Lets be clear: if you have a computer, security is an issue. I could go further and say that if you are alive security is an issue, but lets stay out of any such lofty philosophical attempts.
Instead, let me explain – I say this because one of the most common questions, and one of the most temperature raising debates in geek gatherings, is the good old: Do Macs get viruses? (One could say: ‘Do Macs get virii?’ but while sounding cool they would also be wrong.) Laying aside the literal answer for the moment (no) allow me to point out that what’s really being asked there is: Is my Mac secure?
Hence the first sentence of this piece.
So how secure is your Mac, really? If you were to compare it to a house in a neighborhood, Mac OS X would be a rural farming community, Windows 7 a high-rise apartment, iOS a gated community with barbed wire, and Windows XP war-torn Bosnia. Sure, the apartment building has some really great security at the end of the day, but that’s because the threats are just that much greater; folks who live in rural areas often don’t even bother locking their houses when they leave because there hasn’t been an incident in 50 years.
And there’s the catch: just because there hasn’t been an incident doesn’t mean there couldn’t be one. Now, I’m not saying that you should run out and stock up on some Norton Antivirus and Barracuda Firewall anymore than you would tell Farmer Bob to put bars on his windows and 24/7 video surveillance on the hay barn. But there are a variety of excellent tools at your disposal to make sure that you stay safe as you use your Mac.
The one that gets overlooked the most, I believe, and the most important, is
CONTEXT
Not to drive the analogy too deep into the ground, but lets go back to that sleepy rural farming community again. Lets say, just suppose, Farmer Bob were walking down the street to the General Store, and a man in a business suit stopped him and asked him to pay his $300 phone bill immediately. As respectable as the man might look (a suit!) and as official as he might sound (alarmingly), Farmer Bob would almost certainly be curious about why the phone bill, which up until now had arrived and lay unopened on his kitchen counter every month, was now being collected in broad daylight in the middle of the street. This would lead to questions, which would doubtless lead to locking up the man in the suit for fraud, and then to a pretty rockin’ story at the local bar. A happy ending for all.
Now consider your Macintosh browsing experience. You’re cruising along, surfing half-off deals on tickets to Borneo, when all of a sudden BAM your computer says you have a VIRUS and BOOM it’s SCANNING and WHAM it’s DOWNLOADING and SHAZAM it’s asking for permission to install SOFTWARE THAT WILL FIX EVERYTHING.
When was the last time your Mac behaved this way? I’d hazard a guess the answer is ‘never’. Sure, there are times when the Mac asks to install things, but the context is completely different – it calls them updates, they are unobtrusive, they require your password, you’ve seen them since the day you got your computer, etc. Why would it have suddenly changed now?
The reason is, of course, that people are worried that the message might be true, and ultimately, many users have a somewhat mystic relationship with their technology. If the message is gentle enough, and they are given the option, they just prefer to cancel out. If it’s strident enough, and explicit instructions are given, then most users will simply follow instructions without asking questions.
The take away from that is to pay attention to when and why your computer is asking you things. Why would your browser suddenly be scanning your computer? Why would a program be trying to install itself when you hadn’t made a decision to install a program? Ultimately, it boils down to this: unless you have, beforehand, made the express choice of finding a piece of software and choosing to install it, be very suspicious of anything that is offering itself up out of the blue. If in doubt, cancel out.
Context is ultimately the hardest one of all, because it involves approaching the computer not as a mysterious being to wrestle with, but as a tool that you can understand and control. The reward is that it is by far the strongest tool in your security arsenal.
1) If you don’t know what is installing, don’t allow it.
2) If you don’t know why you are being asked for your password, don’t give it – this will automatically prevent most major security violations.
OS X requires an administrator password for any changes you are going to make to the computer as a whole. While malicious software can get away with trying to attack only your user files, and that is damaging enough, you will prevent a great many problems by being judicious with how you hand out your password. When in doubt, refer to rule number 1.
3) Ask yourself questions, examine the entire screen for clues.
That last one is also key – so much of my work involves simply sitting and examining the screen; OS X goes out of its way to provide visual cues on everything that is going on. While they are intentionally subtle, many common problems can be avoided by taking the time to examine the entirety of your screen, rather than just the dialogue box.
This is all a great deal more work than buying a piece of anti-virus software, installing it, and feeling secure. The unfortunate thing is that even with anti-virus installed, it is absolutely no security against scams and cleverly engineered software that won’t necessarily be flagged by your security software. Your security needs to start with being context aware, rather than relying on a system that isn’t intelligent; otherwise the answer to ‘Am I secure?’ is ‘No’.