Apple OS X and Risk Reduction

Some of the confidence Mac users have in the security of their chosen operating system derives from over-reliance on proactive patching. This outbreak highlights the need to be aware that patching of known vulnerabilities in system software or applications is not necessarily prompt enough to forestall attacks based on known or unknown vulnerabilities. In fact, there’s now a small blogging sub-industry dedicated to offering tips on making Macs more secure, which is something of an encouraging development. Here are a few very basic suggestions.

  • You wouldn’t expect someone who derives much of his income from the anti-virus industry not to recommend the use of security software. It is a fact, though, that most of the proactive intelligence made public on this outbreak has come from the AV industry, and while much of the remediation offered by security products has been to a greater or lesser extent reactive, it’s probable that their continuing impact would have been much less dramatic if more Mac users actually used industrial-strength security products. Open source anti-virus products don’t generally exchange samples and information in the way that commercial vendors do.
  • Irrespective of platform, computer users can lessen the impact of many threats by ensuring that they don’t routinely run as a privileged user (kudos to Apple for – sometimes – encouraging users to create a non-privileged account, though you’re also reliant on your operating system provider to ensure that system utilities are also cautious with the use of privileged access). But they also need to recognize that saying yes and entering the administrator password every time a program wants to install something is no safer than running with full privileges. While there’s an awful lot of 0-day and 1-day exploitation around on major platforms, social engineering hasn’t gone away.
  • Disable stuff you don’t need. If this includes common trouble spots like Java and Flash Player, all the better. If you do need them, all the more reason to ensure that you can get updates as soon as they’re available. Install updates as soon as the “updates available” prompt appears, and configure daily checks, not weekly or monthly. And, wherever practical, set up third-party applications to check for updates as often as possible. In general, software providers put the most effort into maintaining their latest products, so while it may be expensive to keep upgrading products, it’s worth considering. Where the upgrade doesn’t entail financial outlay (such as the upgrade to Adobe Reader X) it’s a no-brainer. Though I don’t like products that suggest you might want to disable your antivirus while installing. Not least because it conditions people into doing so for less benevolent installations.

Surely it’s not beyond the wit of a major software provider to cooperate with security vendors to ensure that in normal circumstances, their products won’t trigger an anti-virus alert or action?

Meanwhile, as there's quite a lot of Mac action taking place at the moment, I'm putting in more effort than I do generally to maintaining up-to-date information at Mac Virus. Here are a couple of recent articles you might find of interest:

 

What’s Hot on Infosecurity Magazine?