10 Simple Tips for Boosting The Security Of Your Mac

09 Apr 2012

According to data collected by Kaspersky Lab, almost 700,000 user computers have been infected by the Mac OS X trojan Flashback since the beginning of April.  During the next few months, we are probably going to see more attacks of this kind which focus on exploiting two main things: outdated software and the user’s lack of awareness.  What can Mac users do to protect themselves?  Kaspersky Lab has compiled a checklist of steps you can take to ensure your online safety:

  1. Create a non-admin account for everyday activities — Your default account on Mac OS X in an administrator user, and malware writers can take advantage of that to infect your computer.  For everyday tasks like checking email and browsing, create a non-admin user to limit the damage from threats and malware attacks. 
  2. Use a web browser that contains a sandbox and has a solid track record of fixing security issues in a prompt manner — Kaspersky Lab recommends Google Chrome since it’s updated more often than Apple’s built-in Safari browser.  It also comes equipped with a sandboxed version of Flash Player that puts up a significant roadblock for malicious exploits.
  3. Uninstall the standalone Flash Player — Adobe’s Flash Player has been common target for hackers looking to take control over your computer. Furthermore, an old version of Flash Player will most certainly put you at risk when browsing the internet.
  4. Solve the Java problem — Like Flash Player, Java is a preferred target for exploit writers looking to plant malware on your machine. We recommend you completely uninstall it from your machine.
  5. Run “Software Update” and patch the machine promptly when updates are available — Many of the recent attacks against Mac OS X take advantage of old or outdated software. Commonly exploited suites include Microsoft Office, Adobe Reader/Acrobat, and Oracle’s Java, but there are other applications that can be abused as well. Whenever you see the Apple’s “Software Update” prompt, be sure to apply the fixes and reboot the machine when necessary.
  6. Use a password manager to help cope with phishing attacks — Mac comes with a built-in password manager, the “Keychain”. Whenever possible, try to generate unique, strong passwords for your resources and keep them in the keychain instead of remembering easier passwords.
  7. Disable IPv6, AirPort and Bluetooth when not needed — These connectivity services can be used as entry points for hacker attacks.  If you aren’t using them, turn them off.
  8. Enable full disk encryption (MacOS X 10.7+) or FileVault — In Mac OS X Lion, Apple updated their encryption solution (FileVault) and added full disk encryption. It is now known as “FileVault 2”. This has the advantage of securing the entire disk instead of just your home folder and can be very useful if your laptop gets stolen.
  9. Upgrade Adobe Reader to version “10” or later — Adobe Reader has been one of the preferred targets of cybercriminals on the Windows platform and it still ranks high among the most exploited software in the world.  Make sure you get the latest version from the download page at Adobe.
  10. Install a good security solution — With the recent Flashback Trojan outbreak, it’s mandatory for any Mac user to have a security solution.  You can download and install a trial of Kaspersky Anti-Virus for Mac here.