Apple’s Get-a-Mac ads (and many longtime Mac users and fans) love to
imply that Mac OS X is a far safer and more secure platform than
Windows. And there is a ring of truth to that implication. There are far
more instances of malware and viruses bogging down Windows PCs than
afflict Macs.
But that doesn’t mean Macs are perfectly safe and secure computers --
after all, no computer is completely safe and secure on the Internet.
New malware threats (including the discovery of the first botnet
operating on infected Mac OS X machines) are cropping up this year.
It’s likely just a sign of things to come as
Apple gains market share
and visibility.
So Mac users need to understand their options for protecting their systems from malware, network attacks, and other threats.
In this guide, I’ll break down three potential areas of danger –
1) viruses and malware, 2) network attacks, and 3) spam – and details some of best the tools to combat them.
Anti-virus tools
Let’s start with the classic specter of computer
security
– the virus or malware. The word virus is almost a misnomer these days.
There are still some classic versions of viruses that spread from disk
to disk, wreaking havoc and deleting files – many from a kid who created
a virus because he could.
In truth, however, the bigger threats today are from forms of malware
that compromise open network connections to servers over the Internet.
These servers can then record personal information (user passwords,
keystrokes) and take over a machine in the background.
Often these attacks fall into the categories of Trojan horses that
masquerade as some innocuous application or video codec that gets
installed by the average user. The most recent Mac threats started in
this form as components included in real software packages pirated over
the Internet.
Being vigilant about what your install and where it comes from is one
way to combat this threat. But for the average Mac user who installs a
file to view content on a website, the threat still exists.
Another major virus threat is that of macro viruses--most often
associated with Microsoft Office. While Macs are typically not as likely
to experience severe damage if they open an infected Office document,
they are still capable of experiencing some problems--and of passing the
virus on to others.
So every Mac should have some form of anti-virus software. Here are the major options:
ClamXav – ClamXav is a simple
open source anti-virus tool that is available for free. It is based on
the open source Unix clamav, but sports a Mac-like graphical interface.
ClamXav works pretty well, though its interface is a little clunky
and it is generally slow at performing scans. Its big downside is that
it offers less automation options than other tools, meaning users must
be more pro-active about updating virus definitions (the files
anti-virus tools use to detect malware) as well as performing scans. It
also doesn’t allow you to scan your entire startup drive, meaning you’ll
manually need to select folders to scan.
unsecured loans
McAfee VirusScan
– McAfee has a long history of developing anti-virus tools and this was
at one time bundled with Apple’s .Mac service (the precursor of Mobile
Me). McAfee is a decent if not stellar product. It tends to be slower
than some of its competition and does show itself to be a product
produced from a largely PC-oriented company.
Norton AntiVirus
– Like McAfee, Norton develops security and utility tools for both the
Windows and the Mac. A while back, Norton’s Mac offerings in both
anti-virus and disk utilities were among the best products on the
market.
But times change. Norton still produces a compelling product and I’d
probably pick it over VirusScan. However, it too suffers from being very
obviously a Mac product designed by a predominantly PC-focused company.
For businesses that are already invested in other Norton products for
managing their PCs, however, it can be an easy addition to an already
complete suite (most likely with volume licensing discounts).
Sophos Anti-Virus SBE
– Sophos also suffers a bit from being a PC-oriented company, but less
than McAfee or Norton do. They produce a simple and lightweight solution
for Mac OS X that can be centrally managed very easily.
The downside to Sophos, in my opinion, is less their PC-centric
nature than their business-oriented nature and licensing. If you’re a
business that has multiple Macs and PCs to protect, Sophos is a great
choice (particularly if you’ve got a Windows server – even one in
virtualization) to use for central management of both scanning and
updating. In fact, for small businesses and/or
cross platform businesses that need a simple and effective centralized management option, Sophos is a very good choice.
Intego VirusBarrier
– Hands down, the best choice for consumers and for fully Mac-based
businesses has to be Intego’s VirusBarrier. The company is entirely Mac
focused, provides a solution that is simple, lightweight, and has a very
Mac-like feel to it that make it a natural choice for many Mac users.
It also offers centralized management (and integration with Intego’s
other security tools) for businesses and schools – though if you have a
mix of both Macs and PCs to centrally manage, you might want to opt for
Norton or Sophos because of their cross-platform management capabilities
(and potentially better pricing due to larger volume purchases).
MacScan – MacScan is an
anti-spyware rather than an anti-virus tool. The software is designed
for detecting spyware processes and applications (keylogging, remote
access, and DNS poisoning tools) that may not fall into the typical
categories of viruses.
It also focuses on Internet cookies and similar data gathering tools
that are not directly classified as malware. The software compares
cookies (small bits of data stored by web browsers to keep track of user
data when moving from one web page to another) against a blacklist of
known malicious web services.
MacScan is a great complement to other anti-virus and security tools
and is especially helpful for Macs commonly used by large numbers of
individuals (who might place keyloggers and other malicious tools
directly on a Mac rather than remotely).
One final tip, regardless of your anti-virus choice: if you’re running Windows on a Mac (either using boot camp or
virtualization
tools like Parallels, VMWare Fusion, or Virtual Box) don’t forget that
you’ll need anti-virus software on that front too. Norton and Intego
both offer
Mac/PC protection suites to fill this need in a single
product (though in Intego’s case the Windows software is provided by
partnering with BitDefender AntiVirus for Windows).
Firewalls
Firewalls come in all shapes and sizes. Some are physical devices
that sit between a computer or network and the Internet while others are
software installed on individual machines. Regardless of their form,
firewalls are designed to protect your computer from unauthorized access
via its network/Internet connection.
While hardware firewalls are great for protecting all the computing
devices in your home or office, they don’t offer protection for mobile
computers that use a variety of public and private wireless networks.
For this, software firewalls installed on those computers are needed –
particularly on public networks where any computer connected to the same
Wi-Fi hotspot can easily see and potentially access any other.
Mac OS X’s Built-in Firewall – Mac OS X has shipped with a built-in
firewall based on the Unix ipfw firewall for several years. Leopard
introduced an adaptive firewall interface that is extremely easy for
users to configure and work with. It doesn’t offer the option to
directly configure complex rules (just the ability to allow or deny
incoming connections – though you can modify the list of allowed or
blocked applications making those connections fairly easily). Advanced
users familiar with Unix will also find that ipfw’s full suite of
options available from the command line.
While
Apple did a good job in crafting a very easy-to-use firewall
and one that is generally decent, itss limitations do show, particularly
if you need to a firewall for any professional situation. At the very
least, however, every Mac user should be using it.
Intego’s NetBarrier –
Intego again gets my props for its NetBarrier firewall. NetBarrier is
designed to be easy to use (like Leopard’s built-in firewall), but is
also designed to offer easy configuration of more complex rules from a
Mac-like GUI. It also offers a number of pre-configured settings that
can applicable to both home and education/business environments,
including rules to block specific types of applications (such as
peer-to-peer file sharing sites) and specific types of known threats
(such as those posed by spyware).
In addition to being highly configurable and yet very easy to use,
NetBarrier is a powerful tool for protecting a Mac. It offers a number
of extra features beyond basic filtering of incoming and outgoing
connections, including the ability to define specific sets of rules for
different locations (home, office, public Wi-Fi, etc), and it shows you
how much bandwidth is being used for various types of network access
(web, email, iTunes file sharing, etc),
Norton Internet Security Suite
– Norton Internet Security is Symantec’s firewall product for both the
Mac and Windows. The suite offers a solid solution and integrates with
Symantec’s Deepsight blacklist, a global list of
Internet addresses
associated with various forms of network attack and malware
distribution. Like NetBarrier, it also allows you to define different
settings based on location.
Like NetBarrier, Norton Internet Security strives to offer powerful
firewall rules and protection options in a simple manner that all users
can comprehend and manage. The interface isn’t quite as intuitive in my
opinion, and it lacks some of the extra features that Intego built into
NetBarrier. That said, it is still a powerful solution and offers a few
features of its own, including a file guard technology for securing
access to files on your hard drive.
DoorStop X– From Open
Door Networks. DoorStop X is a firewall that offers a more stripped
down interface than either NetBarrier or Norton Internet Security.
Instead of being focused on consumer-friendly interface elements and
extra features, DoorStop X focuses on simply being a good firewall. It
allows a decent set of rules and enables you to easily configure
protection for common Mac services (such as web access and file
sharing).
The downside is that DoorStop X is not as easy as NetBarrier or
Norton to configure for novice computer users. For consumers looking for
a very simple solution, this probably makes it a less desirable choice.
For power users and technicians wanting something that allows easy
configuration of the core features of a firewall without a lot of bells
and whistles, this can actually make DoorStopX somewhat more appealing.
IPNetSentryX
– IPNetSentryX is a fourth firewall option for Mac OS X. It is a robust
tool that operates slightly different from a traditional firewall.
Typically, firewalls rely on a fixed set of rules to allow or deny
connections (the default rule being to deny everything). IPNetSentryX
does offer this, but it’s designed to run in an adaptive fashion,
monitoring your network/Internet traffic but not blocking connections
unless there is some suspicious activity (either defined by its default
settings or by your custom rules).
Although its approach makes for a lightweight and adaptive product
(and one which can be used for anything from simple protection to
complex bandwidth management), IPNetSentryX’s interface is probably the
least user friendly of the firewalls available for Mac OS X. This can be
off-putting to many users. However, if you’re a power user or
technician and want to leverage a number of complex firewall options,
it’s worth checking out.
Who’s There? – A
companion product to DoorStop X, Who’s There? isn't a firewall itself,
but rather an application that reads firewall logs and provides
information and advice about the entries it finds. This can help you
fine-tune your firewall settings and better understand how your firewall
is protecting (or not protecting) your Mac.
Little Snitch
– Like Who’s There?, Little Snitch isn’t a firewall but a useful
companion to one. But while Who’s There? and your firewall logs can
often inform you easily about incoming connections to your Mac, Little
Snitch is focused on the opposite – telling you what applications and
services (such as file sharing or iTunes Music Sharing) your Mac is
attempting to connect with on network resources or the Internet.
Since some malicious tools (or even legitimate software) installed on
your Mac are typically allowed to make outgoing connections through a
firewall, being aware of exactly what the software on your Mac is trying
to do and who it’s trying to contact can be a great security aid.
Armed with the information that Little Snitch provides, you can craft
better firewall rules if needed. You can also use it to turn off unused
services (such as file sharing, screen sharing, or even iTunes) that
could make your Mac more vulnerable to attack. It even provides a way of
simply being aware how people using your Mac are accessing the
Internet. All of these make Little Snitch a great Mac security aid.
Anti-spam tools
Most people tend to think of spam as an annoyance that clogs up their
inbox and keeps them from getting to really important emails – and
that’s certainly true. But spam isn’t just a
productivity
killer, it can pose a real security threat. Junk emails often load web
content that has the potential to impact your computer whether or not
you click on a web site referenced in the message.
And often clicking a link in a message will deliver you to some form
of malicious website designed to either install malware or use a
phishing scheme intended to mine personal information.
The fight against spam can and should take place on multiple levels.
Ideally, your mail server will have its own junk mail filtering. Public
services like Apple’s Mobile Me, GMail, YahooMail, and Hotmail offer
some of the best spam filtering because they handle mail accounts for so
many people. But private servers (those run by an Internet provider or
private company) may not have such extensive or fine-tuned spam
filtering.
Beyond the server level, filtering can take place on your computer.
Almost all email applications, including Apple’s Mail and Microsoft’s
Entourage (the two most common Mac email clients) include some junk mail
filtering options. But you can extend those capabilities with
additional anti-spam software, including the following:
SpamSweep –
SpamSweep is an application that acts as a middleman between your email
client. SpamSweep connects to your mail server, downloads the first 100K
of each message, scans them, and then deletes the spam while it’s still
on the server (you can control confirmation of what is and isn’t spam).
When your mail application connects, it downloads the remaining (good)
messages.
SpamSweep uses a combination of blacklist (bad) and whitelist (good)
email senders as well as a technique called Bayesian filtering, which
analyzes the content of each message to determine how to mark messages.
These filters and lists can be trained by marking mail as spam (or not
spam) and grows more accurate over time as you use the software.
Overall, SpamSweep is pretty good at making good choices and you can
define some overrides to its basic features. On the downside, it does
need to sit as a separate program rather than being integrated into your
email client and it’s a little disconcerting to have a separate program
deleting messages for you. Also, it doesn’t provide any real customized
rulemaking options other than training its filters over time.
SpamSieve - SpamSieve
may be the best of the anti-spam additions for Mac OS X. While it uses
the same filtering techniques as SpamSweep, it does so by integrating
with your email client and Mac OS X’s Address Book. It supports a wide
range of clients, including the most common Mail, Entourage, Eudora and
Thunderbird.
bad credit loans
So you don’t need to launch a separate application to confirm the
software’s spam/not spam decisions. It also means your email is still
managed by your email application. The
support for Address Book (and contacts in Entourage) is a nice way of ensuring anyone you actually know will be able to reach you.
SpamSieve does offer its own separate application as well. This is
used to configure filters (and quite a bit of configuration is
supported) and training process. It also allows you to configure mail
notifications and other points of integration with your email client.
Perhaps most importantly, SpamSieve does an impressive job of accurately
filtering spam.
Intego Antispam
- Intego’s offering in antispam category, appropriately named Personal
Antispam, is another good choice. It integrates with either Mail or
Entourage and can integrate with Address Book for trusting contacts.
Although this is a more limited set of email clients than other tools,
it does cover most Mac users.
As with their other tools, Intego has put an effort into making
Antispam very user friendly. Beyond just being user-friendly, it offers
the ability to customize filtering and offers filtering options beyond
just blacklist/whitelist and Bayesian filtering options in other tools.
You can also filter based on types of attachments or portions of web
site addresses noted in an email. This provides additional capabilities.
A particularly nice feature is that not only can you configure each
type of filter, you can also opt to use all or only some of them.
Personal Antispam enables you to export spam rules as files for
installation directly on other Macs running the software. It also offers
usage reports and graphs, helping you see the percentage of spam being
filtered as well as the types. Overall, this is another great product
from Intego.
Mac security software: more information
While keeping your Mac secure is about finding the right mix of tools
for your needs (and your level of comfort with technology), equally
important is keeping those tools updated and understanding how to use
them effectively. Whichever tools you choose, be sure to read and
understand the documentation.
Well it does!!!