For years Mac users have had a false sense of security. They believed that their system could not be infected by malicious software, so much so that Apple even used it as a selling point for some time. To a degree, it was true.
Macs were largely secure through obscurity; that is, Macs had such low market penetration that malicious programs were rarely coded. But now, Apple is one of the largest computer manufacturers in the world, making security through obscurity impossible.
Recent reports by Russian security firm Dr. Web revealed that about 600,000 Macs worldwide are infected with a trojan virus called Flashback that adds infected systems to a botnet.
A botnet is a system of compromised Internet connected computers that allows the botmaster to exploit machines for a various purposes: like spam, denial of service attacks and clickfraud.
This is not intended to single out Apple in any way. All software is vulnerable to attack, and Apple is just a new target. The only reason this news is being blown out of proportion is because Apple was so arrogant about the security of their systems; at one time the firewall was off by default, completely ignoring basic security practices.
But all operating systems fall under attack when they have high market penetration. Google’s Android operating system has seen its fair share of malicious software and that is running mostly on phones. Microsoft has been under attack for years.
The good news is that it is not very difficult to protect yourself from malicious software, though it is a constant battle.
First, always keep your software up to date. It is a pain sometimes, especially since some programs like iTunes seem to like 90 MB update patches, but a lot of time those patches are security related.
Secondly, don’t click on strange links, and I don’t mean just the ones from Nigerian princes. If you get a strange e-mail from your bank or credit card company, don’t click on the link. Instead, go to the website yourself or call the company before logging in. While you’re at it make, sure the URL starts with https.
Let’s not forget about the “This video is hilarious” or “I can’t believe you did this” posts. If it doesn’t sound like the person who posted it, don’t follow the link.
The same goes for attachments and ads that appear too good to be true.
But let’s not forget the obvious. Run some sort of anti-virus program (there are quite a few good ones for free), scan downloads and attachments before opening.
It probably wouldn’t be a bad idea to disable Java either, you probably won’t even miss it.
For those worried about Flashback, Apple released a Flashback removal tool that can be found at http://support.apple.com/kb/DL1517 (if you don’t trust this link you can also find it at Apple’s support website).