We’ve said it before and we’ll say it again: Your Mac is the safest personal computer on the market. Even though we’ve had a couple of scares this year, there are still almost no Mac viruses. According to research done by Sophos (a maker of antivirus software), at press time there were only four known OS X viruses, compared with roughly 80,000 on Windows.
But let’s face it—we live in a dangerous world, and not all of those dangers (especially those to your privacy) are platform-specific. Here’s how to keep your personal information out of the wrong hands—and keep your Mac out of trouble.
Seriously consider using antivirus software
Is antivirus software worth the money and hassle? You might decide to take your chances and bet that malware authors will never target the Mac, but seriously consider installing and running antivirus software, especially if you engage in “risky” activities—browsing a variety of Web sites, exchanging files with other people via email or servers, or downloading third-party software.
Choose the tool your company or college provides, or find an antivirus program on your own. (Skeptics should note that there’s a free, open-source option— ClamXav 1.0.3.) Just make sure to install the software, scan regularly, and update religiously. Outdated antivirus software is almost as bad as none at all.—Mark H. Anbinder
Always install Apple’s security updates
Half of the computer-security battle is staying up-to-date. Apple and makers of security programs do a good job of keeping their software updated to handle new problems, but if you don’t download and install updates, they won’t do you any good.
Mac OS X Security Updates include fixes not only for OS X but also for the various tools Apple provides with each Mac. For example, the first Security Update of 2006 fixed security flaws in the PHP scripting feature of the built-in Apache Web-server software that comes with every Mac. Before this patch, PHP (once activated) could have been used to run software on your Mac covertly.
Make sure your Mac’s Software Update preference pane is set so that your Mac checks regularly for new software. Checking weekly should be sufficient for most people. But if you often visit unknown Web sites or use personal file sharing or Web sharing, you should check daily.—Mark H. Anbinder
Open files only from known sources
A Trojan horse claims to be one thing—risqué photos of a celebrity, for instance—but is in fact a program with hidden plans for your computer. Double-click on it out of curiosity, and it leaps into action—with destructive, or at least annoying, results. This year brought the first OS X Trojan horse— Leap-A, also known as Oompa Loompa, which posed as photos of Apple’s upcoming OS release, Leopard (OS X 10.5).
The easiest way to minimize your risk is to do what Windows users have done for years—regard unknown files with skepticism, especially unexpected email attachments and odd files arriving via an instant-messaging program. If you’re not sure what a file is, and if it arrived without warning, ask the sender whether it’s legit. Also, get in the habit of downloading software only from known sources. If you’re worried that you might already have hidden malware on your computer, see “Intruder Alert!” for ways to check.—Mark H. Anbinder
Watch for macro viruses in your Office documents
Office macros are scripts that let you simplify or automate repetitive actions, but miscreants can also use them to spread misdeeds between computers and across platforms. A document from a Windows-using friend, for instance, could include a macro that turns all your Microsoft Word documents into locked templates.
Good Macro, Bad Macro Microsoft Word warns you whenever you open a document that contains macros. Note that not all macros are bad; before you enable the macros, just ask the person who sent you the file whether it’s supposed to contain them.
Word and Excel now warn you, by default, when you try to open a document that contains macros. When you open a new document that contains embedded macros, whether it’s from a trusted source or not, check with the person who sent you the file to make sure the macros are OK.—Mark H. Anbinder
Use a standard account for everyday work
When you install OS X or set up a new Mac, the first user account you create is an administrator account. This account has great power to alter your system. OS X requires that you enter your password to make most, but not all, changes to the system. The exceptions are what tricky malware creators can exploit.
If you are logged in to the administrator account, the recent Leap-A Trojan horse, for example, could install itself in the System folder, affecting all your Mac’s users and possibly infecting many applications. If you’re logged in to a standard account, Leap-A could affect only that account and applications that you have installed by dragging them into the Applications folder.
So create a standard user account in the Accounts preference pane (don’t enable the Allow User To Administer This Computer option), and use it for your day-to-day work. You’ll have to enter your administrator user name and password from time to time—when installing software, for instance—but you’ll have a safety net.—Kirk McElhearn
Turn off automatic login
When you use OS X’s Automatic Login feature, there’s no need to select your user name and enter your password in the Login window when you start up your Mac. That’s convenient at home, but if you work with a laptop or a publicly accessible computer in an office, it can expose all your personal documents to anyone who presses the power button.
To turn off this feature, go to the Accounts preference pane and click on Login Options. (If the button is dimmed, first click on the lock icon and enter your administrator password.) Deselect the Automatically Log In As User Name option.—Kirk McElhearn
Lock your screen when you step away
If you require a password at login, your Mac is protected when you log out or turn it off, but what about when you just step away? When you go to lunch, anyone can come by your desk, press a key to wake your computer, and access your files. Prevent this by requiring a password when anyone turns off the screen saver or wakes your Mac. In the Security preference pane, select Require Password To Wake This Computer From Sleep Or Screen Saver. Click here to find out about more ways to lock your screen.—Kirk McElhearn
Give your Keychain its own password
OS X includes a nifty utility that stores all your passwords for applications, servers, and Web sites. Your Keychain is your central repository for passwords; it unlocks as soon as you log in to your Mac. Unfortunately, this means that anyone who can access your Mac will be able to open your password-protected items. If you use Safari’s AutoFill feature, that could include your bank account, your Amazon account, your .Mac account, and more.
What’s the Password? Your Keychain stores all your passwords and, by default, unlocks when you log in to your Mac. Beef up its protection by giving it a password of its own, and use Password Assistant to make sure you pick a good one.
Solve this by giving the Keychain a password that’s different from your user-account password. Open Keychain Access (/Applications/Utilities) and select Edit: Change Password For Keychain “ User Name ”. (In some cases, you might see the word Login instead of your user name.) In the Current Password text field, type your login password. Type a new password in the New Password field and again in the Verify field. Click on the key icon next to the New Password field to bring up the Password Assistant window. Here you can test how secure your password is and get ideas for better ones. In the Type menu, choose Memorable, Letters And Numbers, Numbers Only, Random, or FIPS-181 Compliant to get suggestions.—Kirk McElhearn
Lock the Keychain when it’s not in use
Once your Keychain is unlocked, it usually stays that way until you log out or shut down your Mac. For more protection, set the Keychain to lock when it’s inactive. Open Keychain Access and select Edit: Change Settings For Keychain “ User Name ”. (In some cases, you might see the word Login instead of your user name.) In the Keychain Settings window, select the Lock After Number Minutes Of Inactivity option, and choose a number of minutes. Also choose the Lock When Sleeping option.