10 simple tips to boost security for Mac users, says expert

MANILA, Philippines – With the increasing popularity of laptops and desktop computers running Apple’s Mac operating system, a leading secure content and threat management solutions developer stressed a number of ways to ensure that these devices remained secure.

“The appearance of the most recent Flashback/Flashfake malware is a testament to the fact that cybercriminals will target any device as long as these would provide them with potential revenue,” said Costin Raiu, Kaspersky Lab security expert in a statement to media.

“If you follow these steps, keep everything updated and be aware of these attacks, your chances of becoming yet another random victim will be greatly diminished,” Raiu said.

These are:

1. Create a non-admin account for everyday activities – create a non-admin user where you only log in as administrator when you need to perform administrative tasks. This greatly helps to limit the damage from zero-day threats and drive-by malware attacks.

2. Use a web browser that contains a sandbox and has a solid track record of fixing security issues in a prompt manner – Google Chrome is updated more often than Apple’s built-in Safari browser. Google Chrome also comes with a sandboxed version of Flash Player that puts up a significant roadblock for malicious exploits. It has also a silent, automatic update mechanism that removes the burden of patching security vulnerabilities.

3. Uninstall the standalone Flash Player – Adobe’s Flash Player has been a common target for hackers as it allows them to take complete control over target computers. Removing it will significantly lessen security risks.

4. Solve the Java problem – Java is also a preferred target for exploit writers looking to plant malware on your machine. It is recommended to have it completely uninstalled.

5. Run “Software Update” and patch the machine promptly when updates are available – Many of the recent attacks against Mac OS X took advantage of old or outdated software. Commonly exploited suites include Microsoft Office, Adobe Reader/Acrobat, and Oracle’s Java. It is recommended to update to 2011 as soon as possible. Be sure to apply the fixes and reboot the machine when necessary.

6. Use a password manager to help cope with phishing attacks – Mac comes with a built-in password manager, the “Keychain,” which generates unique and strong passphrases for a device’s resources. Whenever the cyber-criminals manage to compromise one account, they will immediately try the same password everywhere – GMail, Facebook, eBay, PayPal and so on. Hence, having a unique strong password on each resources is a huge boost to your online security.

7. Disable IPv6, AirPort and Bluetooth when not needed – Turn off connectivity services when not in use, or when not required. These include IPv6, AirPort and Bluetooth – three services that can be used as entry points for hacker attacks.

8. Enable full disk encryption (MacOS X 10.7+) or FileVault – In MacOS X Lion, Apple updated their encryption solution (FileVault) and added full disk encryption. Now known as “FileVault 2”, this has the advantage of securing the entire disk instead of just your home folder and can be very useful if your laptop gets stolen.

9. Upgrade Adobe Reader to version “10” or later – Adobe Reader is also a preferred target of cybercriminals. Version 10 includes numerous security enhancements which make it a lot safer than any previous versions.

10. Install a good security solution – It is no longer true that “Macs do not get viruses.” After six years, the situation has changed considerably. The Flashback trojan which appeared in September 2011 caused a huge outbreak in March 2012, which amounted for over half a million infected users worldwide. Thus, a security solution is absolutely required for any Mac user. One can easily download and install a trial of Kaspersky Anti-Virus for Mac.

“During the next few months, we are probably going to see more attacks of this kind which focuses on exploiting two main things: outdated software and the user’s lack of awareness,” said Raiu.

Read more...