Macs Need Security Software Too

Mac users need security software, too.

Oh, I know: Mac lovers will respond to this statement by puffing up their chests, raising their chins and sniffing, "Ha, my Mac always has been and always will be virus free. I don't need no stinking security software."

Ah, but you do, folks. You really do.

• Click here to visit's Cybersecurity Center.

Years ago, when I suggested that "Macs Are Not Invulnerable," I got lambasted by an angry horde of Mac nuts ... err, I mean, lovers.

There are unexploited — though comparatively minor (not to mention few) — holes in Mac OS X, but that's not what threatens the Mac platform.

A recent report from the SANS (SysAdmin, Audit, Network, Security) Institute noted that the major growth area for attacks is not in Trojans and viruses, or things that exploit known system vulnerabilities.

Instead, they're phishing and social-engineering attacks that need no technical "hole" to succeed.

Unless someone can prove otherwise, I contend that the average Mac user is no smarter than the average Windows PC user, which means that Apple PC owners — Mac lovers — are just as susceptible to phishing scams as anyone running Windows XP, 2000 or Vista.

The whooshing sound you hear is that of a million Mac-o-philes' chests deflating.

For those who don't understand phishing or social engineering, the concepts are simple.

Phish e-mails use deception. They typically play on some of your most common or worst fears to get you to do something you might never do otherwise.

Here are some common examples: an e-mail from your bank asking for personal ID information, a missive from an eBay member with a question that asks you to log back in and respond, or a plea from a Nigerian nobleman who needs your help to access his fortune.

We've all seen these fake messages — Windows and Mac users alike. No one is immune.

Actually, that's not true. People smart enough to run security software suites will find they're pretty well protected, thanks to the suite's built-in antiphishing features.

These utilities can automatically detect phish mail based on the IP address or the actual URL, and even through some heuristic identification.

They often have tools that will prevent you from giving out personal information, such as your Social Security number, credit card info, PIN numbers, user names and passwords and even your home address.

You simply enter this information into the application, along with the actual URLs that should have access to this info, and then the suite does all of the blocking and tackling.

It will even extend these capabilities to casual use scenarios, including instant messaging.

Instant-message bots can easily appear and ask for personal info, as can less-than-trustworthy characters who want to know exactly where your children live. Security suites can get in the middle of this, too.

Human Response

None of what I just described requires tunneling through software-based code holes. Instead, each assumes gullibility and requires trust and natural, human response.

Mac users are human, aren't they? So how could their computers not be at risk? And what protects them?

If they listen to most tech magazines, pundits, and other Macophiles — nothing.

These guys tell Mac users that one good reason to buy a Mac — instead of a PC — is that you don't need to waste money on security software.

In other words, Mac users have no security software installed and protect themselves by using nothing but good, old-fashioned common sense.

What a brilliant idea.

This may have worked before, but with Apple's currently sky-rocketing market share, Mac users are sure to become a bigger and more attractive targets for phish mongers.

So let me say it again, but with a twist: Mac users are not invulnerable.

Copyright © 2008 Ziff Davis Media Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.