms of malware include: Trojan horses, worms, logic bombs, spyware, and key loggers.

Viruses (like the name implies) are designed to spread and replicate. There are several types of viruses, including polymorphic, macro, and boot sector. Viruses are generally written to cause damage to a computer system without the knowledge of the user. Trojan horses are malicious programs that disguise themselves as something else. For instance, you could receive an email with an attachment that says, “Click here for a free iTunes song.” If the attachment was a Trojan horse, it may do something like delete your iTunes library, rather than give you a free iTunes song. Using AppleScript, a Trojan horse like this would be very easy to create. A worm is similar to a virus, but it propagates via a network connection. Worms are especially dangerous in companies where one worm can easily spread to hundreds of machines over the LAN. Like viruses, worms usually do damage to the host system. Logic bombs are programs that sit dormant until an event triggers them to cause some damage to your system. A common example of a logic bomb is the old adage about the systems administrator who hides a program on the network to take the entire company down if you ever delete his account. Again, this happens more than you think. Spyware is malicious software that is designed to retrieve personal information about a computer and/or user to exploit it in some way. Spyware programs can be stand-alone programs, or sometimes cookies received from websites without your knowledge. Key loggers are programs that do one simple thing, capture keystrokes in an effort to steal usernames and passwords. Key loggers are very dangerous because an attacker can gain access to personal information, financial information, or even the system itself using the stolen passwords.

Anti-virus software is the best way to prevent your Mac from contracting a virus. Most anti-virus software packages will not only look for viruses, but also worms and Trojan horses. Some will even detect PC viruses, so you won’t spread viruses to your Windows-using friends (if you have any). Firewall software is the best way to protect against worms. Normally, a worm will spread using an open port that is not in use. A firewall will lock up the open ports, so the worm never has a chance to propagate. Spyware and key loggers are harder to detect. To get rid of these, you’ll need an anti-spyware program. Fortunately, at this time, there a very few known spyware programs and key loggers for Mac OS X. However, more will be on the way. It is only a matter of time.

So, how do I keep these nasty things off my Mac? The answer is a very simple and very inexpensive. There are two simple things every Mac user can do. First, run anti-virus software. Second, run a software firewall. Both of these things can be done without investing a single penny in your Mac.

There is a freeware anti-virus program for Mac OS X called ClamXav. You can download it from: http://clamxav.com/ for free. This program will monitor your Mac for viruses, it will detect and remove them, and it has a free update service to make sure your virus definitions are always up to date. If ClamXav does not suit your needs, there are several commercial Mac anti-virus software packages including: Norton Anti-virus for Mac (http://symantec.com/home_homeoffice/products/overview.jsp?pcid=ma&pvid=nav10mac ) and Intego Virus Barrier (http://www.intego.com/virusbarrier/). The difference between the free and commercial anti-virus programs is not in the protection they provide, but in the support you will receive if you run into a problem. Free software does not include telephone support, but there is a web-based Forum. However, any anti-virus is better than no anti-virus.

Likewise, there is a free software firewall included with Mac OS X. All you have to do is turn it on. Simply go into System Preferences, click on the Sharing icon, click on the Firewall tab, and click Start. Once the firewall has been turned on, it will continue to protect your system after restarts. Like the anti-virus software, there are commercial software firewalls available, like Door Stop X (http://www.opendoor.com/doorstop/) and Intego Net Barrier (http://www.intego.com/netbarrier/ ).

At this time, I do not know of any freeware anti-spyware tools for Mac OS X, but there is a really great shareware product called MacScan. You can download a free trial of MacScan at: http://macscan.securemac.com/ and if you like it, it can be purchased for $24.95. There are some other software packages on the market that claim to detect Mac OS X spyware, but MacScan is the first one I’ve seen that does a good job. This is the only one I’m comfortable recommending at this time.

As the Mac popularity continues to increase and more and more Mac haters are born, all Mac users need to take a few steps to protect themselves on the Internet and keep their Macs secure. Running anti-virus software and a software firewall can greatly reduce these threats... and the best part is… it’s free!


















Contact Us | ©1996-2007 MPN LLC.

Who links to macCompanion.com?