Monday, June 25, 2012

Apple Removes Claims of "Macs being immune to viruses"


I originally bought a Mac computer based on a perception of better performance.   One of the side benefits was that OSX, the operating system behind Apple's computers, allows any virus or malware to be easily identified and removed.  As an old hand with Unix and Linux, I am more than familiar with the commands to identify any processes running on a system.  For the general public however, many simply believed that Apple computers did not get hit with viruses.  As someone who wrote malware as an experiment in high school, I can tell you this is simply not true.   Any system is prone to attack.  The Mac systems have historically been much less of a target though and relatively safe, even in the hands of newbies.  If you're running any *nix based system, grabbing a terminal and typing in "top" gives you the table or processes.  Processes cannot hide from SUDO.




Today Apple admitted this reality.  They quietly switched out a statement that claimed OSX based computers from Apple are immune to viruses with a less-forward statement: 'It's built to be safein the aftermath of the Flashback Trojan.    The Flashback Trojan (not related to Adobe Flash) infected hundreds of thousands of Macs earlier this year. 


So what can you do to protect yourself?  One tip is to set up a new user account that is not an administrator level account and use that.  The limited account will not have sufficient privileges to install the malware and you will be summoned to switch to a more privileged user to install any new packages.  UNIX was designed around these principals and it fosters awareness.


If you are not updating your software, you might also be exposing yourself to vectors for attack.  Be careful with this however as Apple also has made some upgrades that will create instability with other software such as it's own Final Cut Pro of which older versions do not run well with 10.7 OSX.


Be aware.  Apple computers are popular, which make them a target.  If you really want to be on the cutting edge, try using a VMWare image of Ubuntu and doing most of your business in that environment.  A VMWare image is sandboxed and cannot affect it's host.