Taking Security for Granted

Posted on Tuesday 17 January 2006

I often get asked if I run anti-virus software on my Mac, and if I do, why do I bother. The reasoning of the people asking me is usually something like: “There are no viruses for Mac OS X, so why waste the time/money running an anti-virus package on a Mac.”

My answer usually surprises them. Yes, I do run an anti-virus package on my Mac. I also run a very secure firewall, both an in-bound and an out-bound firewall. While there are no Mac OS X viruses, there are plenty of Microsoft macro viruses that can affect my Windows-using friends and associates, and I run the anti-virus so that I can intercept and disinfect any Windows-based viruses. This way, my Mac doesn’t inadvertently act as a virus carrier. It also allows me to tell my friends and associates when they may have an infected machine. Just because a problem doesn’t affect me, doesn’t mean I can’t help prevent it from affecting others.

Unfortunately, there are quite a few Mac users who take the “why bother” approach. While, at the present, there isn’t any spyware, virii, or trojans that affect Mac OS X users, it won’t always be this way. As the Mac platform becomes more popular, and with the switch to the Intel-based Macs underway, the possibility of Mac-base malware becomes greater. Granted, the Mac’s BSD-based OS X is designed with security in mind, and is in many ways, far more difficult for malware to affect, at least without the user’s inadvertent cooperation.

There are two major reasons I see Mac-based malware as inevitable. First, the move to the Intel-based machines increases the number of malware writers who are fluent in writing code executable by the Mac CPU. In some ways, the uncommon PowerPC based CPUs helped limit the numbers of people who were able to develop Mac-capable malware. The more coders attempting to find a vulnerability, the higher the chance that one eventually succeeds.

Second, as the Mac moves to the Intel-based hardware, the cost differential between the Mac and the rest of the PCs has become much smaller than it has been historically. If you compare a CoreDuo-based Windows notebook with the new MacBook Pro, the price differential is relatively minimal or non-existent. The same is true of the new CoreDuo-based iMac. There is little in the PC world that is comparable, in terms of power, features, screen-size and cost. With the change in the “price premium” for Mac ownership, an increase in Mac ownership will probably occur. As the installed user base increases, so does the temptation for the malware writers—sad but true, for most of them it is a game of numbers.

What can a Mac user do. First, run a good anti-virus package, like Virus BarrierX or ClamXAV. Do the virus definition updates. Run a good in-bound firewall, like the one built into Mac OS X. If you find it too difficult to use, get a good after-market one. The final step is to run a good outbound firewall, like LittleSnitch. Out-bound firewalls don’t prevent your machine from being attacked, like in-bound ones do, but they do prevent, restrict and allow you to control what software packages are allowed to get out to the internet. This can help prevent malware from doing damage to your system or others.

Good security is a process, not a set of steps, which once taken don’t need to be re-visited. Good security is something that is constantly evolving and updating to deal with the changing threats that appear.

No comments have been added to this post yet.

Leave a comment



Information for comment users
Line and paragraph breaks are implemented automatically. Your e-mail address is never displayed. Please consider what you're posting.

All comments are subject to review and approval
before being posted on this site.

Use the buttons below to customise your comment.

RSS feed for comments on this post | TrackBack URI