Because Mac computers as a whole have always had a smaller slice of the PC market compared with Windows-based PCs, many Mac users have found that switching from a Windows PC to a Mac means a reduction in malware attacks.
But that doesn’t mean that Macs are completely impenetrable. The Flashback Trojan has been in the headlines as of late, with many writers and bloggers using the incident to say, “See! Told ya Macs could get infected.” Apple has already released a patch to address the Flashback Trojan, but that doesn’t mean Mac users can revert to a carefree state of mind when it comes to security.
1. Use the BSD-level ipfw firewall. Mac OS X is, at its core, built on FreeBSD. This powerful UNIX layer offers an equally powerful stateful firewall in the form of ipfw. If you aren’t using ipfw, I’d encourage you to take a long, hard look at starting to use it. It provides a powerful ruleset to give you tremendous control over the types of traffic that are allowed into (and out of) your Mac. To help encourage people to use it, I recently published an article on how to configure ipfw on Mac OS X. (Keep in mind that Mac OS X 10.7 “Lion” prefers pf instead of ipfw. I hope to post an article on that soon as well.)
2. Use the built-in Mac OS X application-level firewall. Mac OS X ships with a pretty GUI for a built-in application-level firewall in System Preferences. I recommend that you turn it on, and select which applications you want to accept incoming connections. Some people have asked, “Why both firewalls?” This is a fair question. The built-in application-level firewall simply allows or denies inbound traffic on a per-application level, but doesn’t — to my knowledge — offer any more granularity than that. Using the built-in application-level firewall in conjunction with the BSD-level ipfw (or pf) firewall gives you the ability to specify which source addresses or networks are allowed to make connections to applications. This means that you can allow iTunes connections at the built-in firewall layer, and then use ipfw (or pf) to only allow connections from your home network subnet.
3. Use an outbound application-level firewall. The built-in Mac OS X firewall in System Preferences only controls inbound traffic. What about outbound traffic? Do you know what processes and applications on your system are communicating with the outside world? I use Little Snitch, which I believe to be an excellent choice in this area. (No, I don’t have any affiliation with Objective Development.) Little Snitch gives you the visibility to know what applications and processes are communicating and on which protocols and ports.
4. Use an account without administrative privileges for day-to-day use. While this won’t thwart all security problems — Flashback.K still works, for example — it’s still a good idea. I also recommend that you only install applications using a separate account with administrative privileges. This forces you to log off, log on as the administrative user, then install your application(s). While this is a bit of a hassle, the security trade-off is, in my opinion, worth it.
5. Disable the opening of “Safe” files. Safari has this feature enabled by default. I recommend that you turn it off, and check to make sure it’s turned off in other applications as well.
6. Use an AV application. Yes, yes, I know — Macs don’t get viruses. Tell that to the 600,000 Macs infected with the Flashback Trojan. And while Flashback isn’t technically a virus, at this point you’re just splitting hairs. I’m using the free Sophos AV Home Edition for the Mac and feel that it is pretty good, but there are numerous others. Find one and use it. (This is a recent addition to my own security strategy.)
7. Stay updated. I encourage you to run Software Update on a regular basis. If you’ve followed the advice of #4, this means you’ll need to log in as an administrator and run Software Update. Make it a point to check regularly.
8. Don’t run the standalone Adobe Flash Player. Instead, I use Google Chrome when Flash is required, which comes with its owned patched version of Adobe Flash that is generally regarded (last time I checked) to be a bit safer than the standalone version of Flash. Yes, this means that I need to switch back and forth between browsers (Safari for day-to-day use, Chrome for Flash use), but this is a task that AppleScript easily solves.
Using these tips, hopefully Mac users will be able to compute safely and prosper.