Our computers and other computing devices store some of our most important belongings: photos, videos, music, syllabi, research, and manuscripts. We owe it to ourselves to maintain and protect these things through best practices in computer maintenance, security, backups, and training. During the upcoming winter break, I would like to encourage everyone to spend some time putting your cyber-house in order before the spring semester begins.
To help you with this and to promote best practices, I will hold a workshop in DevLab on Wednesday, Dec. 4 from 4:00-5:00PM before D-Ped. Workshop participants are encouraged to bring their Mac or PC to the meeting. Tablets are also welcome.
Many online news sites (here, here, and here) have been talking about the more visible threat to Mac OS security called “MacDefender” aka “MacProtector” aka “MacSecurity.” Initially, it was a bit of malware that would download from poisoned sites and request your account password to allow full access to your system. Now, it can infect your Mac OS X installation without your providing your password. In both cases, it would also try to obtain your credit card information in order to provide “protection” (read: extortion). Apple provides a How to avoid or remove Mac Defender malware guide on their website before the next software update for Mac OS X 10.6 is available, which will remove and protect your OS from nasties like the so-called MacDefender.
There are some easy ways to avoid this and other kinds of malware and virus infections on Mac OS X.
First, you should not be logged into an admin account. You should create a standard user account for your daily activities, and only use the admin account when you install new software. For both accounts, you should create inventive and hard to guess passwords.
Second, if you use Safari for browsing, you should disable the open safe files feature in Safari > Preferences > uncheck Open Safe Files.
Third, be aware of the files that you download and the sites that you visit online. Don’t open something unless you know exactly what it is.
Fourth, keep your OS updated at all times!
Fifth, consider running an open source anti-virus solution for Mac OS X called ClamXav, which you can learn more about here. Even with this level of protection, beware. One commenter from early May 2011 on MacUpdate.com said that ClamXav didn’t detect MacDefender.
Sixth, Apple provides security configuration guides for Mac OS X here. The National Security Agency (NSA) provides their own security advice for Mac OS X here.
Sony’s CEO Howard Stringer is reported to have made an amazing overstatement today regarding the massive security breach of the Playstation Network: “We are up and running, and we are safer than ever” (via Sony Chief Howard Stringer Likens Hackers To Mujahideen). Perhaps by “ever” he means “before, we were running a wide-open version of Apache with nary a security update or firewall in sight, but now, we have implemented some semblance of protection for our customers’ online data.” Find out more about how easy it was for the “hackers” to break through or merely hop over Sony’s less-than-watertight defenses here.