Eclectic Memes

There are currently few exploits for OS X in the wild (oh yes, there are a few, so let’s not be complacent). There are several reasons for this; primarily, the market share of OS X in the operating system market is small enough that it is less likely to be attacked (why go for 5% of a market when you can aim at 90%); second, although OS X has vulnerabilities its core architecture is less prone to attack than certain other OSes out there; third, OS X users are less likely to go in search of hacked software (one of the major malware gateways); finally, OS X users are smarter and better looking than users of other OSes. Okay, I made that last one up.

So, there are fewer exploits for OS X, what’s all this vampire stuff? It is said that a vampire can only enter a private residence if invited in, and the same applies for the vast majority of OS X exploits. Almost all exploits on OS X require you (the user) to install them. You have to take a deliberate actions such as opening an e-mail attachment, running software containing malware (again, ‘patches’ claiming to circumvent licenses are a prime source of these), visiting suspect websites (links in e-mail are a prime source of links to iffy websites and should NEVER be clicked unless you know the sender – double check the real sender and reply address, never trust the display name – and recognise the actual link address – NEVER trust the link text).

Protecting your OS X machine is more about not inviting the vampire in than garlanding your environment with garlic:

1. I do not run ant-virus software (this is the equivalent of garlic, it may be effective but it stinks up the place and is only effective at close range, i.e. the vampire has already made it through the door). Anti-virus software is a massive overhead and, in most cases on OS X, provides a false sense of security and most of it has a history of creating as many problems as it solves. This is not to say I will never run anti-virus software in the future. When the threat outweighs the cost I’ll be first in line.
   I guess a case can be made that running anti-virus software helps out by catching viruses in files and attachments that might infect other OSes if we pass them on, so we would be good citizens by helping stop their spread. But this is like punishing yourself for someone else’s mistake. Having chosen a secure environment I should make it less secure and slower just so I can protect those who chose a less secure option in the first place? Where’s the sense in that?
2. I always use a firewall to block all incoming connections (except those I specifically allow for periods when I need them).
   1. Use Shields Up to check your system for open ports through which naughty people might attack.
   2. Make sure that you are not sharing any services unnecessarily. (Open System Preferences… → Sharing and make sure nothing is selected that you do not mean to be sharing, most especially things like Remote Login or Remote Management should be OFF for most people. I leave everything OFF by default and only turn on sharing when I actually need it, turning it off again as soon as I’m finished. I do this because I’m often roaming and using WiFi connections. Any time your WiFi is on you’re potentially vulnerable, so playing safe is sensible.
3. I use LittleSnitch to control all out-going traffic. This is a great little program. It’s irritating at first, but once you’ve used it for a while it is an invaluable tool in ensuring you’re aware of all the software that’s trying to connect from your machine to the outside world.
4. Leave Bluetooth and WiFi off unless actually using them. (Saves the battery too if your not plugged in.)
5. Make sure any WiFi connection is encrypted and password protected. This is especially true when using an ad hoc computer-computer network — always set a password when creating an ad hoc network!
6. Keep software up to date.
   I always install updates for any application as soon as possible, but especially security updates for OS X. It is very, very rare that this policy causes more trouble than it’s worth.
7. Never open attached files in e-mail unless certain of the source.
8. Isolate suspected Spam in the mail tool’s junk/spam folder. If possible, only review sender and titles (do not open junk mail at all, even in a preview), move any messages that are accidentally junked back into the inbox and add the sender to my address book so it is no longer junked.
9. Do not allow previews of e-mail messages to display images unless you explicitly permit it. Alternatively, view all your messages in text only previews.
   This one is more of a privacy concern (although some image handling exploits have been known). Spammers commonly use embedded images (linked back to their site) to confirm ‘live’ e-mail addresses. as soon as you open the preview your e-mail system effectively announces it’s presence by visiting the spammers site to fetch the image. Turn off images in preview and selectively turn them on for addresses you know to be safe.
10. Do not click links in e-mail unless 100% certain of both the source of the e-mail and the link.
11. When receiving unsolicited e-mail about billing or account problems from an apparently legitimate source (especially your bank!), DO NOT click the provided link. Log in to your account on the supplier’s web site manually and check your account from there. If you cannot verify the account this way, use their support, billing, or sales contact on their website and ask if the e-mail is legitimate before following any link — caution is the better part of valour.

No system is perfect and mistakes inevitably get made, but using these common sense precautions I’ve survived online pretty well problem free since before the WWW started. Sooner or later I do not doubt I’ll have a problem, it would be unreasonable to expect to spend so much time online without a problem.

Being online a lot and expected to stay problem free is a little like running back and forth across a busy highway and expecting to avoid being hit. No matter how carefully you think you are checking the road on each run, sooner or later your attention will waver, or someone will approach in a stealth car, and you’ll get hit. The best we can do is be as careful as possible (or stop using the internet/running across the highway).