Very basic security questions - Help!

[Ember1205]

Limiting activities to only "people you know" doesn't eliminate the risk. I get emails fairly regularly that appear to be from people that are in my address book but they are clearly SPAM / phishing / malware / something "bad". If someone that I know gets their email hacked, my contact info is now available to be used as a target. So, even with people you know, you still have to be smart.

While I agree with Randy that there have been little to no efforts put successfully into writing malware for the Mac and targeting the Mac OS X platform, I do not hold the same view of not taking steps to protect yourself until after someone else (or you) DOES get hacked. I'm comfortable running my own personal MacBook Air without antivirus because I know how to stay away from dangerous sites and such. The family iMac, however, is a different story. The other users of the machine are NOT as well-versed as I am, and one has even been bitten badly a few times before on Windows. So, I will run the firewall and antivirus on the iMac because it's prudent.

 

[Randy B. Singer]

So, even with people you know, you still have to be smart.

Yes, being smart is a good idea.

So, I will run the firewall and antivirus on the iMac because it's prudent.

Except for the fact that:

1) There is already anti-virus software built into OS X:

XProtect/File Quarantine
http://en.wikipedia.org/wiki/Xprotect
https://support.apple.com/en-us/HT201940

2) Fully interactive anti-virus software tends to cause nasty software conflicts and slowdowns. In fact, just about all of the reports that I hear from folks who think that they have been infected by malware turn out to be caused by their own third-party anti-virus software. Many users go so far as to say that anti-virus software for the Mac causes far more problems than malware does.

3) At this moment, if you have fully updated software, there are no malware threats to the Macintosh that you have to be concerned about. (There have been such threats, but Apple, thankfully, updates OS X to block such threats.)

3) Anti-virus software won't protect you from not-yet created malware. AV software companies need a sample of existing malware in order to create a definition to add to their software to push out an update to allow your AV software to protect you from that threat. In other words, until there is a threat in the wild that is prevalent, and sufficiently malicious, and for some reason Apple chooses to ignore it and they don't patch OS X against it, anti-virus software isn't going to do much for you.

This has come up many times here on Mac-Fourms before. I guess that we need a FAQ (frequently asked questions) section so that the same things don't need to be explained over and over.

At this time, there is no reason for anyone to be paranoid about Malware for the Macintosh. That may change, but ill-informed folks have been saying that it will change "real soon now" for over a dozen years, since OS X was released. And they have been dead wrong. See:

Broken Windows
http://daringfireball.net/2004/06/broken_windows

So Witty (followup to Broken Windows)
http://daringfireball.net/2004/06/so_witty

 

[pm-r]

Interesting thread and subject that's now into 40+ replies considering they are are all a result to a "simple" post request — Very basic security questions - Help!

 

[Randy B. Singer]

Interesting thread and subject that's now into 40+ replies considering they are are all a result to a "simple" post request — Very basic security questions - Help!

There is a lot of misinformation going around. Partially because some folks are used to Windows, partially because some folks simply tend to be paranoid. We've had a couple of long threads about security here before. But new users tend not to go into the archives and read them.

 

[Randy B. Singer]

So, going back and trying to answer the original poster's questions...

Oh yeah, I have the Apple Time Machine regularly backing up my whole hard drive. If, unlikely as it is, a hacker encrypted my computer hard drive would the copy of my hard drive on my Time Machine also be encrypted?

In the past I would have said "no". However, the latest ransomware makes an attempt to encrypt your attached Time Machine backup as well. See:
http://researchcenter.paloaltonetwo...ted-transmission-bittorrent-client-installer/
Note that this ransomware, KeRanger, no longer exists in the wild, and there are currently no other examples of true ransomware in the wild for OS X.

So, the best way to survive a ransomware attack is by having a meticulously updated backup, but ransomware may be going after backups as well. How do you deal with this? It's actually quite simple. Don't leave your backup attached to your Mac when it is not actively doing a backup. (Malware can't spread to a hard drive that isn't attached to your Mac.) And, if you want extra security, rotate one or more backups and use them alternately. That way if you backup your Mac after it has already been infected by ransomware, you will likely recognize your mistake before your older backup is infected.

I would gladly pay the $6. to $8. a month the companies charge for their step-up (from their free version) for VPN service - but - do I really need that?

A VPN should work the same and protect you no matter what you are paying for it. However, unless you are using your Macintosh in public places on public unsecured networks (e.g. a restaurant or other store you patronize), and you are doing sensitive work in those settings (e.g. accessing your bank), you probably don't need to use a VPN at all. See:
http://www.macworld.com/article/2944672/how-to-use-a-vpn-to-keep-your-network-data-safe.html

 

[Ember1205]

...

3) At this moment, if you have fully updated software, there are no malware threats to the Macintosh that you have to be concerned about. (There have been such threats, but Apple, thankfully, updates OS X to block such threats.)

3) Anti-virus software won't protect you from not-yet created malware. AV software companies need a sample of existing malware in order to create a definition to add to their software to push out an update to allow your AV software to protect you from that threat. In other words, until there is a threat in the wild that is prevalent, and sufficiently malicious, and for some reason Apple chooses to ignore it and they don't patch OS X against it, anti-virus software isn't going to do much for you.

...

At this time, there is no reason for anyone to be paranoid about Malware for the Macintosh. That may change, but ill-informed folks have been saying that it will change "real soon now" for over a dozen years, since OS X was released. And they have been dead wrong. See:

While there may be no risk "now", that does not preclude one from coming into play in the future. And, if you have the Antivirus software on the machine, once a new malware product or virus is identified and is able to be blocked, that information can be downloaded directly into your antivirus software. Waiting until the first malicious hack against Mac OS X exists to install antivirus is the proverbial closing of the barn door after the animals get out.

 

[Randy B. Singer]

Waiting until the first malicious hack against Mac OS X exists to install antivirus is the proverbial closing of the barn door after the animals get out.

Except that until that threat comes out, and your AV software is updated, you don't have any barn door to close. Meanwhile, Apple has, in the past, provided barn doors when necessary.

As for "waiting for the first malicious hack against Mac OS X"; it's been twelve years. When is it coming?

I have AV software installed myself. (Virus Barrier.) Not because I think that I need it (I don't), but because it would look bad to my clients not to have it. For 12 years it has protected me from...nothing.

If you don't mind the slowdowns and software conflicts caused by anti-virus software, and you don't mind paying for it, and it makes you feel good to have it, go for it.

 

[McBie]

As you can see ... many interpretations and opinions on " security " . The good thing is that all these posts are " food for thought " !
Back to basics ....
1. Understand the vulnerabilities of your operating environment ( that is different than your operating system )
2. understand the threats that are out there ( that means you have to read up on things and understand that threats are 24 x 7 )
3. Determine your appetite to risk.
4. Understand that you are the weakest link.
5. Implement the controls you see fit.

All the rest is me and others talking about experiences and I ( and others ) do not have a crystal ball .... We only have trends..... things that happend in the past.
Also .... things that did not happen in the past are irrelevant.
And some of us are lucky to fight a daily battle in an attempt to protect the crown juwels of our employer. I am proud to be one of them.

Cheers ... McBie

 

[Rod]

Taking a slightly different track on the security angle there is (for some people) another option. Many people do not realise that while using a popular browser eg Safari, Chrome or Firefox a lot of their off line data is available to trackers which do everything from market research to predicting what sites you may be searching for and recording your IP address. It means they can essentially read your browsing history (offline data). Obviously one can put in place addons like Ghostery and Adblock or use Private Browsing options within the browser but these all require time and effort. One alternative for the very lazy is Epic. A chromium based ultra private browser which has only recently come to my attention, full explanation here; https://www.epicbrowser.com/privacy/intro.html
This is a browser that is permanently in Private Browsing Mode. It retains no History, does not accept third party Cookies, Utilises a third party US based Proxy to hide your IP address preventing trackers from recording your search history, using search engines via it's proxy site.
However this does not mean you cannot have a bookmarks bar for quick access to your regular sites and a favourites page for regularly visited sites and save your passwords for sites that require a login. It does not work with many password managers with the exception of OnePass (I am told) and even then it requires some tweaking.
It does mean that almost all trackers are blocked, your IP address cannot be seen and you will see no ads or be vulnerable to adware on the sites you visit.
It does display some odd behaviour on some sites, for example I was unable to load the iCloud site until I turned off the proxy server, which is easy to do and there are easy ways to customise Epic's behaviour for any sites but generally I have had no problems with it.
I think that this "no frills" browser would be ideal for children or the elderly but we have to bear in mind the old argument. If all adware was blocked how would sites (like this) one fund thier presence online.
Personally I prefer to use Chrome or Opera with Ghostery and Adblock enabled for some (but not all) sites. For those sites I actively support (like this one) and others where I actually want to see the ads I am happy to make an exception.

 

[chscag]

I tried Epic for a while yesterday after reading about it in a thread by Randy Singer. Didn't like it and removed it. It's not for everyone.....

 

[Rod]

Ah yes, thanks Randy, I couldn't remember where I had read about it. Yes, certainly not for everybody including me but an interesting approach to personal security. I can't remember the last time I used "Incognito" or any "Private Browsing" function but Epic's no fuss setup may cater to somebody's needs to a tee.

 

[pm-r]

Maybe I missed it but I don't recall seeing any mention or suggestion of using Little Snitch for browsing or any network protection and it's been around for ages and still works well:
https://www.obdev.at/products/littlesnitch/download.html

http://www.macupdate.com/app/mac/10426/little-snitch

Just a thought…






- Patrick
======

 

[McBie]

Little Snitch can be a valuable part of your defence.
It is one way to discover wether your PC is compromised and if any services are " calling home " as part of a command and control environment.
Mind you, before you get the most out of LittleSnitch, you need to have a proper baseline of your system .... ie.. what is normal behaviour and what is not.

Cheers ... McBie

 

[chscag]

Maybe I missed it but I don't recall seeing any mention or suggestion of using Little Snitch for browsing or any network protection and it's been around for ages and still works well:

It used to work just as well when it was free, but at $36.90 for a license now.... no thanks.

 

[Rod]

I have to assume that Little Snitch has evolved a little since 20 years ago when my son and I used to have competitions to see who could pirate certain software. It was very handy for stopping software from "phoning home" thus rendering unregistered apps useless. Of course we don't do that any more.;D But I recall it took quite a bit of setting up. I would be interested to see what the UI looks like today. For $36.90 it must be quite evolved from the old free Mac version I remember.

 

[Randy B. Singer]

Folks might be interested to know that this browser:

Opera (free)
http://www.opera.com/

has just added a free, unlimited, VPN service. Opera also includes ad-block capabilities. (It's really just window dressing, but I like the fact that there are a bunch of free themes available for Opera, so you can make it look the way that you like.)

http://thenextweb.com/apps/2016/04/21/operas-browser-comes-free-vpn-service-baked-right/

 

[Rod]

Here is an interesting exercise. On the bottom right corner of the Epic Browser window is a "See whos tracking you in other browsers" button.
I clicked that and I'm given the oppertunity to choose Chrome, Firefox or Safari. I Safari. This is the result;
We found 48 companies storing data in Safari and tracking at least part of your browsing.
We found 9 data collectors in Safari tracking, saving and often selling your browsing.
Here is a list of the trackers we found (data collectors, ad networks, widgets & others):
I also tried the same check with Safari and got a total of 144 companies storing data in Chrome and tracking at least part of my browsing.
So I went to Chrome Preferences > History and cleared everything from the beginning of time and performed the test again.
This time I got this result;
We found 10 companies storing data in Chrome and tracking at least part of your browsing.
We found 8 data collectors in Chrome tracking, saving and often selling your browsing.
Here is a list of the trackers we found (data collectors, ad networks, widgets & others):
AppNexus DoubleClick DataPoint Media Eloqua
Google LinkedIn Datalogix RapLeaf
Now the really interesting part of this is after clearing all of my browser data I changed my Ghostery settings to block everything (Select All) and initially there was only one Tracker (Google) but as you can see now there are Ten. Ghostery is telling me that all trackers are blocked? So what can I conclude from that?

 

[Rod]

My assumption was that after clearing my history and browsing data and setting Ghostery to "block all" (no whitelisted sites) the only tracker remaining would be Google. So I opened this page in Epic and here I am, Epic tells me it's blocking eight trackers, oops, correction, now it's eleven.
So unless there is some flaw in my reasoning I can only conclude that Ghostery does not block everything, despite it's maximum setting. Perhapes I should not expect it to so I also turned on Adblock and that blocked a further seven trackers. And Epic now says;
We found 8 data collectors in Chrome tracking, saving and often selling your browsing.
Epic does seem to be reflecting the changes I make so it's hard to beleive it's not pretty accurate.
I did not intend to swap to Epic as my default browser but I'm beginning to wonder if it's not such a bad idea. I will still use Chrome, tinker with the Ghostery settings and whitelist the sites I want in both Ghostery and Adblock but unless I need the many features of Chrome for a specific purpose using Epic for email links might just be a good idea.