12-13-2008, 12:22 PM
Over the last couple of weeks there have been a couple of posts on antivirus for OS X and the conversations almost always ended up with " you are either for AV or against AV " on your Mac.
But I felt something was missing from the conversations.
In this thought-provoking post I would like to approach the issue of " malicious code " ( Not just virusses ) from another angle, ..... Risk Management.
Every OS and application has vulnerabilities ( flaws in the code ) that can be exploited by threats, threats that are present 24x7.
And it doesn't matter if you use your computer for school, in a business context, or as a pass-time on the internet.
What is the likelihood of a Mac OS vulnerability being exploited by a threat ?
You are right in saying that the number of remote threats for OS X is lower compared to other OS's, but they do exist.
Without proper protection, you need to be lucky all the time and the bad guys need to be lucky only once.
In other words, you need to close all identified vulnerabilities while they need to exploit only one.
For the sake of clarity, I will not talk about exploiting vulnerabilities when you can lay your hands on the keyboard.
Things that did ( not ) happen in the past, are no indication for the future. If you have been using computers
for some time and never experienced any impact from malicious code, was that because you were protected or have you just been lucky ?
Protection is a combination of human behavior and technical controls like AV, Firewalls, Patch Management, ... where the golden rule is
that " it is more about people and their behavior than it is about machines and their settiings ".
Consider this ...
1) What is the value that you are trying to protect ?
This is not only the economic value of your computer, but more the information stored on it.
If your Mac is a component in a revenue generating process, what would be the impact if you would be
without your Mac for the duration of the repair ( ie. get the malicious code removed )
If you use your Mac at school/university to deliver projects, then consider that part of your ( future )
2) Do you need to run your Mac with admin privileges ?
Privately owned computers are frequently run with admin privileges because it is convenient, not because you have to.
Admin equals power .... right
3) If your Mac were compromised ... how would you know ?
Most of the malicious behavior is not visible on the screen ...
If you do not actively search for malicious code on your computer how can you contain & limit the damage.
What if you do not detect malicious code and you are happily making ( infected ) backups.
4) If your Mac were compromised, and used as an in-between to cause harm to other computers, do you care ?
Even if the malicious code can not harm your Mac, would you pass on malicious code to your friends ... would you ?
In some countries, there is a legal obligation of " Due Care ", even on the usage of the Internet.
5) If you were to loose all your data, or your data got modified and became unusable, .... can you recover ?
Do you have reliable & clean backups on external media that allow you to recover, even more important,
can you restore your Mac OS to a clean state.
6) What is the definition of a " trusted web site " on the internet ?
Let me put this in another way ..... When you connect online to your bank, the bank will identify you
using 2 factor authentication ( something you have and something you know )
So the bank will know who you are, but how do you know you are talking to your bank before you
type in your credentials
7) What is your human behavior on the internet and on data/application exchange in general ?
On the internet, if something looks to good to be true, it probably is.
If you looked at all this and decided to " not give a sh*t ", then that is perfectly fine,
but people who do not assess risks to their computers are bound to get in trouble. It is not a matter of " If " it is a matter of " when ".
If you do care, then consider the following:
your level of risk
In other words, how much time and money are you willing to invest to get back up and running in a clean state.
Also known as " The Pain Threshold "
b) Decide how
you want to respond
to those risks knowing there is no " one size fits all " approach.
Accepting risks is fine as long as you understand and accept the impact as well.
c) Decide on how to prevent / reduce
the potential impact
This has to be appropriate to the level of risk you accepted in point a.
It is always great to see how a headline in the news focusses the mind .... do you want to be ( part of ) that headline ?
So far, inteligence shows that the number of threats to a Mac is low, but what if it does happen to you.
Are you going to be surprised and say " I thought this could never happen " or did you consider the risks upfront and got prepared.
This is what I do on my Mac technically :
- Have reliable external backups of both the OS and data, that I can restore quickly ( Time Machine & SuperDuper )
- Keep up to speed with internet based threats, there are some great intelligence web-sites out there
- I run AV occasionaly ( not permanently ) and before I take a full backup of my HD using SuperDuper
- Mac OS firewall is switched on
- I run OS X without admin privileges for my day to day work.
- When there are updates for the OS and the applications, I apply them weekly, after taking a full backup
- I use standard OS X functionality to the fullest and only download applications when I can increase my efficiency in doing my job.
Oh, and I do trust applications for which I need to pay better that the free stuff....
Let me end by quoting someone
"In any business, there is always a balance between competitiveness and the level of risk. Problem is that cybercrime does not follow the same rules. "
Before you hit the " reply " button, take a step back and think about all this for 5 minutes.
This is not rocket science, it's common sense.
It is not my intention to scare anyone and by all means DO ENJOY your Mac
, because she is worth every penny.
( I switched last April 2008 )
Human behavior, that is what makes the difference, not only in the land of computers.
Cheers ... McBie
P.S. Happy to answer any E-mail on the subject as well.