1. Inspect files with Get Info Even if an application doesn't automatically launch a potentially malicious application or script, you might still be tricked into manually launching one. The problem, in essence, is that Mac OS X allows any item to carry a custom icon. So a shell script could appear to the user as a .jpg image, a movie or any other type of file. Upon double-clicking the seemingly innocuous files, a shell script is executed, or an application launched that can delete local user files and wreak other account-constrained havoc.
As such, one of the best protective methods you can use (after turning off the option to open "safe" files automatically in Safari) is to inspect any newly obtained downloads before launching them. Click on the newly received download once to select it, then press the Command and I keys simultaneously, or go to the "File" menu in the Finder and select "Get Info."
If the file carries the icon representation of an image or some other file, but shows a different "Kind" in the Get Info window, something isn't right. Avoid launching the file and follow up by obtaining information about the authenticity of the download source.
2. Be stingy with your password Password prompts are frequent in Mac OS X, and most users are conditioned to simply enter their administrator password whenever asked.
Before doing so, however, you should consider the circumstances. For what purpose are you being asked to enter your password? Is because the system is asking permission to install an application? If so, is that application from a trusted source?
If you are asked to enter your password when opening a purported document, be suspicious. You should never be asked to enter your administrator password to open a .jpg file, for instance.
3. Do not operate under an administrator account You should avoid being logged in as an administrator whenever possible. Instead, use a standard user account for daily tasks.
Unfortunately, Mac OS X's installation process gently encourages the user to setup only a single administrator account at first.
If you haven't done so already, go to the "Accounts" pane of System Preferences and click the " " button to add a new account. Check the "Allow user to administer this computer" box.
Next, go back and select your current account (which should be set as administrator) and deselect the "Allow user to administer this computer" option.
Your formerly administrative account will now be standard, and you can switch into our newly created administrator account whenever necessary.
4. Apply the latest updates from Apple Don't let Apple's hard work patching the latest published (and unpublished) vulnerabilities go to waste -- apply the latest Security and iterative Mac OS X updates.
Also note that when you revert to an earlier version of Mac OS X, or to a system state prior to a security update in order to avoid troubleshooting issues, you are sacrificing security refinements,
5. Turn on file extension display Go to the Finder's Preferences (make the Finder the front application, then click the "Finder" menu, and select "Preferences), then click on the Advanced tab. Look for the selection box next to "Show all file extensions" and make sure it is checked.
Doing this will allow you to see if that PDF document you are launching is actually an application.
6. Make sure your virus software does more good than harm If you choose to run antivirus software, make sure you do not have it set to automatically delete files that are deemed malicious.
Recently, one virus tool generated false positives for the "OSX/Inqtana.B worm", invoking users to delete critical application and system files and causing serious issues. In addition, there was a "highly critical" flaw found in Symantec's Norton AntiVirus a few months ago.
It's also a good idea to keep your virus definitions up-to-date. Use your software's built-in update mechanism, or check for updates on our sister site, VersionTracker.
7. Turn on your Firewall Go to the "Sharing" panel of System Preferences and click on the "Firewall" tab. Make sure it is turned on.
Apple has built a tremendous out-of-the-box Firewall solution that should be in use at all times unless disallowed by organization-specific network configuration.
8. Know your source In at least one of the exploit scares discussed in recent weeks, the vector (vehicle of transmission) was a a file posted to a Mac rumors web site, claiming to be pictures of "Mac OS X Leopard" (an upcoming version of Mac OS X.
Always know where an application or document originated before manually downloading. Be wary instant messages from unknown screen names, and use a trusted download source like VersionTracker to verify application authenticity.
9. Set applications not to automatically accept incoming files Even though Apple plugged the "Zero-day exploit" vulnerability -- which implicated Safari's "Open 'Safe' files after downloading' option -- it's still a good idea to turn this option off unless you absolutely need the convenience. You can do so in the "General" pane of Safari's preferences.
The same goes for other applications that can automatically open downloaded files.
For instance, you should iChat to notify the user before accepting a file. This is accomplished by opening iChat's preferences, then clicking the "Messages" tab, and selecting "Confirm before sending files." This is the default setting for a fresh Mac OS X installation.
10. Protect your account Chances are that when you first set up your Mac (or the last time you re-installed Mac OS X), the system was set to automatically log in a user upon startup -- not a good situation from a security standpoint.
To change this setting, open System Preferences and click on the "Accounts" pane. Click "Login Options" (with the picture of a house beside it) from the bottom of the accounts list. Note that you may need to click the lock icon and enter an administrator password first.
Next, uncheck the "Automatically log in as:" box.
Though its rudimentary, you should also set up a screensaver and wake up password in the "Security" pane of System Preferences.
Like what you've found in this tutorial? Get more troubleshooting guidance (updated daily) by subscribing to MacFixIt Pro.