The Complacency of Myth: Why Mac owners must be vigilant
Just about everyone who owns a Windows-based computer understands they must have a firewall and malware protection installed on their machines. The more savvy users know they must run multiple applications since each of the malware detection applications have known weaknesses.
An unprotected Windows computer with an Internet connection will be infected with some sort of malware essentially immediately. With 0 seconds to compromise, there is no choice for Windows users but to have defenses in place. They know that.
The last time I had to install a Windows OS, there were 200 security updates required AFTER I completed the install. And, of course, there are cases were Windows computers are delivered to users with malware pre-installed. (Link to previous post about the Lenovo laptop malware.)
For years, Mac users have believed themselves exempt from malware. You’d hear Mac owners say this with a certain hubris. The reason isn’t that a Mac is inherently more secure. They’re not. It’s just that when 90% of computers have a Windows OS, why would a Black Hat programmer or script kiddie waste time writing or deploying malware for anything else?
Those days are gone and any Mac owner who is not taking precautions is assuming a no longer insignificant risk. Here’s a screen-cap from a search for “OSX Yosemite Malware.”
But Wait, There’s More!
Not convinced you should worry?
This article should be sobering: “According to the 2014 [Kapersky] report, the average Mac user faced nine threats in the past year.” And this: “The study tracked nearly 1500 new malware programs targeting OS X over the past year, 200 more than in the previous year.”
If you are an average Mac user who has no malware detection application running, are you confident that none of those 9 attacks succeeded against your machine?
Here’s a Mac Forums link from 2014 where a user asks for help with removing malware from his new MacBook Pro.
This article should give you pause: “What Elite Hackers Do When Encountering an iMac”
These elite hackers wanted nothing to do with an iMac because they consider the iMac to be inherently insecure: “In one case, what the person did was turn the iMac to face the wall, unplug it, and for good measure, toss a towel over it to ensure complete privacy.” Here’s another link to the story.
In 2012: Mac malware installed a backdoor.
Got your eye on one of those spiffy new MacBooks? Well, there’s a security flaw with the new USB-C used by the MacBook and there’s no solution yet: “The additional openness and flexibility of USB Type-C comes with more attack surface,” says Karsten Nohl, one of the researchers who first discovered BadUSB.”
There’s a bigger problem outlined here.
“Here’s the deal. Terrorist leaders use iPhones. They are a status symbol, and status symbols are important to leaders. Moreover, since Apple’s security is actually pretty good, terrorists use the phones for good reason (most Android devices suck at security, even the Blackphone). Getting software onto terrorist’s phones, or basebands, is an important goal of intelligence.”
Followed by this:
“Instead, their [the CIA’s] goal is to target the hundred users of a hawala money transfer app used almost exclusively by legitimate targets. The idea is a black bag operation to break into the teenager’s apartment who wrote the app in order to backdoor his/her XCode, so that all users can be identified.”
If government agencies are doing this sort of thing, why would you think Black Hats didn’t get there first?
Another recent article from November 2014, “WireLurker: A New Era in OS X and iOS Malware” should worry you, too. “WireLurker, a family of malware targeting both Mac OS and iOS systems for the past six months. We believe that this malware family heralds a new era in malware attacking Apple’s desktop and mobile platforms.” One of the vectors? USB. Your phone can infect your iMac.
Be Safe(r) Out There
Don’t be complacent.
Sophos has a series of free tools that will help protect your Mac or iThing. (Android, too.)
Here’s the Apple page on Yosemite security settings and options:
Secure your Mac /iThings to the fullest extent possible.