Security Blog

Sophos: Mac Malware Avoidance Tips

Security vendor Sophos has come up with some tips for avoiding Mac malware and scareware, specifically variants of the infamous MacDefender scareware. MacDefender (and its ilk) pop up warnings on a Mac user's screen warning them that their Mac is infected, and urging them to pay a fee to remove the offending viruses from their computer. Of course, the viruses don’t exist: It’s all a scam designed to liberate money from the pockets of users tricked into falling for the scheme.

Sophos security researcher Paul Ducklin explained the current state of Mac malware in a blog post discussing Mac security tips on the Sophos website:

"More Mac scareware appeared overnight, with the cybercrooks following the same sort of strategy which has worked so well on Windows: regularly change the look and feel of the fake anti-virus software; use legitimate-sounding brand names (or steal genuine product names); stick to a price-point between $50 and $100; keep the fear factor high; but keep the core programming very similar so development costs are negligible."

The Apple faithful have long touted the benefits of the Mac as a secure computing platform, but security experts have long known that the absence of malware, viruses, and other software ills on the Mac have had more to do with the Mac's comparatively tiny market share when compared to the vast ocean of unpatched, unmonitored, and outdated Windows PCs available to an enterprising hacker. It's all business and a pure numbers game: Why should hackers devote their time and effort to hacking a platform that only represents a tiny fraction of the PC market? Paul Thurrott has his own take on the topic, arguing that Apple has been far too slow in addressing Mac security issues.

Now Apple is a victim of its own success: As the Mac's global market share steadily increases, so does the appeal (and potential reward) for enterprising hackers. So in the spirit of helping Mac users stem the tide of Mac scareware and malware, I've reprinted some of Ducklin's Mac security tips below:

If you use Safari, turn OFF the open "safe" files after downloading option. This stops files such as the ZIP-based installers favoured by scareware authors from running automatically if you accidentally click their links.

Don't rely on Apple's built-in XProtect malware detector. It's better than nothing, but it only detects viruses using basic techniques, and under a limited set of conditions. For example, malware on a USB key would go unnoticed, as would malware already on your Mac. And it only updates once in 24 hours, which probably isn't enough any more.

Install genuine anti-virus software. Ironically, the Apple App Store is a bad place to look - any anti-virus sold via the App Store is required by Apple's rules to exclude the kernel-based filtering component (known as a real-time or on-access scanner) needed for reliable virus prevention.

Religiously refuse any anti-malware software which offers a free scan but forces you to pay for cleanup. Reputable brands don't do this - an anti-virus evaluation should let you try out detection and disinfection before you buy.”

Visit Ducklin's original post for more information.

Do you support or use Macs in your IT environment? If so, what is your take on the recent spate of Mac security issues? Please add a comment to this blog post or start the discussion on Twitter.

Follow Jeff James on Twitter at @jeffjames3

Follow Windows IT Pro on Twitter at @windowsitpro

Related Content:

TAGS: Windows 8