APPLE users need to stop living in “fantasy land” and let go of the myth that its products are safe from malicious programs and viruses.
This is the advice of security experts at anti-virus company, Kaspersky.
Fewer than 50 per cent of Mac users run any kind of anti-virus security on their computers, even though more than 700,000 Mac computers were infected with a malicious virus called “Flashback” last year.
The infections occurred after a cyber criminal exploited a security flaw in a Java application, that tricked people into downloading a virus he had written by disguising it as an update for Adobe Flash software.
While 70 per cent of user computers have had the security flaw patched and the virus removed, about 30 per cent of users are still infected, product group manager Vartan Minasyan told news.com.au.
“If Mac users continue to be so carefree, I can really tell you that they will be targeted more and more easily.”
“Five years ago part of Apple’s marketing was that Macs got no viruses,” Minasyan said.
“Right now they’re saying the opposite. On Apple.com they have started to say it’s better to have virus protection installed.”
The security expert says people need to change their thinking, and says he expects it to happen naturally, but not quickly.
“It is just a part of human nature to be very slow in adapting,” he said. “People should actually change their belief and change their approach”.
To even further destroy the Apple safety myth, Vincente Diaz, Kaspersky’s senior malware analyst said it took him just 15 minutes to create a piece of malware for a Mac.
“It took 15 minutes for the Mac to show a completely grey screen,” he told journalists during a presentation in Monte Carlo. “The virus blocked every input on the computer from the keyboard to the mouse.
“You couldn’t do anything. And this was using only Apple’s default system functions. There was nothing extra.”
Part of the problem is that users are continuing to buy into the myth that Apple devices are immune to viruses.
But Apple also needs to change its approach, Diaz says.
“Apple needs to be clear about what they are controlling and way they are not,” he said.
He said Apple was not so good at disclosing when it was releasing security patches for flaws, what they do, and what they don’t do.
“Apple works hard to try and make its users very secure and are doing what is best for you, but they don’t explain what it is actually doing,” he said.
“Apple is not very transparent about what was going on when the latch for the flashback virus was released.
“It is not being very useful to consumers about updating security. That is my opinion. It needs to increase user awareness.”
How to keep your Apple computer secure
1) For goodness sake, purchase and install an anti-virus security program.
2) Ensure you keep your security software up-to-date.
3) Keychain. Use it. Keychain is an Apple program which stores all of your passwords, whether it be for your bank account or your computer. Keychain unlocks as soon as you login to your computer, meaning anyone with access to your Mac can access areas of your life that are password protected like your bank, PayPal, email or eBay accounts. Prevent this by creating a password for the program which stores all your passwords. And for the love of everything that is holy, DO NOT, I REPEAT, DO NOT MAKE THIS PASSWORD THE SAME AS ONE OF THE STORED PASSWORDS. Get original. Invent a brand new password that has never been used on any of your other accounts. Do this by going to Utilities in Applications, hit Open Keychain Access and click Edit: Change Password for Keychain [username / login]. It will ask you for the password you use to log in to your computer (leave this blank if you do not have a password. We’ll get into that later), type your new password into the New Password field and Verify field. The key icon next to the New Password field will tell you how secure your password is. News.com.au recommends using a combination of random letters and numbers. Hit OK. Also, always ensure to lock your Keychain when you are not using it.
4) Always double check that the updates for security are legitimate. One way to do this is to check the URL it is directing you to. First, hover your mouse over the link it is directing you to, a URL should appear along the bottom of your web browser. If the URL is not directing you to the official websites of the various software programs you are running, DO NOT CLICK ON IT.
5) If you need to update your computer but you are concerned about clicking malicious or deceptive links, just type the official website URL in your web browser and download the updates straight from Apple’s website, or the website of the software you are running.
6) Turn off your automatic login. There is no need for your computer to store your username and password. Make sure you enter them manually upon start-up to minimise the chance of your credentials being stolen.
7) Lock your computer when you are not using it. Even if you are only stepping away from your computer for a minute, prevent people from accessing your device by using a password to turn off the screen saver or to wake up your Mac from sleep mode.
8) Be cautious about what information you store in the cloud. It might be a hand backup for that manuscript you work on in your spare time. But keep any personal information relating to bank account, passports, credit cards, bills, etc out of the cloud. There is always a danger storing information in remote servers as cloud security is almost completely out of your control. Needless to say having a unique, strong password helps too.
9) Remove your payment information from iTunes. Sure, it might be handy to pay for music with a single click, but storing your credit card information in your iTunes account comes with real risk. Scammers could access your details and use it to purchase all sorts of dodgy stuff for themselves, or worse, use it to gain enough personal information to access your bank account. And then you are in real trouble.
10) Encrypt important files. An encryption is a code which basically locks your files, making them unreadable without a secret key. Needless to say, sharing the key with anyone would be an act of stupidity. There are a number of good encryption programs including AutoKrypt, TorBundle, Hotspot Shield.