Six tips to keep your Mac safe in a post-Flashback world
Flashback was a wake-up call for many people to start thinking about Mac security. Here are six simple tips on how to be your own gatekeeper on your Mac.
by Seth Rosenblatt
The Flashback Trojan went viral last week, infecting an estimated 1 percent of OS X computers worldwide. While the infection rate has subsided since then, that doesn't mean Mac owners should return to complacency.
It doesn't mean that there's cause for panic, either. Here are some common sense, effective tips for safeguarding your Mac against more malware.
Get a security suite: You can stop rolling your eyes now. Concerns about security suite performance generally come from the way that most security programs used to tie Windows into knots. While the Windows suites have gotten significantly better, their Mac counterparts have never taken such a harsh collective toll on their host machines.
It's important to have a security suite on your Mac because they block the kind of automatic drive-by downloads that afflict otherwise safe Web sites, and if one does get through, they can warn you when it attempts to install something. Around 70 percent of the top 100 Web sites have inadvertently distributed malware. In the case of Flashback, it actually had a piece of "greener pastures" code written into it that would abort the installation if it detected a security suite. Running a security program is just common sense. You can schedule a once-weekly scan, and have it protect you in the background the rest of the time.
If you're dead-set against running a full suite, at the very least use a browser tool that will check links to make sure they're safe before you load them. AVG LinkScanner (download) is a good place to start.
Lockdown Admin privileges: The default account that you create on your Mac is an Administrator account, which can be leveraged by the bad guys to infect your machine. Simple solution: create a non-Admin account for daily use such as e-mail, browsing, and music and video watching. Jump over to Admin when its necessary.
Stay on top of software updates: Make sure that you let Software Update do its job. Programs are rarely updated on a whim, so make sure that you've got the latest versions because they may contain security fixes. This includes the latest security patches from software makers and Apple itself.
Ditch Adobe Reader if you can: Adobe has been notoriously slow in the past about patching security holes in Reader. They've gotten somewhat better, but why risk it when the latest Macs can handle most PDF-reading tasks on their own. Lion's Preview feature ought to take care of most of your PDF requirements, so if you're running 10.7 or later, you can safely uninstall Adobe's Reader. If you must keep it around, make sure that it's always updated to the latest version.
Get rid of Java and Flash, too: Again, this may not apply to you, especially if you run a program like Adobe's Creative Suite which (I'm fairly certain) relies on Java for some tasks. But if you use your Mac mostly for Web browsing, media, and document creation, and you're a big fan of Apple's own content-creation tools, you can probably uninstall Java and Flash without worry.
It would also mean switching to Google Chrome (download), which is the only browser that comes with Flash built-in. Google updates Chrome regularly, and the browser has earned its reputation alongside Firefox as a safe browser that patches security problems when discovered.
You can disable Java by going to the Applications folder then Utilities, and unchecking the Java version boxes under the General tab.
Take control of your passwords: Unlike Microsoft, Apple helpfully provides a solid password manager called Keychain. As often as possible, use "strong" passwords. This means random multi-word passwords, separated by spaces. If you want to get password syncing for multiple device and machine support, 1Password (download) or LastPass (download) are good places to start.
There are additional tips, such as grabbing a firewall monitor like Little Snitch (download), using the built-in disk encryption tool to protect your data, or following the NSA's tips on 'hardening' your Mac (PDF), but those require way more security firepower than most people require.
People can and do run Macs without paying attention to security, but as we've seen over the past year, attacks centered on Macs are almost certainly going to increase. These tips will help you stay ahead of the bad guys.