Web-based threats, email spoofs, keyloggers and spyware..... Like so many things these days, there's no use wondering why, you just have to protect yourself. We all face threats from bogus apps, spoofs, redirected comms and data breaches. Motivated by greed, politics, bravado or just-plain-vicious malicious intent, it's all out there. Don't be a victim.
Apple has practically eliminated the threat of viruses, but that's not to say Mac users can be complacent about security. Keep your OS version updated, avoid pop-ups, know who you're dealing with, and never download from unknown sources.
The most significant threat to security remains that of physical access. WiFi spies and freeloaders can be a problem, but these are managed by using security protocols and proper passwords. This page is about the current state of security on the Macintosh and what you should know to protect yourself.
Try to keep less than 1GB on your desktop. Two good reasons to do this are to lighten the load on precious RAM, and because the desktop - like the trash - has no further address in your Mac's directory and is shared by all volumes/disks.
The Desktop should be treated as a temporary landing spot for files until you decide whether to keep 'em or not. If a file has served its purpose or is no longer needed, trash it; otherwise move keepers into appropriate folders within your drive (Documents, Pictures, Music, etc.).
First off, it may help to populate the Finder's sidebar if you haven't already. Under Finder menu, open Preferences and click the Sidebar tab:
Putting a check mark next to the items shown above will put those items in all Finder window sidebars for quick and easy access.
From the Desktop window, drag/drop files to appropriate folder in sidebar according to file type - photos into Pictures folder, music into Music, etc. Sorting files in Finder window by Kind will make things easier:
Screen shot above shows Desktop selected in sidebar. Contents are shown in list view (arrow), sorted by Kind (red circle) and ascending (blue circle). All JPEG files are selected, ready to drag into Pictures Folder where JPEGs belong.
It may also be helpful to open a second Finder Window and relocate files by dragging them between the two windows.
Tip: While you're at it, open Finder's View menu and turn-on two helpful options:
Show Status Bar, and Show Path Bar.
Clear 'cruft' out of your browser
Safari, like all web browsers, has preference settings to delete cookies, extensions and other junk that accumulates over time (collectively known as cruft). Safari also has a shortcut in Safari Menu, "Clear History..."
Select Clear History, then set to 'All History'. This will get rid of cookies, history and cruft with one click. For other browsers, get used to opening the browser's prefs settings to delete cookies and history, then check for bogus extensions, especially "search" add ons that often produce pop-ups.
Best time to clear cruft is when you quit the browser app.
Getting rid of trackers, cookies and crap on the iPhone is a bit more complicated and requires a number of steps, starting with iPhone Settings:
In Settings, scroll down and tap Safari:
In Safari settings, scroll to very bottom and tap Advanced:
At very top of Advanced settings, tap Website Data:
Scroll to bottom again and tap Remove All Website Data:
On your way back out thru Safari, tap Clear History and Data:
Doing this periodically will clear trackers and cruft from your iPhone, reclaim space, and improve performance. Once you get used to this process, you can execute very quickly, thanks to commands placed at top and bottom of lists.
By definition, a computer virus must have three specific traits:
"I think I've been hacked!"
Viruses have been largely eliminated on the Mac since the advent of OSX by preventing the first two properties above; the third property, payload, is a function of software in general, whether useful, helpful - or malicious.
- It operates in the background without user's knowledge
- It copies itself to every available volume it can write to
- It always carries some sort of payload (its purpose)
Malicious software - aka malware - comes in a wide variety, from phony updates to bogus apps of all kinds. Two newer types of fraudulent services are fake cloud backup and online password management.
Think about it: If you enlist the services of cloud backup, you'll be sending them all your data. They don't have to lift a finger. Same goes for password management services when you give up your passwords. Do you know who these people are? Do you have any idea where they are? No password, encryption, VPN or other security measure can protect you from you.
No, you haven't been hacked. Banks get hacked, Social network sites get hacked, Google, Yahoo (et al), credit sites and retailers get hacked. People generally don't get hacked, aside from an occasional celebrity or maybe an acrimonious divorce. "Hacked" is one of those terms that sounds good, but usually means scammed.
Know who you're dealing with.
Free, demo, trial apps, bogus updates, PDF/Word readers, video viewers, and a slew of Mac fix-up apps - including paid versions - are as close to viruses as we get on the Macintosh platform. Don't go there.
If you limit downloads to Apple's App Store and only deal with KNOWN sources by making certain the address in web browser is legitimate, you'll have little to worry about. That's the short version - more info and details follow.
(Also see our Rants page for more on security concerns.)
As a friend says, "you have to be smarter than the tools you work with." Just because that email says it's from a friend or family member doesn't mean it is.
Looking at the address suffix - known as its Country Code (ccTLD) - can be enlightening, too. Be aware that it takes no effort at all to fake an email, and trust nothing about an email's address or its contents.
- Use adequate passwords and be ready to change those associated with cloud functions, online banking, web mail, and internet accounts as necessary. Record those passwords in a safe place, too.
- Don't click email links. Examine that address carefully. Parking your cursor over a link for a second or two will produce a small box exposing the link's true address. You can always avoid the link by using a bookmark or by typing the address. And there's always the phone.
- Never respond with credit card numbers, passwords or personal info. Never "login" thru an email link - legitimate sources should direct you to their web site. It pays to be skeptical.
- Use 'Junk' filtering. Whether you use web mail thru a browser or email client, all email apps have a "spam" function for weeding out the garbage we all get. Use it. Something over 90% of all email is spam.
Of course, if you rely on mail thru Yahoo or Google or any other online service, the security of your email (including your address book and whatever else is attached to your account) is out of your hands and up to the service provider. They get hacked on a regular basis, so don't be surprised if it happens to you and suddenly everybody you know is getting spam with your name on it.
Such security breaches occur all too often, and that's the risk you take when using free online mail servers. Your choices are to change your email address or just wait until it blows over (which it eventually will).
If it comes looking for you, you don't want it.
Real-world internet security concerns (regarding Macs) revolve primarily around downloads that may be deceptive and/or damaging if installed. This cannot happen without your active participation and knowledge. In other words, you're free to download and install phony utilities and bogus apps if you wish - but it can't happen behind your back like it often does on a Windows PC. If you see some unexpected message popup while surfing the 'net, and it wants you to download, scan, update or install something, don't do it. Cancel/close and ignore the message. Force-quit your browser if you must, in order to get away from it (Apple menu -> Force Quit).
In the case of email attachments, a virus might well be attached to some email message you receive, but these are typically incapable of doing any harm to a Macintosh. However, while it cannot affect your Mac, if passed along to a Windows machine where its code _can_ execute, it might attack the Windows user. Delete it.
Best advice is to simply be aware, be suspicious of any uninvited prompts, and don't click anything you're not absolutely certain of. Clear your history and delete cookies periodically (although you may have to hunt for some of 'em - see below), open a new browser window if you like (File menu -> New Window) and use your bookmarks or type-in the address you want to go to. Cancel unexpected options and avoid anything even faintly suspicious.
Here's what you need to know:
The term "Malware" (short for malicious software) refers to a variety of bad-nasty things floating around in cyberspace, including viruses, spyware, Trojan horses, and a host of lesser types (in terms of potential damage). Rule of thumb: If you need some app or software, player, update or utility, go to the source and get it. DO NOT download anything that comes looking for you!
Spyware is a whole different animal. This category includes commercial programs designed to track computer use and record keystrokes, but these are not necessarily viruses. Popular with parents, security departments and company bosses, spyware provides indisputable proof of computer use and activity. That's the legitimate use of spyware: Parental control, tracking company time and tracing activity. But - spyware can also be used to steal passwords, banking and credit card info or other personal data for purposes of theft.
Properly installed spyware requires physical access to machine for an extended period of time, a few hours or more. Once in place, professional spyware is - by design - difficult to detect. The cheap and cheesy types are rather obvious.
A Trojan Horse - like the Greek myth - requires your active participation to download and install before it can do its thing. Therefore, it must trick you into bringing it onboard by masquerading as something attractive or pretending to be something it isn't. Here's an example, one of hundreds popping-up on the internet these days:
Clearly designed for the Mac with Safari icon and Mac layout.
If you click OK, the next window will be a "free download" of the Trojan disguised as an anti-virus app. If you are gullible enough to download, you will then have to enter your admin password to install it and you'll be warned that you're about to install an app from the internet. Just say no or trash the file before installation and you'll be fine.
Text is laughable - doubt if many who read this would fall for it.
Some of these trojans will put up a window listing a few files it claims are infected and should be "scanned" immediately. We've seen many examples of this type over the years, and most look very much like a genuine Mac application. (We tracked one to Belize, by way of Germany, with a contact number in Russia.) Fortunately, they're easily removed and relatively harmless but always best avoided.
While the Microsoft Windows world has long been awash in viruses that cannot infect the Mac, that doesn't mean Macs are 100% safe. The Macintosh remains largely immune due to proactive prevention by Apple and by the core of your MacOS, but there are plenty of other threats about. Nothing gets installed on a Mac unless an administrator password is entered and you approve the installation process. The only protection you really need is common sense.
The World Wide Web should be free, unregulated, uncensored and untaxed - but it also needs to be approached with care. Dealing with the internet means you can assume you're being tracked and you're quite likely to encounter something nasty along the way. Just getting there can fun, what with routers, modems, ISPs and all, to say nothing of expense. We all need to pay close attention as the internet is approaching critical mass in many ways. ISPs are throttling bandwidth, playing loose with stats, charging per device, rationing fiber optic broadband, and establishing additional charges along the way.
If you have a network and internet connection, you must protect it. Learn how, if you don't already know. Get a router with a built-in firewall and learn how to set it up. Normally it's just a matter of selecting the best available protocol and setting a password to protect your home or office wireless network.
Connecting to other networks out in the wild is another matter entirely. Consider these to be wide-open party lines and never transmit anything sensitive over a foreign wifi network. There have been reports of thieves setting up adjacent networks with names matching legitimate ones; that "Starbucks" network might be Starbucks or it might be some bozo with a notebook out in the parking lot. This type of spoof can be very difficult to detect, but it has to be within 150-yards of your location.
And now you can also assume a growing lack of privacy as virtually every app you use is phoning home with your data, targeting ads or looking for updates, whether on a computer, tablet or phone. GPS-equipped devices attempt to map wireless access locations by sending coordinates and network info. Computer and software makers collect and send data, including OS and app versions, CPU/machine specs. An audio device may be transmitting all it hears (with or without your permission), phone apps are notorious for trampling on privacy. There are legitimate types of data collection used to enhance product performance and provide assistance, but the line between that and eavesdropping is disappearing. As they say, "there's an app for that." If that's not bad enough, there's a storm gathering in the ever-popular cloud, too.
Pay attention to network activity
The key (on a Mac) is that nasty stuff, like all software, requires passwords and permission to install by someone with an admin account. Once onboard tho, malware can collect info, spy on activity, eavesdrop on communications and even reroute network traffic. (Yes, that includes Macs.) It's not unusual to find Koreans scanning your ports, cookies from countless unwanted sources, or servers horning in on web locations; these are easily stopped in their tracks. It's another matter to find something installed on a System that is opening doors and collecting and/or sending data. Noticeable effects may include slow network/internet operations, and it's something to watch for. We recently removed no less than five different variants of a malware app designed to hijack network communications, with all five operating from a single machine. One of those apps dated back five years. But, credit where credit is due: That particular machine had been used to explore the, shall we say, "seedy" segments of cyberspace and some uglies were voluntarily downloaded in the process.
Turn on your OSX firewall
(System Prefs > Security pane > Firewall tab - should be on by default), and do not allow file sharing of any kind over the internet. Sharing thru your own local area network (LAN) is fine; office networks are probably managed by in-house IT staff. Torrent, movie and music sharing sites are well-known for passing malware, so if you want some program or music - hey - buy it! No sympathy here for those who install BitTorrent, uTorrent, Limewire, Vuze and other such "sharing" software. Legitimate sources consider it theft to use such things, and so do we.
If you need a 'viewer' or update, go to the source and get it
Adobe.com's Flash Player (deprecated with HTML-5) is best avoided (more here), VideoLAN has VLC for translating WMV and MS file types, and QuickTime will open most A/V files. Keynote handles Powerpoint files nicely, Pages works on Word files, Numbers opens Excel, and odds are you already have something that will do whatever you may want to do. Just avoid clicking on anything that shows up uninvited while surfing the web, including video players, "updates" and anything that promises to speed-up, clean-up or fix-up your Mac.
There's only one way to absolutely guarantee total network security on any computer, and that's by disconnecting from the internet altogether. Short of literally pulling the plug on communications, we must remain vigilant to intercept and identify potential leaks in order to remain connected while having some control over security. The Mac comes well-equipped. Again, the #1 (and arguably only) security tool most Mac users really need is common sense - and proper password protection.
The biggest threat to any computer is having it fall into the wrong hands, so restricting physical access is most important. And the threat isn't just from theft or those with mischief in mind, it can be data loss or damage done by accident, too.
Hand-in-hand with protecting physical access is having a proper Admin account with a secure login password. This is especially important for notebook computers and portable devices that may go missing, and machines shared by two or more people. Create a 7-8 character password, make it a good one, and write it down somewhere safe if you need to, just make sure you don't forget it. (You can give yourself a hint, too, when you set it up.)
Require a password to wake from screen saver/sleep to protect your computer if you step away for a moment. Turn on your Firewall if it's not already on by default. And be sure to disable automatic login at startup in the Security pane of System Preferences under its General tab:
Options here include requiring password to wake from sleep, disabling auto login (must be checked for password protection at login), the option of locking all System Pref panes (the lil' padlock in lower-left corner), automatic log-out after a set time of inactivity, and more. Recommended settings for least bothersome security options are shown; more robust options are available if needed.
Then there's the FileVault tab: Here you can set a master password and encrypt everything on your hard drive - but we DO NOT recommend doing so. Encryption will slow read/write operations somewhat, and if you lose your master password - you're toast. FileVault is there with industrial-strength encryption if you really want it, but you'd need a _serious_ reason to make it worthwhile. Unless you carry around national security secrets, hospital medical records or some bank's database, using FileVault is overkill for most (normal) people. You will be well protected by using simple passwords without the added hassles of encryption.
Spyware is a general category of programs designed to track computer usage. These are not viruses per se, so anti-virus programs may not detect them as such. And, because programs used as "parental controls" or for additional security likely contain keyloggers to record who did what and when, keyloggers aren't exactly malware either. Even some simple keyboard-shortcut utilities have keyloggers. Once onboard, spyware can transparently record chat room and internet activity, emails, logins and software use. Some spyware apps are capable of using a computer's camera to take snapshots, record video and/or send location info as well. This info may then be stored for later retrieval or sent via network to a waiting recipient, and such apps may be used to recover lost or stolen notebooks.
If you are concerned that someone is spying on you and your Mac for some nefarious purpose, consider what it takes to put spyware on a Mac: First requirement is physical access (discussed above). Login password for your admin account is also necessary, and to properly install spyware so as to make it as undetectable as possible can take a good deal of time, 3-4 hours or more. So, if your machine hasn't left your possession, it isn't shared or available to others for an extended length of time, and it has a decent login password, you probably don't have anything to worry about.
The same applies to iPhones, iPads, and other such devices, with one important caveat that might make a difference. When you sync these devices to iTunes on a computer, iTunes automatically makes a full backup for you in case it's needed to restore the device, and that backup remains (buried) on the computer you synced your iGizmo to - which, by rights (and by design) _should_ be your own computer. But, if you synced to someone else's Mac or PC, they have all that data, and that might be a problem.
Unfortunately, hunting down spyware requires forensic processes and techniques that are beyond the scope of this discussion, especially if the prospect of legal action is a possibility. Installing anti-virus apps or "cleaning" utilities is just asking for trouble and should be avoided. Best hope for putting your mind at ease is to carefully consider time and access requirements for spyware installation, continued access necessary to retrieve keylogger/spyware records, and the likelihood of anyone going thru all that trouble to spy on you. If you still think you have a problem, give us a call, make an appointment, and we'll see what we can do. We won't help you spy on someone else (if that's what you have in mind) but we can certainly find out if you are - or have been - a target.
CIA and NSA programs
Yes, thanks to Wikileaks we now know the CIA has an Embedded Development Branch (EDB), creators of a number of programs designed to infect the Macintosh and spy on users. These programs, code named "Dark Matter", "SeaPea" and "NightSkies" (collectively known as "Triton") have been active since 2008 and were being updated to infect new OS versions as released by Apple. We first ran into Dark Matter in 2011 on a Samsung SSD a client purchased from Amazon. At the time, 500GB SSDs were selling for about $500 and were still somewhat rare. We had no idea what we'd found, only that the drive had a small 64K EFI partition in an unknown format - embedded in the drive's firmware - that could not be opened, examined or erased.
As with Dark Matter, these things aren't hard to find and identify if one knows what to look for and where to look. "Dark Mallet", "DerStake", the "Sonic Screwdriver" project... the CIA's user manuals for their spyware reads like any other user manual, all very matter-of-fact and concise. Only thing missing is the end-user license agreement (EULA).
Apple claims to have secured its OS against this sort of tampering, but in the spy-versus-spy world of government surveillance you can be sure the CIA has moved on to new and better things by now. First we had the NSA recording _all_ communications and location data in real time, and now we have the CIA turning our computers into spies. Nice.
Short version = there is no privacy. But, with more trouble than should be necessary, you _can_ take out the trash and keep tracking to a minimum while sometimes solving online problems. Here's how:
All applications (programs) have their own preference settings under menu with app's name, in this case Apple's browser, Safari. Open Preferences and choose the Privacy tab (image below). You can do that right now if you want, just move your prefs window aside so you can still see this one.
BTW: Different web browsers have different layouts, and the options we're looking for may be located someplace different than illustrated here. You may have to do some extra drilling to clear history, check homepage and toss cookies.
Using Safari here, other browsers should have same options somewhere in prefs or tools.
Clicking "Remove All Website Data..." button clears all cookies.
Shortcut: Older versions of Safari had a reset for removing much of the "cruft" that accumulates with web browsing, found under the Safari menu as either "Reset Safari" (up to OS 10.9) or "Clear History and Website Data" (10.10) or simply "Clear History" (in OS 10.11 and 10.12):
Choosing "Reset Safari" or "Clear History" produces options to delete web cruft.
Options checked above are a good compromise between keeping those things that might be helpful and trashing most of the junk that isn't. So, we're done now, right? Not quite...
Adobe is using it's Flash Player to spy on you, too. Here's the scoop on Flash Player:
Open your System Preferences and look for the Flash Player icon. Open it and pay close attention to the tabs at top of resulting window. Here you might find things that'll make ya wonder. Or not.
First tab, Storage, has a "Delete All" button below it that I encourage you to use, since Adobe has leveraged Flash Player to track your activity:
Next two tabs, "Camera and Mic" and the "Playback" tab, each have their own privacy settings that should be addressed. Off is the best choice; you can always turn these on if needed now that you know where they are.
Last tab, "Advanced" has yet another "Delete All..." button to remove yet another collection of superfluous stuff.
So now we're done. But, no, not really, just kidding. There are dozens of browsers out there - Safari, Firefox, MS Exploder, and the new kid, Chrome (best avoided), to name a few - all have different storage/tracking and "privacy" schemes, different front ends, prefs and options with their own agendas. Most other apps collect/send data and check for updates, too. This is why you really can't expect true privacy, but you can certainly keep traffic to a minimum.