( Photo by: Leif Martin Kirknes, Computerworld Norway)
Many users are under the dangerous misapprehension that Mac OSX is an inherently more secure operating system than any other out there, especially Windows. But while Windows was for many years the target of cybercriminals, and certainly did itself no favours early on in terms of security, there’s little evidence to suggest that Macs were actually more hardened to attacks.
It’s more a question of economics – even five years ago there simply weren’t enough Mac users to warrant the bad guys writing specific malware targeting the platform. The bad news for Apple is that things are changing.
Driven by Apple’s success in the smartphone and tablet markets with the iPhone and iPad, Mac OS user numbers have reached a tipping point where cybercriminals are beginning to take notice. Already in 2011, we saw the fake antivirus Mac Defender campaign and just last month some sophisticated advanced persistent threats targeting Mac computers in pro-Tibet organisations were uncovered.
So what should you do to protect your machine? Well, the good news is that it’s not rocket science, and the attacks seen so far, from MacDefender to the hugely successful Flashback attacks, have not used any techniques we’ve not already seen employed to infect PC users. With that in mind then, you should:
1) Always keep up-to-date with patches.
Unfortunately, Apple has been criticised for being slow at addressing security vulnerabilities – it took the firm six weeks after Microsoft , Oracle, and Adobe released theirs to launch a fix for the known vulnerability exploited by Flashback. This makes it even more important to patch as soon as one becomes available.
2) Use third-party, cloud-based protection.
Apple’s in-built security software is very basic, checking for known malicious files alone will not protect users from the more sophisticated threats including zero day vulnerabilities, which haven’t been seen in the wild before. For this reason it’s important to go with a third party security supplier who offers a cloud-based threat protection service that can block threats dynamically, before they reach your machine, using reputation and behavioural detection methods as well as traditional file signature techniques.
3) Be alert.
It sounds obvious but don’t believe the hype and think that having a Mac makes you impervious to attack. As we’ve seen more and more recently, the bad guys are targeting Mac users. Don’t be caught out.
Ric Ferguson works for Trend Micro and writes a blog called CounterMeasures. The opinions expressed here are his own.
NOTE: New Trend Micro customers can get a 6-month complimentary* copy of Trend Micro(tm) Smart Surfing for Mac, by visiting the Facebook Security – AV Marketplace or just “liking” the Trend Micro Fearless Web Facebook community.
* = Offer available only in U.S., Canada, U.K., Australia , and New Zealand at this time. Check back for additional countries in the coming months.