What Mac OS X and sex have in common

Both Mac OS X and sex are pleasurable when done right but can give you diseases when enjoyed for illicit purposes.

Blunt but true.

Once upon a time, dogmatic Mac gurus would gush and gloat over how the Mac was impervious to malware.  Apple aficionados teased PC people for using an operating system beset with viruses, trojans and adware.

In the height of hubris, the iPhone, iPad, iEverything loving folks would denigrate the PC guys for using “inferior” software.  Well, times have changed and the Mac isn’t indomitable anymore.  In fact, it never was exempt from malware but people rarely took the time to thoughtfully consider the problem.

Most people don’t realize that Safari keeps a list of known malicious software that it uses to screen incoming downloads.

XProtect me please

It’s called XProtect.plist (officially File Quarantine) and lives here:

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

You can check it out yourself by typing Shift + Command + g and entering /System/Library/CoreServices.

Then scroll down to CoreTypes.bundle, select it, and pick Show Package Contents from the little gear icon in the address bar.  Show package contentsYou’ll see XProtect.plist sitting near the bottom of the list.  Think of it like your friendly malware signature database for Macs.

XProtect.plist

The problem with XProtect is that it’s extremely bad at detecting zero-day threats.  Threats for which there are no existing signatures can surreptitiously sneak in and debilitate a Mac.  That’s no fun.

The enemy at the gates

Apple recognized beefing up security would redound to its success so in the summer of 2012 it unleashed Mac OS X 10.8 Mountain Lion and introduced a new anti-malware layer called Gatekeeper.

Think of Gatekeeper like a crotchety old troll with sword in one hand.  Before an application is allowed to run on the system, the troll extends his sword and grunts in a stentorian voice:

Show me your signature!

The application is forced to prove to the Gatekeeper that it originated from the App store.  It does this by handing over a cryptographically signed security certificate that Apple only assigns to valid App store apps.


Incidentally, audacious users can circumvent the Gatekeeper by Control-clicking the app and choosing Open from the context menu.

Mac users will still get a warning but it can be jettisoned with ease.

Are you sure you want to open it?


This is the thing: suspicious apps aren’t even allowed to step foot into the Mac App store.

Mac OS X Gateway

Apps must go through a strict review and approval process. Furthermore, all apps must adhere to Apple’s astringent sandboxing policies.  Sandboxed apps have limited system access which mitigates the chances of a malware mishap.

This is all good but the zeitgeist of the 2015 tech community still dogmatically asserts that Macs are immune to malware.

I’m here to tell you nothing could be further from the truth.  Not only are Mac’s susceptible to malware they may have more instances of infections than PCs.

Yup. I said it.

You may catch a STD (Software Transmitted Disease) from your Mac.

Mom! My Mac has Malware!

According to a 2014 whitepaper from cybersecurity firm PaloAlto Networks, the iOS and Mac OS platforms may be the new frontier for malware.

Moreover, two weeks ago, Cristian Florian from GFI, published a disquieting report based on new data from the National Vulnerability Database (NVD).  The data showed that Mac OS X and iOS eclipsed PC’s for the total number of vulnerabilities in 2014.  Windows came in 4th place after the Linux Kernel.

Ironically, the biggest attack vector on the Mac isn’t via trojans and viruses but through Java, Flash and potentially unwanted programs.

Here’s my position on all this: if you can’t justify to yourself in 10 words or less why you have Java on your system you should disable it.

The bottom line is that Java sucks so if you don’t need Java don’t enable Java.

Disabling Flash isn’t as straightforward as I would like but it’s certainly possible.

  1. Go to /Library/Internet Plug-Ins/
  2. Delete FlashPlayer.plugin and flashplayer.xpt.
  3. Log out and login again

If you need to watch Youtube videos to quench your insatiable need for entertainment, grab the YouTube5 extension from VerticalForest.  It’ll force your browser to display videos using HTML5 rather than Flash.

Adware is the real issue

Ladies and Gentleman we are in the middle of a pandemic.

This is how I would begin my declamation to the American people if I were president.

Then I would say:

Technology has never been so abundant and internet has never been more accessible.  I can type your name into Google and instantly get your email address, social security number and pull up a list of your last four girlfriends.

But with convenience comes caution.  And if we don’t pay attention to the software we’re downloading these days we’re going to get STDs.

So check it out…

I hate the term Potential Unwanted Program (PUP).  But not because I feel antipathy against puppies.  I love puppies – in fact, I wish I owned one right now – preferably a cute cloud fluffy Lhasa Apso.

Image Credit onepinkhippo via Flickr

But my point is that the term is a misnomer.  It’s a euphemism for shitware.

Sorry did I just say that?

PUPs and smuggled opt in offers are the real issue.  Macs offer zero protection against this sort of thing.

Avoid Opt-in offers

The Bottom Line

So what do you think of security on the Mac?  Are they as secure as most people maintain?

Most importantly you learned what Macs and Sex have in common.  Don’t catch an STD.  Use protection.

Alright, I’m done with the double entendres.  I’m in a weird mood today – I don’t even know if anything made sense.  This is what lack of sleep does to you.

Please forgive the tangled tangents and desultory comments.

About

Connect with Vonnie on Twitter

Posted in Mac OS X 10.10 Yosemite, Mac OS X 10.8 Mountain Lion, Mac OS X 10.9 Mavericks Tagged with: , , , ,