PDA

View Full Version : How to protect your mac?



designers_hub
5th November 2004, 07:14 PM
Hello,

I have just gotton my first mac with Mac OS X 10.3 (loving it). I love the fact that i feel peace of mind about security, gotten so much work done.

But theres got to be some viruses (right???), it can't be a prefect system.

So far I have Virtex 7.2, the Mac OS X firewall running and never store passwords in the keylogger. That should take care of viruses and hackers.

But what about spyware and adaware? Whats a good program? i've looked at macscan (http://macscan.securemac.com/) and they look pretty good, still waiting for the new version to release. Any other suggestions?

Will windows spyware affect mac?

What are all the nesscessary steps i should take when using a mac? I'm a security fanatic and being use to a windows machine thats important.

I do very important things like netbank, ebay etc so i need to be very safe.

any hints?

btw. how do i turn off keylogger completely?

thanks!

adamjc
5th November 2004, 07:19 PM
Glad you started this thread, i am very interested in this as well.

Everyone says how secure and safe mac's are but, surely there has to be something that can affect i.e. spyware and adaware?

Currawong
5th November 2004, 07:43 PM
The main, and pretty much only thing is, weak passwords. There's no adware or spyware, though I think there are a couple of programs that, intentionally record keystrokes. There is a program that can detect such programs too.

The potential for things such as spyware is very small in OSX, as you have to type an administrator password to change anything in the system, whereas in Windows you don't need to.

Also, there's a thread on the recent "trojan" for Mac OS X here (http://forums.appletalk.com.au/index.php?showtopic=2145).

There's a headline that links to an article (http://www.macdailynews.com/comments.php?id=P3775_0_1_0) where the NSA in the USA produced a paper on securing Mac OS X.

decryption
5th November 2004, 09:26 PM
Windows spyware *does not* effect Macintosh systems. Because of:
A) The CPU architecture is PowerPC, not x86. You can't run "Windows" code on a Mac.
and B ) You aren't using Internet Explorer.

macmate
5th November 2004, 10:14 PM
After finishing a course today that covered a lot of this i have to say that Mac OS X is very well thought out. keystrokers are a worry but so install anything they need a password. and without admin privledges you can't even install into the applicationa folder let alone the system/library folder. So the message is to keep your passwords a secret and dont make them to easy to guess.

there is a trojan around but it has to be installed by someone with admin privs so as long as you only install things you know then you will be all good.

kristian
5th November 2004, 11:14 PM
I'll say install this shareware called Little Snitch. It prevents applications from making unauthorised connections from your Mac.

And keep your password safe, create another non-admin account if you have to share your Mac with someone else.

elvis
6th November 2004, 06:44 AM
Originally posted by designers_hub@Nov 5 2004, 07:14 PM
But theres got to be some viruses (right???), it can't be a prefect system.
"Go to be"? No, there doesn't.

As already mentioned, Windows viruses, malware, spyware and all that other rubbish will not affect Mac. Their core architecture (sofware and hardware) are completely different. If someone sends you an email bound virus from a Windows box, your Mac simply just doesn't care.

The only applications on Mac susceptible to viruses are (wait for it) Microsoft Office. MS Office uses a scrpiting tool which stupidly enough grants scripts the rights to do things like check your address book, and delete documents. How clever of Microsoft. Basically speaking, if you don't run any Microsoft software on you're Mac, you're safe.

Why is that? MacOSX is based on BSD (Berkley Software Distribution). BSD is a UNIX-like operating system. It does some smart things like separate user space and program space memory, and more importantly not grant the average user access to any system-level file manipulation by default.

Non-geek-speak: viruses have no power on a Mac. They'll hit the OS and the OS will simply refuse entry. If you install an application on Mac you're always asked for your password. Why is that? So that you can be granted temporary rights to install software.

Technically speaking, people could embed malcious code into nice looking software. The same has beeen happening on Windows for years. There have been rumours and concept applications, but never the real deal as yet. These aren't considered a virus, but rather the aptly named "trojan horse" (You all know your Homer, I hope).

As always, be aware of what you install. Install only trusted applications. Don't go hunting through version tracker and install every single piece of useless software you come across.

Husq
6th November 2004, 07:43 AM
Something I have not been able to find is how easy it is to have your mac hacked. On my windows machine I have norton antivirus and internet security running at all times, and sometimes get port scan attempts every 5-10 minutes.

As there aren't any trojans for the mac at the moment, is there any way a mac can get hacked with the default firewall enabled?

I guess I am a little paranoid coming from a windows background running the default firewall with no antivirus currently enabled. We all know how effective the windows default firewall is.

kim jong il
6th November 2004, 10:47 AM
My advice is check out one/multiple windows security/port scan sites. The most common result for a Mac is "all ports stealthed: your computer has chosen to be invisible to the outside world. This is actually pretty cool" It'll actually say more or less this believe it or not.

Try it.

internet
6th November 2004, 03:01 PM
bleh, client firewalls suck

put your mac behind a decent firewall device and don't allow any incoming except for what you want (22, 80 in my case)

designers_hub
6th November 2004, 03:14 PM
ahh ok,

wel i feel alot better now.

But, how do you make sure that there are not viruses, trojans or spyware in software? I sometimes download freeware software off the net e.g. azureus. is there a scanner to delete these items?

also when you uninstall software, how do you make sure that al of it is gone? I know that programs usually install a file into the perference files, which isn't a problem, but where else?

I have Virex running (havn't picked up anything yet YAH), but its funny, when i download a file off the net does Virex automatically scan it?

In safari how do i know its a secure connection? eg. netbank, how do i know that its secure? in IE you got the lock, but i don't see one in safari?

btw. thanks for all the advice!

mjankor
6th November 2004, 03:34 PM
The best way to keep tabs on the health of OS X security is to regularly visit a few sites or keep your virus check up to date.

Sites I'd recommend are
http://www.macobserver.com
http://www.xlr8yourmac.com
http://www.macnn.com
http://www.macsurfer.com

Often the sites get news before anywhere else as it's posted in by readers.

Also at the moment there are about 3 "threats" for Mac OS X
A concept virus built by Integro (Anti virus company, yeah explain that one) Never seen in wild
Opener/Renopo - a rootkit found on macunderground. Not able to spread though it has been found on a couple of machines. It requires your computer to be compromised in the first place. (can't be installed without admin password)
A trojan posing as Office 2004 installer found on P2P networks.

Generally you should use an OS X machine the way you'd use any machine.

Use good passwords.
Keep your firewall on if you can.
Keep up to date with what's happening.
If you run AV software keep it up to date.

Sit back, relax and enjoy the freedom.

mjankor
6th November 2004, 03:53 PM
Originally posted by designers_hub@Nov 6 2004, 02:44 PM
ahh ok,

wel i feel alot better now.

But, how do you make sure that there are not viruses, trojans or spyware in software? I sometimes download freeware software off the net e.g. azureus. is there a scanner to delete these items?

also when you uninstall software, how do you make sure that al of it is gone? I know that programs usually install a file into the perference files, which isn't a problem, but where else?

I have Virex running (havn't picked up anything yet YAH), but its funny, when i download a file off the net does Virex automatically scan it?

In safari how do i know its a secure connection? eg. netbank, how do i know that its secure? in IE you got the lock, but i don't see one in safari?

btw. thanks for all the advice!
But, how do you make sure that there are not viruses, trojans or spyware in software? I sometimes download freeware software off the net e.g. azureus. is there a scanner to delete these items?

1) No: because there is only one case of a trojan in Mac P2P downloads, An Office 2004 installer trojan. Also most software isn't very threatening unless it requires admin privileges. If you have an uncertain program and it's just asked you for your admin password then proceed with caution.

2) Almost all software should be self contained in a folder or package. There are some exceptions Almost all programs create preference files (basically text documents with your settings) in your username/library/preferences folder. Some also create some files in the Application Support folder (username/library/Application Support) These files are there so that if you delete the program and reinstall, your preferences will remain. They are harmless and are only opened when the program is run (like .ini files in windows). The other exception is programs such as VPC that install stuff like drivers into the system. Very few programs do this, Kismac and VPC are the two that I know. If they do and it concerns you then look at the install log when a program is installed. It will tell you where everything is placed.

3) You'd have to look at Virex's preferences. It should allow you to configure that sort of stuff.

4) In Safari I beleive a lock should appear on the right side of the title bar of your browser window if you are visiting a secure site.

Ozi
6th November 2004, 03:57 PM
heres my top-right corner when visiting my internet banking with the National Australia Bank.

macmate
6th November 2004, 03:58 PM
Originally posted by Husq@Nov 6 2004, 07:43 AM
Something I have not been able to find is how easy it is to have your mac hacked. On my windows machine I have norton antivirus and internet security running at all times, and sometimes get port scan attempts every 5-10 minutes.

As there aren't any trojans for the mac at the moment, is there any way a mac can get hacked with the default firewall enabled?

I guess I am a little paranoid coming from a windows background running the default firewall with no antivirus currently enabled. We all know how effective the windows default firewall is.
this should answer everything.

windows by default has most ports open. hence when SP2 was released with the firewall on by default lots of things fell over. (they used the ports that were open.

the apples are different. everything is blocked, when you turn on a service the port is then opened. applications request core services to turn a port on for them.

therefore you have nothing to worry about unless you have an admin password that is dead easy to hack.

Ric

pipsqeek
6th November 2004, 09:47 PM
The best way I found to get rid of an application I no longer want is to open a window such as your hard drive directory or something, and type in the name of the app in the search field at the top right. All relevant files should pop up. When they do, delete them.

Its gone, and no need for restarting.

Feel free to open those nasty spam emails you get sometimes too. Whatever is in them will most likely not work on the mac. So I open them to see what that .zip file actually has in it.

I do run virus software, only cause I transfer alot of files to and from PC's, at home, TAFE, and mates places. The latter being most important as I am usually the one they call for help. Which reminds me of last night. My mates woman tells me, I think I have another virus. I type somethin on the keyboard and the characters are all over the place. before I even turned it on. I checked the keyboard connection. wasn't plugged in all the way. HAHA.

That's just an example of what I deal with.


pipsqeek

elvis
7th November 2004, 08:16 AM
Originally posted by internet@Nov 6 2004, 03:01 PM
bleh, client firewalls suck

put your mac behind a decent firewall device and don't allow any incoming except for what you want (22, 80 in my case)
The Apple "client firewall" is your standard BSD ipfw firewall. The same one used in CISCO PIX and other commercial firewall products.

To users on Windows boxes I'd certainly recommend they use a standalone firewall somewhere else on the network. For Mac and Linux users, the standard firewalls on their systems are good enough.

And once again, no matter how good your OS is, stay up to date with patches, fixes, updates and service packs. Even the best software is still written by people, and people still do make mistakes.

Currawong
7th November 2004, 09:27 AM
Originally posted by mjankor@Nov 6 2004, 03:53 PM
But, how do you make sure that there are not viruses, trojans or spyware in software? I sometimes download freeware software off the net e.g. azureus. is there a scanner to delete these items?
Ultimately, you can't be 100% sure. There was a programmer who got the shits with people sharing serial numbers for one of his apps, and released, very briefly, a version that deletes the users' home folder if the pirated serial number was inserted.

There have been the odd cases of programs being created that were really trojans. They turn up once every few years. The Mac community was well notified about it and copies removed from mirrors that hosted it.

It's rather like when driving, when the lights go green and you start moving, you can't be 100% sure that some complete nutcase isn't heading towards the intersection in the opposing direction at 100kmh trying to beat a red light.

However, what you can do is, if a piece of software interests you, check the feedback from users on Versiontracker (http://versiontracker.com) and MacUpdate (http://macupdate.com) as you'll quickly determine if the software is any good by the feedback it has received.

internet
7th November 2004, 08:09 PM
Originally posted by elvis@Nov 7 2004, 08:16 AM
The Apple "client firewall" is your standard BSD ipfw firewall. The same one used in CISCO PIX and other commercial firewall products.

To users on Windows boxes I'd certainly recommend they use a standalone firewall somewhere else on the network. For Mac and Linux users, the standard firewalls on their systems are good enough.

And once again, no matter how good your OS is, stay up to date with patches, fixes, updates and service packs. Even the best software is still written by people, and people still do make mistakes.
PIX IOS is a lot more than just BSD code, especially when we're talking about FWSM ;) but your point is very valid and true.. the inbuilt "firewalls" are very reasonable :)

keep it all patched and tight, then your alright.. don't run services you don't need

i'm always worried about exploits for things like SSH (sshd version OpenSSH_3.6.1p1+CAN-2004-0175) on my mac being vulnerable, and apple not releasing a patch fast enough... but they seem to do a reasonable job

elvis
9th November 2004, 06:57 AM
Originally posted by internet@Nov 7 2004, 08:09 PM
PIX IOS is a lot more than just BSD code, especially when we're talking about FWSM ;) but your point is very valid and true.. the inbuilt "firewalls" are very reasonable :)
Essentially speaking they are all driven by the same core utilities. I know a lot of folks who sing and dance about their $5000 corporate firewalls. That's great for big business, but Mr Single-Mac office with a DSL connection will get by just fine with the MacOSX firewall enabled, and regular updates (which anyone smart would set to daily checking).

I service over 30 small business (and quite a few large ones) around town, and in all have implemented some sort of MacOSX, BSD or Linux firewall (usually on old hardware at less than $100 cost to the client), and all of them are still running fine and free from harm. I would consider that much better than "reasonable", especially when they've spend 1/50th the money getting there.

symean
9th November 2004, 07:08 AM
I work for a distributor of security & anti-virus hardware and software, and I can tell you that the entire network security and anti-virus industry EXISTS only becuase Microsoft exists. If Longhorn suddenly became as secure as OS X, the industry would crash overnight, it would be the equivalent of the dot-com bubble burst back in 2000-2001.

If you're on a Mac, to begin with only 0.001% of viruses even run on a Mac, so you're that much safer just because you're in the minority (and in this case, that's a good thing). Second, use MS Office if you want, but disable Macros when opening documents. Third, if you get an email that you weren't expecting, or you're not sure what it is, just delete it. Even if you're unlucky enough to get a Mac virus, it can't hurt you if you don't open it first (the attachment, that is).

Lastly, feel safe in the fact that even though OS X is one of the safest OSes in the world, Apple still release regular security updates, which are usually a small download.

You have to get your head around this: you don't need to be as paranoid as you were when using a Windows machine :)

gelfie
9th November 2004, 10:14 AM
I was only scanning (ha ha, get it, sca.... ahhh, ahem) the last few of these posts, so I could be mistaken, but I don't think anyone addressed your concerns about removing applications.

In OS X, the file that looks like an application is actually a directory. All of the applications support files, libraries, sounds, images etc etc are located inside this "Bundle".

This means that there are no support files installed anywhere else on your mac. If you want to get rid of the application, delete its bundle and everything associated with it is gone.

The exception are user preferences which are in ~/Library/Preferences, and potentially something in ~/Library/Application Support.

Its a beautifully simple way of doing things.

internet
9th November 2004, 11:14 AM
Originally posted by elvis@Nov 9 2004, 06:57 AM
Essentially speaking they are all driven by the same core utilities. I know a lot of folks who sing and dance about their $5000 corporate firewalls. That's great for big business, but Mr Single-Mac office with a DSL connection will get by just fine with the MacOSX firewall enabled, and regular updates (which anyone smart would set to daily checking).

I service over 30 small business (and quite a few large ones) around town, and in all have implemented some sort of MacOSX, BSD or Linux firewall (usually on old hardware at less than $100 cost to the client), and all of them are still running fine and free from harm. I would consider that much better than "reasonable", especially when they've spend 1/50th the money getting there.
i'm on the other end of the scale to you :D

i implement large scale firewalls like clustered firewall-1's, cisco FWSM modules, pix, etc etc

linux iptables, and os x firewalls are definately suitable for smaller clients, but i've just been brought up within this company to only deal with larger appliance based firewalls :)

elvis
9th November 2004, 05:55 PM
Originally posted by internet@Nov 9 2004, 11:14 AM
i'm on the other end of the scale to you :D

i implement large scale firewalls like clustered firewall-1's, cisco FWSM modules, pix, etc etc

linux iptables, and os x firewalls are definately suitable for smaller clients, but i've just been brought up within this company to only deal with larger appliance based firewalls :)
I've built plenty of large-scale networks. The biggest one spanning 6 different countries on 4 continents serving over 3000 users, 10% roaming, all built from over a quarter million dollars US worth of Cisco gear and a mix of stupidly fast internet connections and several dedicated point to point serial lines using services from SingTel, Qwest and AT&T. I have good friends working for cisco (a few I even went to university with here in Australia) that have added features to routers that I've requested for some of these bigger jobs.

But enough bragging... I don't put a PIX in a 10-man office, and saying to me that the MacOSX "client firewall sucks" shows to me the standard arrogance of IT in this country.

I'm happy that you "only deal with larger appliance based firewalls". That still doesn't help the individual who started the thread about protecting their mac. Or would you suggest they put it behind a PIX at home?

Part of the reason I left my last job was because, while I had the opportunity to play with hardware I could never dream of affording, I also had to deal with attitudes like those above. Elitism has no place in IT, and we as the IT workers have a duty to make sure everyone gets a fair go. Big and small.

</rant>