PDA

View Full Version : Very basic security questions - Help!



tarheel
02-19-2016, 10:33 AM
OK, I am the very, very low end on tech knowledge / ability. I have read all the post in this thread on "Security". Most of it (almost all of it) is over my head. So, here goes: I am running an iMac, late 2013, Intel i7 quad core, 16 gigs RAM,
& a 500 SDD that's only 1/4 full. OSX Yosemite, 10.10.5 - and everything is working fine. All the news about hackers holding companies and even individuals hostage until they pay to have their computer unlocked is un-nerving at the least.

Here's what I do: (I am retired and spend at least two hours daily on line): I send receive e-mail via g-mail, transact brokerage transactions and on-line banking stuff, visit photography web sites, Amazon, - all pretty much main stream sites.
After reading all the issues on VPNs and security on my iMac I clicked on: "System Preferences", "Security & Privacy", and then "Firewall". The Firewall was turned off - so I turned in on and then sent a test g-mail message and logged into one of the financial web sites and everything worked fine.

Oh yeah, I have the Apple Time Machine regularly backing up my whole hard drive. If, unlikely as it is, a hacker encrypted my computer hard drive would the copy of my hard drive on my Time Machine also be encrypted? I connect to the internet via an ATT phone line DSL. See, I really am lost in the computer world!
Thanks!

And, as a footnote: I would gladly pay the $6. to $8. a month the companies charge for their step-up (from their free version) for VPN service - but - do I really need that?

mad_macs
02-19-2016, 11:15 AM
The firewall is essential so it's good to have it on. TMB are very good in case you do happen to get ransomware you can recover fairly easily. However, it's probably a good idea to also get a anti-malware program as well to prevent most problems in todays world. OSX doesn't have as many problems as other operating systems but it does have some.

nickyr
02-19-2016, 12:51 PM
Some say as long as your router has a firewall then you don't need the OSX one on as well. Personally I have both switched on with no visible problems.

Software protection wise, I'd install the following extensions to Safari:

- Adblock +
- Ghostery.

Also, download this and run it occasionally:

https://www.malwarebytes.org/antimalware/mac/

Stick to safe websites, make sure you never give any personal details to anyone who contacts you out of the blue and you should be OK.

RadDave
02-19-2016, 01:18 PM
Some say as long as your router has a firewall then you don't need the OSX one on as well. Personally I have both switched on with no visible problems.

Software protection wise, I'd install the following extensions to Safari:

- Adblock +
- Ghostery.

Also, download this and run it occasionally:

https://www.malwarebytes.org/antimalware/mac/

Stick to safe websites, make sure you never give any personal details to anyone who contacts you out of the blue and you should be OK.

Just a 1+ for Nick's suggestions above - I do exactly the same; concerning the firewall, I also have both the one in my AirPort Extreme router and have the OS X one activated - we've had a LOT of discussion on this issue in several other threads w/ variable opinions - I've never had an obvious problem w/ both on. Dave :)

harryb2448
02-19-2016, 04:20 PM
I leave the firewall at Apple's default - off. The firewll in the router does a more than sufficient job and I also have never had a significant problem since using OS X.1.

+1 for Gohostery, AdblockPlus, Malwarebytes for Mac and a little free utility called Onyx.

MacInWin
02-19-2016, 10:44 PM
I agree with all that's been said, and I'll chip in that I have the firewall on. There is a firewall in my router, but the software firewall is on because occasionally I take the MBP on the road and connect to public networks, so having the FW defaulted ON means I don't have to remember to turn it on when I am on the road. The two work well together, so it seems to me to make sense not to have to remember one more thing when go on the road.

One other thing is that TM backups are NOT bootable, so if your system does get impacted and you need to wipe it out and start over from the backups, you may want to create a bootable USB stick, or a bootable external drive. That way you can boot from that, restore the TM backup and be back in the water pretty quickly. Even faster if the bootable external is a full clone of the internal drive, because then you just boot from it and clone it back to the internal drive and you are fully restored. I do both TM and clone backups daily. I use Carbon Copy Cloner, but SuperDuper! will do the same thing.

Cr00zng
02-24-2016, 02:06 PM
Certainly, files can and will be encrypted on the Mac via Cryptolocker variants. It can take place directly on the Mac, but the most common venue is some versions of Windows running in a virtual environment, such as:


Parallels
VMWare Fusion

These and other solutions allow sharing files between the host and the virtual machine. Cryptolocker will encrypt these and network accessible files, in addition to the files on the local drives. While it is convenient for the end user accessing document in both OSs, it's a feature that should be disabled in my view.

Backups, especially the data backups, should be off line and encrypted. If the backup media is available for Cryptolocker, it'll encrypt the backup as well. I usually keep daily encrypted data backups offline, rotate them out on the FiFo based daily backups, keeping five days any given time.

Pasquanel
02-29-2016, 10:28 PM
Perhaps we newbies could benefit from learning what exactly a firewall does. I run both the router firewall and the software one on my mac. I have no idea what either one does and is it detrimental to performance to run both?

chscag
02-29-2016, 11:29 PM
The Firewall on a new Mac is off by default. Apple assumes that your router Firewall will be protection enough. Keeping both your Mac's Firewall on along with that of the router does no harm and might actually be a good thing in case you're out in the public somewhere using free WiFi. Your Apple Firewall protects both incoming and outgoing actions.

Pasquanel
03-01-2016, 12:05 AM
Thanks for the reply!

Slydude
03-01-2016, 12:05 AM
@Charlie I don't want to gum up the works unnecessarily with pointless questions. I used to have the firewall on but don't now mainly because I rarely take the MacBook Pro on the road. so here's the question for the benefit of everyone who is not a techie but still concerned about security: Isn't the quality / effectiveness of the built-in firewall somewhat dependent upon whether the OS is / is not up to date? 10.6.8 for example, is the most up to date version of Snow Leopard one can get but I doubt its as effective as something more modern such as El Capitan.

chscag
03-01-2016, 12:41 AM
Sure, Snow Leopard is probably less secure than El Capitan, but that should not change the way the built in firewall works.

RadDave
03-01-2016, 01:14 AM
Thanks for the reply!


Sure, Snow Leopard is probably less secure than El Capitan, but that should not change the way the built in firewall works.

@ Pasquanel - really difficult to summarize the concept of a firewall in just a forum post - of course, there are hardware & software firewalls (both of which I'm using at the moment w/ my AirPort Extreme router & the OS X firewall on) - SO, please look at the these numbered links for MUCH more information: Link 1 (http://computer.howstuffworks.com/firewall.htm) Link 2 (http://www.macworld.com/article/2940180/fire-up-your-macs-firewall.html) Link 3 (https://support.apple.com/en-us/HT201642) Link 4 (http://www.howtogeek.com/205108/your-mac’s-firewall-is-off-by-default-do-you-need-to-enable-it/)

As to whether your Mac OS X firewall should be ON or OFF has been much debated, both here in this forum and also in the links just given - if you're at home behind a router w/ a hardware firewall, then the software one may not be needed, but many of us still have it ON - NOW, if you are taking your laptop on the road and connecting to public Wi-Fi networks, then certainly use the OS X firewall.

@ Chscag - when looking at 'System Preferences' in El Capitan (and presumably many previous OS Xs), the 'incoming' traffic seems to be easily controlled, but to me at least, 'outgoing traffic' control is just not obvious - does not seem to be clear in the GUI - maybe more of a terminal issue - don't know. Just bringing up some confusion I've had w/ this outgoing issue since switching over to Apple computers. Thanks. Dave :)

Slydude
03-01-2016, 02:00 AM
Sure, Snow Leopard is probably less secure than El Capitan, but that should not change the way the built in firewall works.
That's kinda the point. Bet there are people out there who don't realize that the internal firewall is only as secure as the version of the OS behind it. In other words regardless of how the firewall operates they are expecting it to be as up-to-date as more recent OS versions.

chscag
03-01-2016, 02:51 AM
That's kinda the point. Bet there are people out there who don't realize that the internal firewall is only as secure as the version of the OS behind it. In other words regardless of how the firewall operates they are expecting it to be as up-to-date as more recent OS versions.

And that's exactly the reason we harp on folks to update OS X from those older less secure versions. ;)

Cr00zng
03-03-2016, 12:28 PM
Both the local and broadband firewalls have advantages, but...

The firewall is a network layer protection, pretty much a gatekeeper of network traffic based on source/destination and port number or protocol. All of them are stateless nowadays, meaning that the initial, or first time seen connection is checked against the firewall rule base, and if the connection allowed, the reply and subsequent connections flow through without further evaluation against the firewall rule.

Generally, both of the firewall types allow all outbound connection and protocols, while blocking all incoming connection request by default. Yes, it'll protect against direct attacks from the outside or the internet, but it will not block internal host's applications initiating a connection to the outside. This allows the end-user accessing the internet with any of the applications installed on the system. The any application includes malware on the system, if any; the firewall will not differentiate between the applications. In another word, the firewall will not prevent the "hacked system" calling home, or calling the command and control center, nor will the firewall block the responses to the "calling home" initiated connection.

By no means I am saying that there's no use in activating the firewall, quite the opposite. The firewall does have its purpose in your layered security protection, just keep its limitations in mind.

Pasquanel
03-05-2016, 02:38 PM
I tried running both the router and Apple firewall but I use voyage for my home phone (voip) and it stopped the phone from working.

McBie
03-18-2016, 06:31 AM
To the OP ..... also do not install anything that you did not specifically went looking for.
If you see pop-up windows on your screen saying you should install/upgrade this that an the other, .... think twice.
Do not install directly from that pop-up window, but browse to the vendor's website and install from there if need be.

Cheers ... McBie

nancyspeed
03-18-2016, 07:52 AM
I am glad I read this thread. My firewall was turned off and I was not really aware of it. My 2015 MacBook Pro also has firevault and it was turned on by default. I assume that is okay.

chscag
03-18-2016, 03:11 PM
I am glad I read this thread. My firewall was turned off and I was not really aware of it. My 2015 MacBook Pro also has firevault and it was turned on by default. I assume that is okay.

Yes, that's OK but please do not forget your Filevault password or your data could be gone forever. ;)

harryb2448
03-18-2016, 05:10 PM
Be very careful with FileVault. Do a search of the forums and see the number of folk who have forgotten their password. For mine, if you use your MBP at public hotspots, for sure have your firewall on. At home, there is a strong firewall in your router and off is the Apple default..

toMACsh
03-19-2016, 01:24 PM
Good point about the password! If you forget it, your data is lost forever. No one, not even an FBI agent in San Bernardino can recover it.

Wouldn't it be safe to assume your router's firewall is on?

Pasquanel
03-26-2016, 12:51 PM
Mine wasn't but when I turned it on my wife was unable to receive e-mail on her windows machine and I lost connection with my Vonage phone line.
So I went back to running the Apple firewall.

yogi
04-21-2016, 04:14 AM
Based on what you've said, here are some tips that will keep you out of trouble and are easy to do:



Update to the latest version of OS X - always: http://www.apple.com/osx/how-to-upgrade/
Make sure you use a good Mac user password: https://support.apple.com/en-us/HT202860
Turn on the Firewall: https://support.apple.com/en-us/HT201642
Turn on FileVault to encrypt your Mac's disk: https://support.apple.com/en-us/HT204837
If you use a Time Machine Backup, make sure the disk of the backup is encrypted as well (but be aware that this involves "starting fresh" so you would lose previous backups on that disk): https://support.apple.com/kb/PH18852?locale=en_US
When you use your banking sites / Amazon etc., always look out for HTTPS (the green lock near the address) in your browser. You can use a browser plugin to force usage of HTTPS on many sites: https://www.eff.org/https-everywhere
Install Ghostery and Adblock Plus for your browser (Chrome or Safari): https://www.ghostery.com/ and https://adblockplus.org/
Be suspicious of any e-mails you receive and don't click through on links you don't trust: http://www.techrepublic.com/blog/10-things/10-tips-for-spotting-a-phishing-email/


In general, being secure depends on your presonal threat model. What is more likely, that someone has access to your computer physically, or that someone hacks into your accounts online? Rather, what is the greater risk for you? The above steps would roughly cover both.

You can go the extra mile once you have mastered the above:


Use a VPN service such as ExpressVPN when in public spaces or when you just want to be extra secure online
Create a user account for yourself that does not have Admin rights, use that for daily use (but this means you may have to enter the Admin password quite often, and remember it alongside your user password). It's generally a good idea to run with as few privileges / rights as possible.

pigoo3
04-21-2016, 08:55 AM
Turn on FileVault to encrypt your Mac's disk: https://support.apple.com/en-us/HT204837



Very nice post Yogi...lots of great info & tips there!:)

I would only slightly disagree with one thing...and that's the use of FileVault. FileVault is a very powerful tool. But if the user forgets thier FileVault password...they are in big, big trouble. Practically no way around the FileVault password. Mentioning the FileVault ability/tool is a great idea. I would include a warning as well as to the potential risks of using FileVault (don't forget the password)!!!;)

- Nick

McBie
04-21-2016, 01:42 PM
You also have to think very hard why you would ever need FileVault .
What threat is FileVault protecting you against and what is the likelihood of that threat materialising ?
What other compensating control can you put in place that is equally good ? ( Read .... will not cause mahem if you forget the FileVault password )

Cheers ... McBie

RadDave
04-22-2016, 09:30 AM
Concerning FileVault, I'm w/ Nick & McBie - virtually all of my Apple computers stay at home; I'm retired, so not of a lot of important data on these machines - all computers have logins and all have password apps - our house has a good alarm system, so I feel absolutely no need to use FileVault, just another layer of complexity w/ a potential disaster happening if the password is forgotten. Now, I occasionally take a MBAir on the road and have virtually no important data on the machine, and again login is needed. Thus, I feel that the recommendation to use FileVault should be tempered from a 'must' to an optional necessity based on ones need to protect important files and information. Dave :)

toMACsh
04-22-2016, 01:52 PM
Bet there are people out there who don't realize that the internal firewall is only as secure as the version of the OS behind it. In other words regardless of how the firewall operates they are expecting it to be as up-to-date as more recent OS versions.

I saw this older post when revisiting this thread...
I've always maintained that security is related to the internet, and thus the browser more than the OS. Granted, the version of Safari is tied to the OS, but there are other browsers that work with an older OSX version that are still being updated.

Ember1205
04-22-2016, 06:33 PM
Perhaps we newbies could benefit from learning what exactly a firewall does. I run both the router firewall and the software one on my mac. I have no idea what either one does and is it detrimental to performance to run both?

Think of a firewall like you would a security guard in a building. When someone approaches the building, the security guard stops them to understand why they want to come in. If they have no business being there (no one asked them to come), the guard turns them away. If they WERE specifically summoned (someone from the fourth floor ordered pizza delivery and notified the security guard), then they are allowed to enter. If the security guard doesn't have an entry on his list for who is supposed to be coming to the office building, they aren't getting in (No one gets in to see The Wizard! Not no one, no no how!)


You also have to think very hard why you would ever need FileVault .
What threat is FileVault protecting you against and what is the likelihood of that threat materialising ?
What other compensating control can you put in place that is equally good ? ( Read .... will not cause mahem if you forget the FileVault password )

FileVault "locks up" the data on your hard drive so that no one can get at it if they are able to get physical access to your hard drive. Folks like myself that use a laptop and travel for work risk losing the laptop (physically). If that happens, someone could try and break into my laptop by guessing my password. If they can't figure out my password but want my data, they can boot from their own drive and "mount" the filesystem from my laptop. If the drive is encrypted, they can't access any of the data on the drive.

I won't ever bother encrypting the drive on my desktop computer at my home because no one is going to get physical access to the drive (there isn't anything on there that's sensitive anyway).

chscag
04-22-2016, 09:11 PM
If they can't figure out my password but want my data, they can boot from their own drive and "mount" the filesystem from my laptop. If the drive is encrypted, they can't access any of the data on the drive.

A firmware password does the same thing.


I won't ever bother encrypting the drive on my desktop computer at my home because no one is going to get physical access to the drive (there isn't anything on there that's sensitive anyway).

While a thief would be disappointed stealing my data, I'm not going to make it easy for him/her. ;)

Ember1205
04-22-2016, 09:25 PM
A firmware password does the same thing.

True. But, if they went to the trouble of acquiring my computer, they could pull the drive out of it, connect it to a different system, and bypass the firmware password, too.

When it comes to security, I always tell people that they need to think of it as an exercise in making yourself a very small needle in a very large haystack. The plain and simple truth is that, if a hacker wants your data, they WILL get it. The best you can do is to slow them down long enough to know that they're trying to get in and then do something to stop them cold (like power off, update software, change firewall rules, change passwords, etc.).

Randy B. Singer
04-22-2016, 09:42 PM
Some thoughts:

I've been on a bunch of Mac discussion lists for decades now, and I have been a member of several Macintosh user groups, and I have some extremely popular Web sites. In other words I've been in touch with many many thousands of Mac users. Most of those Mac users have run with no firewall enabled at all. (Most users probably don't even know what a firewall is.) Yet...I've yet to hear first hand of a believable instance of a Macintosh user having been hacked.

So, it seems to me that if you enable the hardware firewall in your router, that's all that you need to do. And you probably don't even need to do that. But since it doesn't hurt anything to enable your router's firewall, and it doesn't cost anything, it would seem to be a good idea.

Second, the arrival of ransomware for the Macintosh seems to be inevitable. We have already seen an instance of it.
https://blog.malwarebytes.org/cybercrime/2016/03/first-mac-ransomware-spotted/

Here is a very interesting new product:

RansomWhere? (free)
https://objective-see.com/products/ransomwhere.html

RansomWhere? attempts to thwart OS X ransomware by continually monitoring the file-system for the creation of encrypted files by suspicious processes.

Sounds like it might be worthwhile protection given the extreme malicious nature of ransomware.

McBie
04-23-2016, 05:52 AM
I have had the OSX firewall ON & configured since I bought the Mac.
Why ..... because I then don't have to worry about anything while I am on the road.
When I take a break at my local coffee shop and I want to do some work on the Mac, I can simply ask " 1 Caffe Latte please " instead of asking " is you WiFi protected by a firewall please ? "
You should never have to depend on what other might or might not do for you .... build your own controls.

Cheers ... McBie

Randy B. Singer
04-23-2016, 08:25 AM
When I take a break at my local coffee shop and I want to do some work on the Mac, I can simply ask " 1 Caffe Latte please " instead of asking " is you WiFi protected by a firewall please ? "
You should never have to depend on what other might or might not do for you .... build your own controls.


A firewall monitors and limits traffic going into and out of your computer. That means that a firewall does nothing more than to keep bad guys from hacking into your computer. (Or, in the case of a reverse firewall, it keeps rogue processes running on your computer from phoning home.) I'm not sure that you have to be at all concerned about that happening at a coffee shop. Bad guys don't tend to go after transitory targets to hack into. For one thing, hacking into a computer takes time. Hackers looking to hack into a computer tend to go after more interesting targets than individual's personal computers. They tend to like to hack into businesses' computers. And they tend to look for Windows computers, which have more well known backdoors.

What you have to be worried about at a coffee shop is someone intercepting your Wi-Fi signal or otherwise hacking the public network. A firewall won't help with that in the least. For that you need a VPN (virtual private network.)
https://en.wikipedia.org/wiki/Virtual_private_network

McBie
04-23-2016, 08:58 AM
Randy,
Your message is correct but as with most reports on the subject it is also full of assumptions. That is not a bad thing, it just shows that we don't know exactly what is going on, we are guessing most of the time and we live with a false sense of security.
All I want to say is that I configure my own controls based on the threats that I am faced with in my day to day job dealing with ICT threat intelligence.
I make no assumptions that somebody else has a control in place that might help me .... to be honest, I don't even want to think about it when I am out and about.
The coffee shop was just an example.
People should be able to use their devices safely on foreign networks, knowing that they have their device " protected " ( as they see fit ) against the threats that really matter ( for them ).
There is no such thing as " one size fits the world " ( Courtesy of Microsoft )

Cheers ... McBie

Randy B. Singer
04-23-2016, 09:25 AM
Randy,
Your message is correct but as with most reports on the subject it is also full of assumptions.

I'm just going by many years of experience with tens of thousands of Macintosh users.

Once again, I've never heard of a first hand believable instance of someone hacking into a Macintosh. I'm sure that it is possible for someone with enough skill, but I think that it is so difficult and rare that the chances of it happening to an ordinary Macintosh user are just about zero and thus not at all a concern. I don't think that there are a lot of hackers out there, I don't think that there are many who are that good, and I think that those that are that good aren't interested in what is on an ordinary Mac user's computer.

Now, intercepting Internet traffic at a coffee shop *is* fairly common. Mainly because it is not terribly hard to do. So, if one is going to be using a public network one should either be very careful not to include sensitive/valuable information in the data that they are communicating (i.e. banking passwords, credit card numbers, etc.) or they should use a VPN.

You can do anything that you want if it makes you feel safer. However, if the topic is "things that Mac users should be doing to protect themselves from bad guys," then turning on their software firewall is very far down that list.

http://www.macworld.com/article/2871286/how-and-why-you-should-use-a-vpn-to-protect-your-datas-final-mile.html
"Your greatest security and privacy risk relates to data in transit, as it passes to and from your devices. In a coffeeshop, airport, or other public space using Wi-Fi, your information passes in the clear between your hardware and the network’s hub."

McBie
04-23-2016, 10:23 AM
It is good to see different opinions on this topic and I like the fact that it is being discussed.
Again, there is no " one size fits all " ... there is no single response to a threat, given that we all have different operating environments ( not operating systems :-) )

One thing I would like to clarify in your post is the reference you make to " ordinary Mac users " and " ordinary Mac users's computers "
If you look at this from a " bad guy " perspective, how would you differentiate between an ordinary Mac user/computer and a non-ordinary Mac user/computer, unless you profile the user/system first.
I mentioned it before, computers are no longer the target, people are.
In terms of skills of hacking ... the technical skills required to " hack into systems" have long been transferred to tools. The interpretation of the results are still with ( bad ) people. :-)

For me it has always been a good thing to continuously investigate the ( ICT related ) vulnerabilities and the threats that my employer is faced with every day, and coming up with controls that are effective.
It was pretty clear more than 10 years ago , and still today, that your firewall on your device is an essential layer of your overall defence.
The biggest challenge is layer 8 of the OSI model .... the layer between the chair and the keyboard.

Cheers ... McBie

Ember1205
04-23-2016, 10:58 AM
Making an assumption about who a target may or may not be is one of the "flaws" at Layer 8. In the world we live in today, you have to believe that you are always a potential target and act responsibly. Period.

If you walk into a coffee shop thinking that you won't be a target, there's a reasonably good chance you're right. But, what if (when) you're wrong? They're called "pre"cautions for that very reason - you take them BEFORE you need them. Adopting some basic and potentially simple things to keep yourself safe is the smart thing to do.

Randy B. Singer
04-23-2016, 06:27 PM
One thing I would like to clarify in your post is the reference you make to " ordinary Mac users " and " ordinary Mac users's computers "
If you look at this from a " bad guy " perspective, how would you differentiate between an ordinary Mac user/computer and a non-ordinary Mac user/computer, unless you profile the user/system first.

As I said previously, it's not a bad idea to turn on your firewall. It's easy, it's free, and there is little to no downside. However, it's also not something that anyone here reading this should be particularly concerned about. In the real world hacking attempts just aren't something that a Macintosh user is going to be subject to.

In a discussion of security measures that a Macintosh user should be taking, on a discussion list such as this one, it is irresponsible to tell Macintosh users that having a firewall up is critical. It's not a step that they can take that is likely to be of any value. (But, once again, users can turn their firewall on if it makes them feel better. It won't hurt anything.) You should instead be talking about threat vectors that *are* routinely exploited and how to ameliorate the threat to them.

Off the top of my head, these are the things that Macintosh users have to do with regard to security (note that, for now, I don't list a need for anti-virus software):

- Set passwords and make them strong ones.
- Make sure to use the latest version of OS X and make sure to install all security updates.
- Know the latest social engineering threats (i.e. phishing attempts and scams).
- Don't update software anywhere but from the Web site of the developer (e.g. Adobe Flash and other media players).
- Have Java (*not* Javascript, which is something else) turned off in your browser. (No need to uninstall it completely. There has never been a Macintosh threat via a Java application.)

Randy B. Singer
04-23-2016, 07:13 PM
I'm sure that I, and others, will think of more to add to the list that I just gave. A couple more, though of less importance than the above, are:

- Don't open e-mail file attachments from people you don't know. (Though malicious file attachments are just about always aimed at Windows users and usually are Windows executables that won't run on a Mac.)
- Don't click on links to Web pages in e-mails from people you don't know (however, you can hover your cursor over such a link, and a pop-up will appear telling you where the link will really take you, and you can then decide if it looks safe). (Once again, this is more of a Windows thing....it's good to be a Mac user.)
- Turn on "Macro Virus Protection" in the Microsoft Office applications (though macro viruses are exceedingly rare these days)
https://kb.iu.edu/d/agzk

Ember1205
04-23-2016, 07:29 PM
Limiting activities to only "people you know" doesn't eliminate the risk. I get emails fairly regularly that appear to be from people that are in my address book but they are clearly SPAM / phishing / malware / something "bad". If someone that I know gets their email hacked, my contact info is now available to be used as a target. So, even with people you know, you still have to be smart.

While I agree with Randy that there have been little to no efforts put successfully into writing malware for the Mac and targeting the Mac OS X platform, I do not hold the same view of not taking steps to protect yourself until after someone else (or you) DOES get hacked. I'm comfortable running my own personal MacBook Air without antivirus because I know how to stay away from dangerous sites and such. The family iMac, however, is a different story. The other users of the machine are NOT as well-versed as I am, and one has even been bitten badly a few times before on Windows. So, I will run the firewall and antivirus on the iMac because it's prudent.

Randy B. Singer
04-23-2016, 08:04 PM
So, even with people you know, you still have to be smart.

Yes, being smart is a good idea. :)


So, I will run the firewall and antivirus on the iMac because it's prudent.

Except for the fact that:

1) There is already anti-virus software built into OS X:

XProtect/File Quarantine
http://en.wikipedia.org/wiki/Xprotect
https://support.apple.com/en-us/HT201940

2) Fully interactive anti-virus software tends to cause nasty software conflicts and slowdowns. In fact, just about all of the reports that I hear from folks who think that they have been infected by malware turn out to be caused by their own third-party anti-virus software. Many users go so far as to say that anti-virus software for the Mac causes far more problems than malware does.

3) At this moment, if you have fully updated software, there are no malware threats to the Macintosh that you have to be concerned about. (There have been such threats, but Apple, thankfully, updates OS X to block such threats.)

3) Anti-virus software won't protect you from not-yet created malware. AV software companies need a sample of existing malware in order to create a definition to add to their software to push out an update to allow your AV software to protect you from that threat. In other words, until there is a threat in the wild that is prevalent, and sufficiently malicious, and for some reason Apple chooses to ignore it and they don't patch OS X against it, anti-virus software isn't going to do much for you.

This has come up many times here on Mac-Fourms before. I guess that we need a FAQ (frequently asked questions) section so that the same things don't need to be explained over and over.

At this time, there is no reason for anyone to be paranoid about Malware for the Macintosh. That may change, but ill-informed folks have been saying that it will change "real soon now" for over a dozen years, since OS X was released. And they have been dead wrong. See:

Broken Windows
http://daringfireball.net/2004/06/broken_windows

So Witty (followup to Broken Windows)
http://daringfireball.net/2004/06/so_witty

pm-r
04-23-2016, 08:23 PM
Interesting thread and subject that's now into 40+ replies considering they are are all a result to a "simple" post request — Very basic security questions - Help!

Randy B. Singer
04-23-2016, 09:04 PM
Interesting thread and subject that's now into 40+ replies considering they are are all a result to a "simple" post request — Very basic security questions - Help!

There is a lot of misinformation going around. Partially because some folks are used to Windows, partially because some folks simply tend to be paranoid. We've had a couple of long threads about security here before. But new users tend not to go into the archives and read them.

Randy B. Singer
04-23-2016, 11:09 PM
So, going back and trying to answer the original poster's questions...



Oh yeah, I have the Apple Time Machine regularly backing up my whole hard drive. If, unlikely as it is, a hacker encrypted my computer hard drive would the copy of my hard drive on my Time Machine also be encrypted?

In the past I would have said "no". However, the latest ransomware makes an attempt to encrypt your attached Time Machine backup as well. See:
http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/
Note that this ransomware, KeRanger, no longer exists in the wild, and there are currently no other examples of true ransomware in the wild for OS X.

So, the best way to survive a ransomware attack is by having a meticulously updated backup, but ransomware may be going after backups as well. How do you deal with this? It's actually quite simple. Don't leave your backup attached to your Mac when it is not actively doing a backup. (Malware can't spread to a hard drive that isn't attached to your Mac.) And, if you want extra security, rotate one or more backups and use them alternately. That way if you backup your Mac after it has already been infected by ransomware, you will likely recognize your mistake before your older backup is infected.


I would gladly pay the $6. to $8. a month the companies charge for their step-up (from their free version) for VPN service - but - do I really need that? A VPN should work the same and protect you no matter what you are paying for it. However, unless you are using your Macintosh in public places on public unsecured networks (e.g. a restaurant or other store you patronize), and you are doing sensitive work in those settings (e.g. accessing your bank), you probably don't need to use a VPN at all. See:
http://www.macworld.com/article/2944672/how-to-use-a-vpn-to-keep-your-network-data-safe.html

Ember1205
04-23-2016, 11:41 PM
...

3) At this moment, if you have fully updated software, there are no malware threats to the Macintosh that you have to be concerned about. (There have been such threats, but Apple, thankfully, updates OS X to block such threats.)

3) Anti-virus software won't protect you from not-yet created malware. AV software companies need a sample of existing malware in order to create a definition to add to their software to push out an update to allow your AV software to protect you from that threat. In other words, until there is a threat in the wild that is prevalent, and sufficiently malicious, and for some reason Apple chooses to ignore it and they don't patch OS X against it, anti-virus software isn't going to do much for you.

...

At this time, there is no reason for anyone to be paranoid about Malware for the Macintosh. That may change, but ill-informed folks have been saying that it will change "real soon now" for over a dozen years, since OS X was released. And they have been dead wrong. See:



While there may be no risk "now", that does not preclude one from coming into play in the future. And, if you have the Antivirus software on the machine, once a new malware product or virus is identified and is able to be blocked, that information can be downloaded directly into your antivirus software. Waiting until the first malicious hack against Mac OS X exists to install antivirus is the proverbial closing of the barn door after the animals get out.

Randy B. Singer
04-24-2016, 12:05 AM
Waiting until the first malicious hack against Mac OS X exists to install antivirus is the proverbial closing of the barn door after the animals get out.

Except that until that threat comes out, and your AV software is updated, you don't have any barn door to close. Meanwhile, Apple has, in the past, provided barn doors when necessary.

As for "waiting for the first malicious hack against Mac OS X"; it's been twelve years. When is it coming?

I have AV software installed myself. (Virus Barrier.) Not because I think that I need it (I don't), but because it would look bad to my clients not to have it. For 12 years it has protected me from...nothing.

If you don't mind the slowdowns and software conflicts caused by anti-virus software, and you don't mind paying for it, and it makes you feel good to have it, go for it.

McBie
04-24-2016, 01:52 PM
As you can see ... many interpretations and opinions on " security " . The good thing is that all these posts are " food for thought " !
Back to basics ....
1. Understand the vulnerabilities of your operating environment ( that is different than your operating system )
2. understand the threats that are out there ( that means you have to read up on things and understand that threats are 24 x 7 )
3. Determine your appetite to risk.
4. Understand that you are the weakest link.
5. Implement the controls you see fit.

All the rest is me and others talking about experiences and I ( and others ) do not have a crystal ball .... We only have trends..... things that happend in the past.
Also .... things that did not happen in the past are irrelevant.
And some of us are lucky to fight a daily battle in an attempt to protect the crown juwels of our employer. I am proud to be one of them.

Cheers ... McBie

Rod Sprague
04-25-2016, 12:41 AM
Taking a slightly different track on the security angle there is (for some people) another option. Many people do not realise that while using a popular browser eg Safari, Chrome or Firefox a lot of their off line data is available to trackers which do everything from market research to predicting what sites you may be searching for and recording your IP address. It means they can essentially read your browsing history (offline data). Obviously one can put in place addons like Ghostery and Adblock or use Private Browsing options within the browser but these all require time and effort. One alternative for the very lazy is Epic. A chromium based ultra private browser which has only recently come to my attention, full explanation here; https://www.epicbrowser.com/privacy/intro.html
This is a browser that is permanently in Private Browsing Mode. It retains no History, does not accept third party Cookies, Utilises a third party US based Proxy to hide your IP address preventing trackers from recording your search history, using search engines via it's proxy site.
However this does not mean you cannot have a bookmarks bar for quick access to your regular sites and a favourites page for regularly visited sites and save your passwords for sites that require a login. It does not work with many password managers with the exception of OnePass (I am told) and even then it requires some tweaking.
It does mean that almost all trackers are blocked, your IP address cannot be seen and you will see no ads or be vulnerable to adware on the sites you visit.
It does display some odd behaviour on some sites, for example I was unable to load the iCloud site until I turned off the proxy server, which is easy to do and there are easy ways to customise Epic's behaviour for any sites but generally I have had no problems with it.
I think that this "no frills" browser would be ideal for children or the elderly but we have to bear in mind the old argument. If all adware was blocked how would sites (like this) one fund thier presence online.
Personally I prefer to use Chrome or Opera with Ghostery and Adblock enabled for some (but not all) sites. For those sites I actively support (like this one) and others where I actually want to see the ads I am happy to make an exception.

chscag
04-25-2016, 12:59 AM
I tried Epic for a while yesterday after reading about it in a thread by Randy Singer. Didn't like it and removed it. It's not for everyone.....

Rod Sprague
04-25-2016, 04:27 AM
Ah yes, thanks Randy, I couldn't remember where I had read about it. Yes, certainly not for everybody including me but an interesting approach to personal security. I can't remember the last time I used "Incognito" or any "Private Browsing" function but Epic's no fuss setup may cater to somebody's needs to a tee.

pm-r
04-25-2016, 01:19 PM
Maybe I missed it but I don't recall seeing any mention or suggestion of using Little Snitch for browsing or any network protection and it's been around for ages and still works well:
https://www.obdev.at/products/littlesnitch/download.html

http://www.macupdate.com/app/mac/10426/little-snitch

Just a thought… ;)






- Patrick
======

McBie
04-25-2016, 01:29 PM
Little Snitch can be a valuable part of your defence.
It is one way to discover wether your PC is compromised and if any services are " calling home " as part of a command and control environment.
Mind you, before you get the most out of LittleSnitch, you need to have a proper baseline of your system .... ie.. what is normal behaviour and what is not.

Cheers ... McBie

chscag
04-25-2016, 09:32 PM
Maybe I missed it but I don't recall seeing any mention or suggestion of using Little Snitch for browsing or any network protection and it's been around for ages and still works well:

It used to work just as well when it was free, but at $36.90 for a license now.... no thanks. :Angry:

Rod Sprague
04-25-2016, 09:51 PM
I have to assume that Little Snitch has evolved a little since 20 years ago when my son and I used to have competitions to see who could pirate certain software. It was very handy for stopping software from "phoning home" thus rendering unregistered apps useless. Of course we don't do that any more.;D But I recall it took quite a bit of setting up. I would be interested to see what the UI looks like today. For $36.90 it must be quite evolved from the old free Mac version I remember.

Randy B. Singer
04-25-2016, 11:07 PM
Folks might be interested to know that this browser:

Opera (free)
http://www.opera.com/

has just added a free, unlimited, VPN service. Opera also includes ad-block capabilities. (It's really just window dressing, but I like the fact that there are a bunch of free themes available for Opera, so you can make it look the way that you like.)

http://thenextweb.com/apps/2016/04/21/operas-browser-comes-free-vpn-service-baked-right/

Rod Sprague
04-25-2016, 11:12 PM
Here is an interesting exercise. On the bottom right corner of the Epic Browser window is a "See whos tracking you in other browsers" button.
I clicked that and I'm given the oppertunity to choose Chrome, Firefox or Safari. I Safari. This is the result;
We found 48 companies storing data in Safari and tracking at least part of your browsing.
We found 9 data collectors in Safari tracking, saving and often selling your browsing.
Here is a list of the trackers we found (data collectors, ad networks, widgets & others):
I also tried the same check with Safari and got a total of 144 companies storing data in Chrome and tracking at least part of my browsing.
So I went to Chrome Preferences > History and cleared everything from the beginning of time and performed the test again.
This time I got this result;
We found 10 companies storing data in Chrome and tracking at least part of your browsing.
We found 8 data collectors in Chrome tracking, saving and often selling your browsing.
Here is a list of the trackers we found (data collectors, ad networks, widgets & others):
AppNexus DoubleClick DataPoint Media Eloqua
Google LinkedIn Datalogix RapLeaf
Now the really interesting part of this is after clearing all of my browser data I changed my Ghostery settings to block everything (Select All) and initially there was only one Tracker (Google) but as you can see now there are Ten. Ghostery is telling me that all trackers are blocked? So what can I conclude from that?

Rod Sprague
04-26-2016, 12:10 AM
My assumption was that after clearing my history and browsing data and setting Ghostery to "block all" (no whitelisted sites) the only tracker remaining would be Google. So I opened this page in Epic and here I am, Epic tells me it's blocking eight trackers, oops, correction, now it's eleven.
So unless there is some flaw in my reasoning I can only conclude that Ghostery does not block everything, despite it's maximum setting. Perhapes I should not expect it to so I also turned on Adblock and that blocked a further seven trackers. And Epic now says;
We found 8 data collectors in Chrome tracking, saving and often selling your browsing.
Epic does seem to be reflecting the changes I make so it's hard to beleive it's not pretty accurate.
I did not intend to swap to Epic as my default browser but I'm beginning to wonder if it's not such a bad idea. I will still use Chrome, tinker with the Ghostery settings and whitelist the sites I want in both Ghostery and Adblock but unless I need the many features of Chrome for a specific purpose using Epic for email links might just be a good idea.