Better than Stuxnet - Snotnet!
Web-based threats, email
spoofs, keyloggers and spyware..... Like so many things these
days, there's little use in wondering why it happens or where it comes
from; you have to protect yourself anyway. There are threats from
online booby traps ("Trojans"), email spoofs with forged addresses,
hackers scanning ports, redirecting communications and getting into
internet accounts. Motivated by greed, politics, bravado or
malicious intent, it's all out there
hoping to draw you in and rip you off.
Almost all such threats, including hijacked communications, requires
your participation to some
degree, even if it's just being inattentive or acting on assumption.
Using a MacOS machine eliminates the vast majority of viruses designed
to attack Windows PCs, but that's not to say Mac users can be
complacent about security. There are other types of threats, too.
Probably the most immediate threat to security is that of local,
physical access, including data on
shared machines, unattended/unsecured computers, lost and stolen
mobile devices. Local area networks (LANs), wifi
spies and freeloaders can also be a problem. Most of these threats are
managed by using
built-in security protocols and proper passwords, but you must take
steps to use the protections you have. This page is about the current state of
security on the
Macintosh and the things you should know to protect yourself.
As a friend says, "you have to be smarter
than the tools you work with." Just because that email sez it's from
your buddies Boris and Natasha, doesn't make it so. The logo in an
email may be a
copy of the real thing and the link that email contains - if you click
on it - might take you somewhere just as convincing, but that doesn't
Learning how to read email addresses is the
first step. If you see a link in an email, parking your cursor over it
for a second or two will produce a small box with link's true address
in it. The address may or may not exactly match the link, but if it
contains extraneous servers or a two-letter
suffix called a Country Code (ccTLD)
you can be pretty sure it's bogus. Knowing it takes no effort to fake a
'from' or 'reply to' address is the second step, which leads to step
three: Trust NOTHING about an email or anything it might contain.
- If in
doubt, don't click that link. If it's a link to
something you might be interested in, examine that address carefully.
You can always open a web browser (Safari) and type in
the address yourself if you think there's anything odd about the
message you're looking at. Or pick up the phone and call instead. Then
delete that email.
respond with credit card info, passwords or personal info. If
they want you to login thru an email link, don't. Legitimate sources
should direct you to
their web site. Providing a link is convenient,
and they _do_ have a legitimate use, but it pays to be skeptical.
it 'Junk' and let your mail program deal with it. Whether you
use web mail thru a browser, or use an email client on your computer
(Mail.app), all email apps have a "spam" function for weeding out the
garbage we all get. Something like 90% of all email is spam, and once
you label a spam message as junk you shouldn't see anymore messages
from that particular source in your inbox ever again.
Of course, if you rely on web mail thru Yahoo or Google or any other
online service, the security of your email (including your address book
and whatever else is attached to your account) is out of your hands and
up to the service provider. They get hacked on a regular basis these
days, so don't be surprised if it happens to you and suddenly everybody
you know is getting spam with your name on it. Such security breaches
occur all too often,
and that's the risk you take when using free online web servers. Your
choices are to change your email address or just wait until it blows
over (which it eventually will).
If it comes
looking for you, you don't want it.
Real-world internet security concerns (regarding Macs)
revolve primarily around downloads that may be deceptive and/or
damaging if installed. This cannot happen without your active
participation and knowledge; in other words, you're free to download
and install malware if you wish - but it can't happen behind your back
like it often does on a Windows PC. If you
see some unexpected message pop up while surfing the 'net, and it wants
you to download or scan or install something, don't do it. You can always cancel
or delete a download before installing it.
In the case of email attachments, a virus
might well be attached to some email message you receive, but these are
typically incapable of doing any harm to a Macintosh. However, while it
cannot affect your Mac, if passed along to a Windows machine where its
code _can_ execute, it might attack the Windows machine. Delete it.
Best advice is to simply be aware, be
suspicious of any uninvited prompts, and don't click anything you're
not absolutely certain of.
If in doubt, don't.
Clear your history, delete cookies (although you may have to hunt for
some of 'em - see below), open a new browser window if you like (File
menu -> New Window) and use
your bookmarks or type-in the address you want to go to. Cancel
options and avoid anything even faintly suspicious.
Here's what you need to know:
"Malware" (short for malicious software) refers to a variety of
bad-nasty things floating around in cyberspace, including viruses,
spyware, Trojan horses, and a host of lesser types (in terms of
potential damage). Rule of thumb: If you need some app or software,
player or utility, go
to the source and get it. DO NOT
download anything that comes looking
A virus must
have three traits in order to qualify as a true virus:
(1) It operates in the background without
your knowledge or participation.
(2) it copies itself - spreads - to every
volume it comes in contact with (hard drives, flash drives, disc
(3) it will have some sort of damaging or
is a whole different animal. This category includes commercial
programs designed to track computer use and record keystrokes, but
these are not necessarily viruses. Popular with parents, security
departments and company
bosses, spyware provides indisputable proof of who did what and when.
That's the legitimate use of spyware (if spying on someone is
legitimate). Spyware can also be used to steal passwords, banking and
card info or other personal data for purposes of theft.
A Trojan Horse - like the fable -
requires your active participation to download and install before it
can do its thing. Therefore, it must trick you into bringing it onboard
by masquerading as something attractive. Here's a recent example that
has been popping-up on the internet:
Clearly designed for the Mac with a Safari icon and typical
Mac-style layout, this uninvited dialog box pretends to come
from "your System." (Read that message aloud without laughing, I dare
click OK, the next window will be a "free download" of the trojan
disguised as an anti-virus app. If you are gullible enough to download,
you will then have to enter your admin password to install it
and you'll be warned that you're about to install an app from the
internet. Just say no or trash the file before installation and you'll
Some of these trojans will put
up a window listing a few files it
claims are infected and should be "scanned" immediately. We've seen
four examples of this type of Trojan Horse, and all look very
convincingly like a
genuine Mac application and quite well done, actually. (We tracked one
to Belize, by way of
Germany, with a contact number in Russia.) Trojans may hijack your web
browser and take you places you do not want to go and show you things
you probably don't wanna see - or not - but these
phony anti-virus trojans all produce persistent nag screens wanting
your credit card info to purchase the phony app, and therein lies the
real threat. Fortunately, they're easily removed
harmless. OS updates will also eliminate malware for you.
While the Microsoft Windows world has long been awash in viruses that
cannot infect the Mac, that doesn't mean Macs are 100% safe. The
Macintosh remains largely immune due to proactive prevention by Apple
and by the core of your MacOS, but there are
plenty of other threats about. Nothing gets
installed on a Mac unless an administrator password is entered and you
approve the installation process. The only protection you really need
The World Wide Web should be free, unregulated, uncensored
and untaxed - but it also needs to be approached with care. And as long as you're dealing with the internet, you can
you're being tracked and you'll certainly encounter something nasty
along the way. Just getting there can
be loads of fun, what with routers, modems, ISPs and all. To say
nothing of expense. We all need to pay attention as the situation
mass in so many ways. ISPs are throttling bandwidth, playing loose with
extra per device, rationing fiber optic broadband, and establishing
toll booths along the way.
Recent stories about "IP
theft" suggest sharing a wireless connection should be a crime -
gasp! - and cite a few cases that miss the point entirely. On the other
hand, if you can't
protect your network, you probably shouldn't have one. Get a router
built-in firewall and learn how to set it up. Normally it's just a
matter of selecting the best available protocol and setting a password
to protect your home or office wireless network.
Connecting to other networks out in the wild is another matter
entirely. Consider these to be wide-open party lines and never
transmit anything sensitive over a foreign wifi network. There have
even been reports of thieves setting up adjacent networks with names
matching legitimate ones. That "Starbucks" network might be Starbucks
or it might be some bozo with a notebook out in the parking lot. Might
even use the same password as the real one. This type of spoof can be
difficult to detect, but it has to be within 150-yards or so.
And now you can also assume a growing lack of privacy as virtually
every app you use is phoning home with some bit of data, some chunk of
info, whether it's on a computer, tablet or phone. GPS-equipped devices
attempt to map wireless access locations by sending coordinates and
network info. Computer and software makers collect and send data too,
including OS and app versions, CPU/machine specs. These are legitimate
types of data collection used to enhance product performance and
provide assistance, but the line between that and eavesdropping is
dwindling fast. As they say, "there's an app for that." If that's not
bad enough, there's a storm gathering in that ever-popular Cloud, too.
Pay attention to network
activity. The key (on a Mac) is that nasty stuff, like all
software, requires passwords and permission to install, either by authorized physical access (see
below) or by
a System Admin. Once onboard tho, malware
can collect info, spy on activity, eavesdrop on communications and even
reroute all network traffic. (Yes, that includes Macs.) It's not
unusual to find Koreans scanning your ports, cookies from countless
sources, or servers horning in on web locations; these are easily
stopped in their tracks. It's another matter to find something
installed on a System that is opening doors and collecting and/or
sending sensitive data. Noticeable effects may include slow
network/internet operations, and it's something to watch for. We
recently removed no less than five different variants of a malware app
designed to hijack all network communications, all five operating on a
One of those apps dated back five years. But
credit where credit is due: That particular machine had been used to
explore the, shall we say, "seedy" segments of cyberspace and some
uglies were voluntarily downloaded in the
on your OSX firewall (System Prefs > Security pane >
Firewall tab - should be on by default), and do not allow file sharing
of any kind over the internet. Sharing thru your own local area
network [LAN] is fine; office networks are probably managed by in-house
IT staff. Software
(torrent) and music sharing web sites are well-known for passing
unscrupulous users, so if you want some new program or music - hey
- buy it! No sympathy here for those who install BitTorrent, Napster,
Limewire and other such "sharing" software. Legitimate sources consider
it theft, and so do we.
If you need a 'viewer' go
to the source and get it. Adobe.com has Flash, VideoLAN has VLC
for translating WMV and MS file types, or try opening audio/video files
in QuickTime. Keynote handles Powerpoint files nicely, and odds are
already you have something that will do what you want to do. Just avoid
clicking on anything that shows up uninvited while surfing the web,
including video players.
There's only one way to absolutely
guarantee total network security on any computer, and that's
by disconnecting from the internet altogether.
Short of literally pulling the plug on communications, we must rely on
firewalls and utilities to intercept and identify potential leaks in
order to remain connected while having some control over security. The
Mac comes well-equipped. Again, the #1 (and arguably only) security
tool most Mac users really need is common sense - and proper login
The biggest threat to any computer is having it fall into the wrong
hands, so restricting physical access is most important. And the threat
isn't just from theft or those with mischief in mind, it can be data
loss or damage done by accident, too.
Hand-in-hand with protecting
physical access is having a proper Admin account with a secure login
password. This is especially important for notebook computers and
devices that may go missing, and machines shared by two or more people.
Create a 7-8
character password, make it a good one, and write it down somewhere
safe if you need to, just make sure you don't forget it. (You can give
yourself a hint, too, when
you set it up.)
Require a password to wake from screen
saver/sleep to protect your computer if you step away for a moment.
Turn on your Firewall if it's not already on by default. And be sure to
disable automatic login at startup in the Security pane of System
Preferences under its General tab:
Options here include
requiring password to wake from sleep, disabling auto login (must be
checked for password protection at login), the option of locking all
System Pref panes (the lil' padlock in lower-left corner), automatic
log-out after a set time of inactivity, and more. Recommended settings
bothersome security options are shown; more robust options are
available if needed.
Then there's the FileVault tab: Here you
can set a master password and encrypt everything on your hard drive. DON'T do it! Encryption
will slow read/write operations considerably,
and if you lose your master password you're toast. FileVault is there
with industrial-strength encryption if you really need it, but you'd
have to have a _serious_ reason to make it worthwhile. Unless you carry
around national security secrets, hospital medical records or some
bank's database, using FileVault is just asking for trouble and most
(normal) people will be quite
adequately protected by using simple passwords without the added
Spyware is a general category of programs designed to track computer
usage. These are not viruses per se, so anti-virus programs may not
detect them as such. And, because programs used as "parental controls"
or for additional security likely contain keyloggers to record who did
what and when, keyloggers aren't exactly malware either. Even some simple keyboard-shortcut utilities have
keyloggers. Once onboard,
spyware can transparently record chat room and internet activity,
emails, logins and software use. Some spyware
apps are capable of using a
computer's camera to take snapshots, record video and/or send location
info as well. This info may then be stored for
later retrieval or sent via network to a waiting recipient, and such
apps have been used to recover lost or stolen notebooks among other
functions. In the Windows
world, tho, all bets are off as the likelihood of these things being
malicious goes way up - we're only talking about Macs here.
If you are concerned that someone is
spying on you and your Mac for some nefarious purpose, consider what it
takes to put spyware on a Mac: First requirement is physical access
(discussed above). Login password for your admin account is also
necessary, and to properly install spyware so as to make it as
undetectable as possible can take a good deal of time, possibly a few
hours. So, if your machine hasn't left your possession, it isn't shared
or available to others for an extended length of time, and it has a
decent login password, you probably don't have anything to worry about.
The same applies to iPhones, iPads, and
other such devices, with one important caveat that might make a
difference. When you sync these devices to iTunes on a computer, iTunes
automatically makes a full backup for you in case it's needed to
restore the device, and that backup remains (buried) on the computer
you synced your iGizmo to - which, by rights (and by design) _should_
be your own computer. But, if you synced to someone else's Mac or PC,
they have all that data, and that might be a problem.
Unfortunately, hunting down spyware
requires forensic processes and techniques that are far too complex to
describe in detail here, especially if the prospect of legal action is
a possibility. Installing anti-virus apps or "cleaning" utilities is
just asking for trouble, too. Best hope for putting your mind at ease
is to carefully consider time and access requirements for spyware
installation, continued access necessary to retrieve keylogger/spyware
records, and the likelihood of anyone going thru all that trouble to
spy on you. If you still think you have a problem, give us a call, make
an appointment, and we'll see what we can do. We won't help you spy on
someone else (if that's what you have in mind) but we can certainly
find out if you are - or have been - a target.
version = there is no privacy. But, with more trouble than should be
necessary, you _can_ take out the trash and keep tracking to a minimum
while sometimes solving online problems. Here's how:
applications (programs) have their own preference
settings under menu with app's name, in this
case Apple's browser,
Safari. Open Preferences and choose the Privacy tab (icons along
top). You can do that right now if you want, just move prefs window
aside so you can still see this one.
apps have different layouts, and not all the options we're looking for
are located in one place, so you may have to do extra drilling to find
the commands to clear history, toss cookies and maybe even reset the
whole works (except bookmarks). Illustrations and instructions posted
here only apply to Safari.
Using Safari here, other browsers should have similar
options somewhere in prefs. Clicking the "Remove All Website Data..."
button clears all cookies. Other settings are also recommended.
The Privacy tab allows you to remove
cookies from sites and servers tracking you as well as those with legit
such as login cookies used by discussion groups, vendors and
auction/sale sites. You'll just have to login again if you toss good
with bad, but
Safari can remember most logins if you want it to, so not much will be
lost by removing all - which is important because you probably have
you wish, then delete 'em individually, too. You might think we're
done, but - no.
Check to see if all cookies are gone (probably not): Starting with your
home folder (has login account name) go to
~/Library/Safari/LocalStorage folder and take a look inside:
see files inside the LocalStorage folder, you still have cookies
tracking you. Safari (and probably most other web browsers) will not
let you delete these manually while the app is open and running, so in
remove 'em you'll have to quit Safari before you drag them all to the
trash and empty your trash.
around in Library folders is generally a bad idea since they contain
critical Operating System files. This is why Spotlight doesn't
search within OS library and system folders, so best not to move,
delete or rename anything else in Library folders. In fact,
you'll see slightly different folder icons in the Finder which signify
"blessed" folders having special properties with respect to contents,
names and location, while normal folders (which may be moved, modified
and/or deleted at will) have plain icons:
= "Blessed" Library folder
= Normal folder
Shortcut: Safari also has a reset for removing much of the
accumulates with web browsing, and that reset function can also be
under the Safari menu:
"Reset Safari..." produces a window where you may pick and choose what to delete all
checked above are a good
compromise between keeping those things that
might be helpful and
trashing most of the junk that isn't. And, unfortunately, it may still
be necessary to double-check ~/Library/Safari/LocalStorage folder to
make sure it's truly empty. If you pay attention to cookies and
you'll start getting a feel for who is tracking what and why. So, we're
done now, right? Wrong.
Adobe is using it's ever-popular Flash Player to track you too, as are
other web browser plug-ins and/or add-ons. Here's the scoop on your
Open your System Preferences and look in the bottom row of
its preference icons for the Flash Player icon. Open FP's prefs pane
and pay close attention to the tabs at top of resulting window. Here
you might find things that'll make ya wonder. Or not.
First tab, Storage, has a "Delete All" button below it that I encourage
you to use.
Flash setup is quite similar to a web browser's cookie storage:
tabs, "Camera and Mic" and the "Playback" tab, each have their own
privacy settings that should be addressed. If you don't need or use
these, off is the best choice; you can always turn these on/off as
needed now that you know where they are.
Last tab, "Advanced" has yet another "Delete All..." button to remove
yet another collection of superfluous stuff. And Adobe recommendations
notwithstanding, "Never Check for Updates" is just fine (indeed, best
choice if ya ask me).
So now we're done. But, no, not really, just kidding. There are dozens
browsers out there - Safari, Firefox, MS Exploder, and the new kid,
Chrome, to name just a few - all have different storage/tracking and
"privacy" schemes, different front ends and prefs and optional plug-ins
with their own agendas. Other apps beside web browsers collect/send
data and check
for updates, too. This is why you really can't expect true privacy,
but you can certainly keep traffic to a minimum.