Skip to main content

Mac security: How to protect your data, and stay malware free

In the past few years, there's been increasing interest in malware targeting Apple Macintosh users. Fake antivirus programs like Mac Defender, and its variants, were spotted about five years ago. Just last year, Mac users were quaking in their boots after the Flashback Trojan appeared to have a huge infection base. The threats are out there, but there are ways to keep your Apple computer safe.

What are the risks?

For years, Apple users have enjoyed little attention from malware creators. This remains true for the most part, especially with the increasing use of affiliate networks – where the bad guys are paid per infection. Since there are still relatively few OS X users compared to Windows, the potential size of a botnet or the money raised from infections is limited.

However, there are reasons to target Mac users. For one, many do not use anti-malware software and may be resting on the platform's security laurels. Why worry about malicious links on websites, or phishing emails if you think your machine is impenetrable?

Bad guys might be interested in Mac users because it's likely they've got disposable income. Consider that the cheapest Apple computer is the Mac Mini, which starts at £500. And that doesn't include the cost of a keyboard, mouse, and monitor.

Macintosh computers are also popular with college students, potentially giving attackers access to a large, captive audience ripe for social engineering attacks. Apple computers are often favoured by media professionals, some of whom are well-paid and have access to high value targets.

Make use of your Mac's defences

Thankfully, your Mac comes with tools to help keep the bad guys out. Firstly, there's the architecture of OS X itself, which (although users don't see it) is hardened against attacks. OS X also sandboxes its apps, similar to iOS, making it harder for an infection to move from one app to the rest of the system.

For more active protection, OS X Mountain Lion (10.8) ships with Gatekeeper, which limits the software that can be installed on your computer. By default, it only allows software from the Mac App Store or apps digitally signed by trusted developers. You can take this up a notch by only allowing software from the App store, or down a notch by allowing software from anywhere to be installed.

Built-in blacklist

Your Mac actually comes with anti-malware functionality built in. A list of blacklisted apps is stored locally on every Mac, and updated daily by Apple. If it detects a malicious download from that list, a dialog will appear warning you of the danger.

In an extremely active malware environment, like Windows, this wouldn't be enough and I'd recommend using a service which can sandbox suspicious applications, or can watch for unusual behaviours. For the Mac, it's a good start.

Despite Apple's mixed record with pushing critical security updates, this basic level of download security can at least defend against the most common, known attacks.

Limit your admin privileges

A good practice is to avoid using an account with Administrator privileges for day-to-day work. Admin accounts allow the user to install and modify files and most Mac accounts have admin privileges by default. Note that each computer requires at least one administrator.

To sequester these powers, simply open System Preferences, click on Users, create a new user and grant that user admin privileges. Then revoke them from your user profile. Now you can use your personal account for browsing the web and living your digital life, and only ever log in as the administrator to make top level changes.

In practice, revoking admin status means entering the username and password of the administrator account when you're installing software, or when software is making changes to your system. This can be irritating, and it definitely detracts from the seamless OS X experience. But it is a simple step towards better security. Also, be sure you don't save the administrator password anywhere on your computer.

Protect your passwords

Speaking of passwords, OS X comes with a great password manager utility built right in. Most users already know that the Keychain app can store passwords, and autocomplete login forms. What they might not know is that it can also generate passwords of varying levels of complexity. Because a recycled password is an insecure password, why not use keychain to generate and store unique passwords for each service that requires one?

Of course, Keychain is only accessible on your Mac. If you're using multiple computers or mobile devices (and let's face it, most of us are), a password service like LastPass can make secure, unique passwords available from any platform.

Encrypt your treasure

Apple's File Vault adds a final layer of protection, encrypting all the information in your home folder. The data is automatically decrypted as needed, and secured with a master password. The sad truth is that if someone wants access to your computer and is willing to put in the effort (perhaps years of effort), they will eventually get in. Keeping your information encrypted ensures that even if your defences fail, your information will still be difficult (if not impossible) to access.

For added protection, you can store all your files on encrypted DMG disk images.

When it fails

Even if you do everything right, it only takes one determined attacker (though this is exceedingly rare) or one simple mistake (this is far too common) to get your computer infested with malware, or to expose your valuable data.

If you find yourself in that unfortunate situation, you have a range of options, from using a piece of third party anti-malware software, to nuking your hard drive and starting anew. The important thing is to take action when disaster strikes, and stay smart to keep from becoming a worst-case scenario.