Mac Security: Fact and Fiction

Page 2 of 6

Mac users don’t need to worry about spyware.

TRUE Breathe a long sigh of relief. Spyware —programs that record information, such as browsing habits or keystrokes, and send it to a remote server—runs rampant on Windows, but there are currently no real spyware programs that affect the Mac. There are several programs that can monitor what you do by taking screenshots at different times and recording your keystrokes (for example, Camp Software’s $29 KeystrokeRecorder X, Red Byte Software’s $46 MonitorerX Pro 2.0, and Rampell Software’s $35 TypeRecorder X 2.1. But these programs are designed for people who want to monitor the activity of their Mac’s users: businesses, schools, or parents may purchase and install these programs to keep tabs on employees, students, or children.

If you’re a nonadministrative user of a Mac on which an administrator has installed this type of program, there’s not much you can do about it: you’re not allowed to remove the software, since you don’t have administrative rights. The best you can do is ask why it’s there.—KIRK MCELHEARN

Sending chat messages is akin to throwing notes on loosely wadded paper across a crowded classroom.

TRUE If you use any of the popular instant-messaging applications for OS X—iChat, AOL Instant Messenger (AIM), and MSN Messenger—your messages can be read easily by someone watching your network traffic. That sounds like the work of sophisticated computer hackers, but all it takes is access to your network (in your company, at home, or at a public Wi-Fi location, for example) and a packet-sniffing utility such as Brian Hill’s free MacSniffer or Stairways Software’s $39 Interarchy. (Terminal wizards can use the Unix com-mand

tcpdump
.)

For example, the window at the left of “Network Obfuscation” displays a snippet of text sent by iChat as it appears in Interarchy’s Traffic window. Looking past the HTML coding (which iChat uses to define balloon color and text formatting) and

«spc»
markers (spaces), you can see that the message reads, “It is easier to introduce new complications than to resolve the old ones.”

Keeping Risk in Perspective Before you swear off instant messaging forever, ask yourself a few questions. Is it really likely that someone is scanning your network’s data packets? You’re probably safer chatting with a friend from a single Mac at home than from a laptop connected to a free Wi-Fi network in a busy coffee shop. Also, does your conversation contain top-secret information? If most of your chats concern lunch take-out options, you probably needn’t worry.

It’s when you’re discussing information that’s private or proprietary that chatting can become the weak link your competition is waiting for.

Can Software Help? Fortunately, there are several ways to make your chats private. iChat users can purchase Intego’s $40 ChatBarrier X3 10.3.2 (   ; November 2004 ). If both chat participants are running ChatBarrier X3, a padlock icon will indicate that the connection is secure. Someone using packet-sniffing software will see only encrypted text (as shown in the second screenshot).

Another option is to use software that’s designed to deliver encrypted text. BitWise (subscription model or limited free client) encrypts every message. However, you can use it to chat only with other BitWise users. If that won’t do, the open-source Fire client not only lets you chat securely with other Fire users but also lets you have unencrypted chats with others.

Finally, if you just need to send snippets of secure information, consider encrypting individual messages with a program such as PGP —which stands for “Pretty Good Privacy” (variously priced packages, including a freeware version). Recipients of PGP-encrypted messages must decrypt the text on their end. (Think super-secret decoder ring.)—JEFF CARLSON

It’s easy to read a normal intercepted chat message sent in the clear, as captured here by Interachy……But if you use ChatBarrier X3 to encrypt the same message, nosy hackers will see only gibberish.
| 1 2 3 4 5 6 Page 2
Shop Tech Products at Amazon