Macs Get Viruses, Too

By Ryan Faas

June 12, 2009

New malware threats (including the discovery of the first botnet operating on infected Mac OS X machines) are cropping up this year. Luckily, there are lots of tools to help protect your Mac.

Apple’s Get-a-Mac ads (and many longtime Mac users and fans) love to imply that Mac OS X is a far safer and more secure platform than Windows. And there is a ring of truth to that implication. There are far more instances of malware and viruses bogging down Windows PCs than afflict Macs.

But that doesn’t mean Macs are perfectly safe and secure computers -- after all, no computer is completely safe and secure on the Internet.

New malware threats (including the discovery of the first botnet operating on infected Mac OS X machines) are cropping up this year. It’s likely just a sign of things to come as Apple gains market share and visibility.

So Mac users need to understand their options for protecting their systems from malware, network attacks, and other threats.

In this guide, I’ll break down three potential areas of danger – 1) viruses and malware, 2) network attacks, and 3) spam – and details some of best the tools to combat them.

Anti-virus tools

Let’s start with the classic specter of computer security – the virus or malware. The word virus is almost a misnomer these days. There are still some classic versions of viruses that spread from disk to disk, wreaking havoc and deleting files – many from a kid who created a virus because he could.

In truth, however, the bigger threats today are from forms of malware that compromise open network connections to servers over the Internet. These servers can then record personal information (user passwords, keystrokes) and take over a machine in the background.

Often these attacks fall into the categories of Trojan horses that masquerade as some innocuous application or video codec that gets installed by the average user. The most recent Mac threats started in this form as components included in real software packages pirated over the Internet.

Being vigilant about what your install and where it comes from is one way to combat this threat. But for the average Mac user who installs a file to view content on a website, the threat still exists.

Another major virus threat is that of macro viruses--most often associated with Microsoft Office. While Macs are typically not as likely to experience severe damage if they open an infected Office document, they are still capable of experiencing some problems--and of passing the virus on to others.

So every Mac should have some form of anti-virus software. Here are the major options:

ClamXav – ClamXav is a simple open source anti-virus tool that is available for free. It is based on the open source Unix clamav, but sports a Mac-like graphical interface.

ClamXav works pretty well, though its interface is a little clunky and it is generally slow at performing scans. Its big downside is that it offers less automation options than other tools, meaning users must be more pro-active about updating virus definitions (the files anti-virus tools use to detect malware) as well as performing scans. It also doesn’t allow you to scan your entire startup drive, meaning you’ll manually need to select folders to scan.

McAfee VirusScan – McAfee has a long history of developing anti-virus tools and this was at one time bundled with Apple’s .Mac service (the precursor of Mobile Me). McAfee is a decent if not stellar product. It tends to be slower than some of its competition and does show itself to be a product produced from a largely PC-oriented company.

Norton AntiVirus – Like McAfee, Norton develops security and utility tools for both the Windows and the Mac. A while back, Norton’s Mac offerings in both anti-virus and disk utilities were among the best products on the market.

But times change. Norton still produces a compelling product and I’d probably pick it over VirusScan. However, it too suffers from being very obviously a Mac product designed by a predominantly PC-focused company. For businesses that are already invested in other Norton products for managing their PCs, however, it can be an easy addition to an already complete suite (most likely with volume licensing discounts).

Sophos Anti-Virus SBE – Sophos also suffers a bit from being a PC-oriented company, but less than McAfee or Norton do. They produce a simple and lightweight solution for Mac OS X that can be centrally managed very easily.

The downside to Sophos, in my opinion, is less their PC-centric nature than their business-oriented nature and licensing. If you’re a business that has multiple Macs and PCs to protect, Sophos is a great choice (particularly if you’ve got a Windows server – even one in virtualization) to use for central management of both scanning and updating. In fact, for small businesses and/or cross platform businesses that need a simple and effective centralized management option, Sophos is a very good choice.

Intego VirusBarrier – Hands down, the best choice for consumers and for fully Mac-based businesses has to be Intego’s VirusBarrier. The company is entirely Mac focused, provides a solution that is simple, lightweight, and has a very Mac-like feel to it that make it a natural choice for many Mac users.

It also offers centralized management (and integration with Intego’s other security tools) for businesses and schools – though if you have a mix of both Macs and PCs to centrally manage, you might want to opt for Norton or Sophos because of their cross-platform management capabilities (and potentially better pricing due to larger volume purchases).

MacScan – MacScan is an anti-spyware rather than an anti-virus tool. The software is designed for detecting spyware processes and applications (keylogging, remote access, and DNS poisoning tools) that may not fall into the typical categories of viruses.

It also focuses on Internet cookies and similar data gathering tools that are not directly classified as malware. The software compares cookies (small bits of data stored by web browsers to keep track of user data when moving from one web page to another) against a blacklist of known malicious web services.

MacScan is a great complement to other anti-virus and security tools and is especially helpful for Macs commonly used by large numbers of individuals (who might place keyloggers and other malicious tools directly on a Mac rather than remotely).

One final tip, regardless of your anti-virus choice: if you’re running Windows on a Mac (either using boot camp or virtualization tools like Parallels, VMWare Fusion, or Virtual Box) don’t forget that you’ll need anti-virus software on that front too. Norton and Intego both offer Mac/PC protection suites to fill this need in a single product (though in Intego’s case the Windows software is provided by partnering with BitDefender AntiVirus for Windows).

Firewalls

Firewalls come in all shapes and sizes. Some are physical devices that sit between a computer or network and the Internet while others are software installed on individual machines. Regardless of their form, firewalls are designed to protect your computer from unauthorized access via its network/Internet connection.

While hardware firewalls are great for protecting all the computing devices in your home or office, they don’t offer protection for mobile computers that use a variety of public and private wireless networks. For this, software firewalls installed on those computers are needed – particularly on public networks where any computer connected to the same Wi-Fi hotspot can easily see and potentially access any other.

Mac OS X’s Built-in Firewall – Mac OS X has shipped with a built-in firewall based on the Unix ipfw firewall for several years. Leopard introduced an adaptive firewall interface that is extremely easy for users to configure and work with. It doesn’t offer the option to directly configure complex rules (just the ability to allow or deny incoming connections – though you can modify the list of allowed or blocked applications making those connections fairly easily). Advanced users familiar with Unix will also find that ipfw’s full suite of options available from the command line.

While Apple did a good job in crafting a very easy-to-use firewall and one that is generally decent, itss limitations do show, particularly if you need to a firewall for any professional situation. At the very least, however, every Mac user should be using it.

Intego’s NetBarrier – Intego again gets my props for its NetBarrier firewall. NetBarrier is designed to be easy to use (like Leopard’s built-in firewall), but is also designed to offer easy configuration of more complex rules from a Mac-like GUI. It also offers a number of pre-configured settings that can applicable to both home and education/business environments, including rules to block specific types of applications (such as peer-to-peer file sharing sites) and specific types of known threats (such as those posed by spyware).

In addition to being highly configurable and yet very easy to use, NetBarrier is a powerful tool for protecting a Mac. It offers a number of extra features beyond basic filtering of incoming and outgoing connections, including the ability to define specific sets of rules for different locations (home, office, public Wi-Fi, etc), and it shows you how much bandwidth is being used for various types of network access (web, email, iTunes file sharing, etc),

Norton Internet Security Suite – Norton Internet Security is Symantec’s firewall product for both the Mac and Windows. The suite offers a solid solution and integrates with Symantec’s Deepsight blacklist, a global list of Internet addresses associated with various forms of network attack and malware distribution. Like NetBarrier, it also allows you to define different settings based on location.

Like NetBarrier, Norton Internet Security strives to offer powerful firewall rules and protection options in a simple manner that all users can comprehend and manage. The interface isn’t quite as intuitive in my opinion, and it lacks some of the extra features that Intego built into NetBarrier. That said, it is still a powerful solution and offers a few features of its own, including a file guard technology for securing access to files on your hard drive.

DoorStop X– From Open Door Networks. DoorStop X is a firewall that offers a more stripped down interface than either NetBarrier or Norton Internet Security. Instead of being focused on consumer-friendly interface elements and extra features, DoorStop X focuses on simply being a good firewall. It allows a decent set of rules and enables you to easily configure protection for common Mac services (such as web access and file sharing).

The downside is that DoorStop X is not as easy as NetBarrier or Norton to configure for novice computer users. For consumers looking for a very simple solution, this probably makes it a less desirable choice. For power users and technicians wanting something that allows easy configuration of the core features of a firewall without a lot of bells and whistles, this can actually make DoorStopX somewhat more appealing.

IPNetSentryX – IPNetSentryX is a fourth firewall option for Mac OS X. It is a robust tool that operates slightly different from a traditional firewall. Typically, firewalls rely on a fixed set of rules to allow or deny connections (the default rule being to deny everything). IPNetSentryX does offer this, but it’s designed to run in an adaptive fashion, monitoring your network/Internet traffic but not blocking connections unless there is some suspicious activity (either defined by its default settings or by your custom rules).

Although its approach makes for a lightweight and adaptive product (and one which can be used for anything from simple protection to complex bandwidth management), IPNetSentryX’s interface is probably the least user friendly of the firewalls available for Mac OS X. This can be off-putting to many users. However, if you’re a power user or technician and want to leverage a number of complex firewall options, it’s worth checking out.

Who’s There? – A companion product to DoorStop X, Who’s There? isn't a firewall itself, but rather an application that reads firewall logs and provides information and advice about the entries it finds. This can help you fine-tune your firewall settings and better understand how your firewall is protecting (or not protecting) your Mac.

Little Snitch – Like Who’s There?, Little Snitch isn’t a firewall but a useful companion to one. But while Who’s There? and your firewall logs can often inform you easily about incoming connections to your Mac, Little Snitch is focused on the opposite – telling you what applications and services (such as file sharing or iTunes Music Sharing) your Mac is attempting to connect with on network resources or the Internet.

Since some malicious tools (or even legitimate software) installed on your Mac are typically allowed to make outgoing connections through a firewall, being aware of exactly what the software on your Mac is trying to do and who it’s trying to contact can be a great security aid.

Armed with the information that Little Snitch provides, you can craft better firewall rules if needed. You can also use it to turn off unused services (such as file sharing, screen sharing, or even iTunes) that could make your Mac more vulnerable to attack. It even provides a way of simply being aware how people using your Mac are accessing the Internet. All of these make Little Snitch a great Mac security aid.

Anti-spam tools

Most people tend to think of spam as an annoyance that clogs up their inbox and keeps them from getting to really important emails – and that’s certainly true. But spam isn’t just a productivity killer, it can pose a real security threat. Junk emails often load web content that has the potential to impact your computer whether or not you click on a web site referenced in the message.

And often clicking a link in a message will deliver you to some form of malicious website designed to either install malware or use a phishing scheme intended to mine personal information.

The fight against spam can and should take place on multiple levels. Ideally, your mail server will have its own junk mail filtering. Public services like Apple’s Mobile Me, GMail, YahooMail, and Hotmail offer some of the best spam filtering because they handle mail accounts for so many people. But private servers (those run by an Internet provider or private company) may not have such extensive or fine-tuned spam filtering.

Beyond the server level, filtering can take place on your computer. Almost all email applications, including Apple’s Mail and Microsoft’s Entourage (the two most common Mac email clients) include some junk mail filtering options. But you can extend those capabilities with additional anti-spam software, including the following:

SpamSweep – SpamSweep is an application that acts as a middleman between your email client. SpamSweep connects to your mail server, downloads the first 100K of each message, scans them, and then deletes the spam while it’s still on the server (you can control confirmation of what is and isn’t spam). When your mail application connects, it downloads the remaining (good) messages.

SpamSweep uses a combination of blacklist (bad) and whitelist (good) email senders as well as a technique called Bayesian filtering, which analyzes the content of each message to determine how to mark messages. These filters and lists can be trained by marking mail as spam (or not spam) and grows more accurate over time as you use the software.

Overall, SpamSweep is pretty good at making good choices and you can define some overrides to its basic features. On the downside, it does need to sit as a separate program rather than being integrated into your email client and it’s a little disconcerting to have a separate program deleting messages for you. Also, it doesn’t provide any real customized rulemaking options other than training its filters over time.

SpamSieve - SpamSieve may be the best of the anti-spam additions for Mac OS X. While it uses the same filtering techniques as SpamSweep, it does so by integrating with your email client and Mac OS X’s Address Book. It supports a wide range of clients, including the most common Mail, Entourage, Eudora and Thunderbird.

So you don’t need to launch a separate application to confirm the software’s spam/not spam decisions. It also means your email is still managed by your email application. The support for Address Book (and contacts in Entourage) is a nice way of ensuring anyone you actually know will be able to reach you.

SpamSieve does offer its own separate application as well. This is used to configure filters (and quite a bit of configuration is supported) and training process. It also allows you to configure mail notifications and other points of integration with your email client. Perhaps most importantly, SpamSieve does an impressive job of accurately filtering spam.

Intego Antispam - Intego’s offering in antispam category, appropriately named Personal Antispam, is another good choice. It integrates with either Mail or Entourage and can integrate with Address Book for trusting contacts. Although this is a more limited set of email clients than other tools, it does cover most Mac users.

As with their other tools, Intego has put an effort into making Antispam very user friendly. Beyond just being user-friendly, it offers the ability to customize filtering and offers filtering options beyond just blacklist/whitelist and Bayesian filtering options in other tools. You can also filter based on types of attachments or portions of web site addresses noted in an email. This provides additional capabilities. A particularly nice feature is that not only can you configure each type of filter, you can also opt to use all or only some of them.

Personal Antispam enables you to export spam rules as files for installation directly on other Macs running the software. It also offers usage reports and graphs, helping you see the percentage of spam being filtered as well as the types. Overall, this is another great product from Intego.

Mac security software: more information

While keeping your Mac secure is about finding the right mix of tools for your needs (and your level of comfort with technology), equally important is keeping those tools updated and understanding how to use them effectively. Whichever tools you choose, be sure to read and understand the documentation.

And remember, security doesn’t stop with the introductory guide. The following websites provide additional information and tips for Mac security:

Article courtesy of Datamation.

Originally published on .

Comment and Contribute
(Maximum characters: 1200). You have
characters left.