You should also look at less-conventional methods of protection. Little Snitch ($29.95 from obdev.at/products/littlesnitch/index. html) will watch for software making outbound connections. These are normally hard to handle in your firewall settings, as they could become a serious obstruction to your normal internet use. Little Snitch traps these exceptionally well and could alert you if a Trojan installed on your Mac tried to contact its controller, for instance.
However, this is very late in the day
and your efforts should be focused on
preventing the Trojan from getting
near your Mac in the first place.
Spot
the scam – Mailsmith opens
this HTML scam mail purporting to be from
Apple in plain text form, with full internet headers revealed
Powerful protection can also be so restrictive that you’re driven to subversion. In the days of Classic Mac OS, some widely used commercial virus protection behaved so painfully whenever you inserted a floppy disk that most users had to disable it before doing so;
many then left it disabled afterwards. This was doubly dangerous, as they were left without the protection
that they assumed was in place, and
if they engaged in risk compensation
on the assumption that their virus protection would save them, they were easy victims.
There are no instant answers to securing your Mac and iOS devices from attack. However, whatever you decide to do, you must be honest to yourself about the risks that you run, and how you can best avert them. Never underestimate the importance of the human element, as it’s that which is most readily exploited.
Defensive mail
Malicious Mail
can either put something nasty in your mailbox, delivering the malware straight
to you, or lure you to connect to a malicious site or send details that can be
exploited. Either way, you must collect and read it in a modern client with a
sound first level of protection. Old clients have flaws in them that could
expose you to risk when receiving or reading mail.
Get in training – Spam filters such as SpamSieve take the effort out
of sorting your incoming mail. Take the trouble to train them for efficiency
Although
aesthetically pleasing to view RTF and HTML messages fully formatted, and with
images displayed in place, this increases risk. Some mail clients, such as
Mailsmith (free from mailsmith.org) can’t themselves display anything beyond
plain text; they strip text embedded within other formats, allowing you to
screen the mail before you choose to view it. This also helps you sort through
your mail very quickly, without having to wade through prettified content.
Sorting mail
automatically into wanted and unwanted (spam and scam) mailboxes is even more
useful, but not a perfect science. The best spam filters don’t destroy or
bounce spam and must be trained by sorting received mail manually. This
training is essential to achieving good accuracy and you shouldn’t simply
delete spam that isn’t correctly identified as such. The better filters, such
as SpamSieve (c-command.com/spamsieve), work across several different mail
clients, and, following training, can achieve 99% accuracy.
Learning to
understand mail internet headers also takes time, but has worthwhile rewards.
Look at those in typical genuine messages (including benign and wanted bulk
mail) and those in obviously malicious mail. You’ll see that some elements are
easily forged, but tracing the series of servers through which the message has
passed is usually the best way to discover that they first appeared in a system
that has nothing to do with their claimed origin.
Wise browsing
There are
three key elements to
enjoying the riches of the internet without fear of attack. You need to
configure your browser appropriately for the sites you might encounter, assess
the risk of every click and handle downloads wisely.
Risk assessment – Browser settings shouldn’t be set once and left
alone. Adjust them as you need to match the risks posed by sites and content
Browsers have
security settings that shouldn’t be left at their defaults. The most dangerous
option is to open downloaded files automatically, which you should never do. In
ordinary use, you’ll almost certainly need to accept cookies, enable Java and
JavaScript, and popups. However, when you think you could be entering
higher-risk sites, such as those in Eastern Europe, Asia and the Far East,
tighten up your settings, possibly turning those off for the time being.
Changing settings on the fly is unusual, but an excellent habit to get into.
Enable the status
bar and other tools that display addresses of links, so that you can screen
where any click will take you. Beware of links that take you outside the
current domain, particularly if you don’t recognise the address. If you remain
keen to follow a link, but are deeply suspicious as to where it will take you,
view that page’s source and see if you can be reassured or alarmed by what you
see. Avoid at all costs being hijacked to a distant malware server.
Anything, even
images and web pages, that you download from a site in which you don’t have
complete trust, should be very carefully checked. Most antivirus software,
including ClamXav (free from clamxav.com), enable you to set up a watched
folder, whose contents will be automatically scanned. Apply that to your
Downloads folder (or the alternative that you’ve set in your browser’s
preferences) so that those files will get the once-over before you try to open
them on your Mac.
