Malicious Software: Protection Advice for Macs & UNIX Systems
To protect your computer, you need to exercise some basic principles of safe computing. While these principles apply to all types of computers, these instructions are targeted for Apple Macintosh computers with Mac OS X and UNIX (such as Linux and Solaris) workstations.
Keep Your System Fully Patched and Updated
Some of the most dangerous and prolific malicious software takes advantage of programming errors or "bugs" in the operating system. Attempts to infect a computer with malicious software this way are called "security exploits."
Security exploits are extremely dangerous because they allow malicious software to take control of operating system components. In the Mac and UNIX world, that means that malicious software can gain the same privileges and permissions as the exploited components. With elevated privileges, the software can intercept passwords, generate unwanted e-mail or serve as a jumping-off point for attacks on other computers.
To stop security exploits, you must promptly apply security updates. On the Mac, use System Preferences, Software Update to download and install the latest updates from Apple. You can also schedule updates to happen automatically on a regular schedule. For UNIX or Linux, you need to check with your UNIX vendor or Linux distribution instructions for the preferred methods to obtain system updates.
Use Strong Passwords
Weak passwords are a common vector for malicious attacks on Macs and UNIX systems. Worms and rootkits use different methods to exploit weak passwords. Dictionary attacks use common usernames and passwords (sometimes thousands of them) to log in. Brute-force attacks attempt to exhaust all possible passwords. You can increase security if you follow these guidelines:
- All accounts on the computer should have a password that is not based on words (English or foreign lanugage). A combination of letters, numbers and symbols is strongly recommended. Typical combinations like "abc", "qwerty" and "123" should be avoided, since they are subject to dictionary attacks as well.
- All passwords should be at least 8 characters long. Modern computers perform very fast brute-force attacks on short passwords.
Limit Remote Access
To prevent security exploits and weak password attacks, you can limit access to the computer so that few attack methods will be successful. On the Mac, review the settings in System Preferences, Sharing and make sure that unused sharing services are turned off.
On UNIX systems, a system service called TCP Wrappers can be used to limit access to remote control functions like the SSH service. Most UNIX and Linux systems have TCP Wrappers pre-installed and controlled by the filters in /etc/hosts.allow and /etc/hosts.deny. To learn more, use man 5 hosts_access at your UNIX command prompt or consult your system admin.
Identify the Source of Unknown Software and Files
Many types of malicious software use psychological tricks designed to fool you into opening the software and installing it on your computer. Although these types of attacks are rare on Mac and UNIX systems, there have been some documented cases.
Malicious software may generate fake e-mail with a special attachment that installs the malicious code on your computer. Web sites that offer downloads such as media players, web browser add-ons or search tools may "piggyback" malicious advertising or spy software with their downloads. Sometimes malicious software will compromise an entire web site, causing browsers that visit the site to automatically start downloading malicious code. Some malicious programs will create fake documents that look like regular word processing documents or images, but they will install a virus when opened.
Before you open a file from your e-mail, your web browser, or a floppy disk, you need to verify the origin of the file. Are you sure that your friend or co-worker actually sent this e-mail? You can call or e-mail them back to confirm. Are you sure that a web site is offering legitimate software? A movie site that requires a special movie player may also include unwanted software. If you want to download a free viewer or player, go directly to the web site of the company that makes it and read carefully to make sure it doesn't include anything you do not want. Internet chat clients and peer-to-peer file sharing programs are well-known sources of malicious software.
For examples of fake e-mail, see the companion document Recognizing Viruses and Fake E-mail.
For More Help
If you have questions about malicious software protection on your Mac or UNIX computer please call the Information Technology Help Desk (xHELP or 713-348-4357). We will be happy to discuss the matter with you and refer you to an expert who can assist.
For more information about malicious software, see the other documents in this series:
