- The Tech Night Owl — Cutting-Edge Tech Commentary - https://www.technightowl.com -

The Usual Mac Security Nonsense

There’s this conventional wisdom, unfounded, that Macs were never susceptible to malware. That was certainly not true in the early days. I remember, in 1990 or thereabouts, buying a commercial app from a local computer reseller. This was an app from a major publisher, supplied on a floppy disk, in a shrink-wrapped box.

I installed the app — I forget what it did — and, when I opened QuarkXPress a few minutes later, I got a message that the app had been corrupted somehow. I located a shareware virus protection app on AOL, installed it, and found out that my Mac had become infected, and the source was the app I had purchased from the computer store. This was the sort of virus that the security app couldn’t fix, so I ended up backing up my files, formatting the hard drive, and reinstalling everything from scratch. Since this was a new Mac that had only been in operation for a few days, I didn’t lose anything. Except for time.

The dealer professed ignorance when I brought the offending product back. Since it was supplied by the manufacturer, it must be their fault, but the store manager was willing to exchange the box for another copy, or give me a refund. I accepted the refund.

That was my first and last exposure to a Mac virus at home, although I ran into a few at the office when I worked at a prepress service bureau. There we would take a client’s disk and run the desktop publishing files on a high-end output device, which produced printer-ready output. Some of the media we received was infected by something known as a desktop virus, which sounds really awful, although it didn’t really harm anything, other than spread itself.

I continued to run security software through the years — until OS X arrived in 2001. With OS X, Apple touted the presence of a more secure Unix platform, thus providing more protection from the sort of things that impacted the “classic” Mac OS. So I didn’t concern myself about installing security software, not that you had much choice in those days.

The years went by and, while there were ongoing security fixes for OS X, and possible proof-of-concept viruses, there were no reports of widespread infections. With the arrival of Intel-based Macs in 2006, improved sales meant, according to some tech pundits, the increased possibility of being infected by something, somewhere.

Aside from those security fixes for things that were rarely exploited, the biggest source of danger was clicking a wayward link in an email, or going to a fake site that pretended to be a company with whom you did business, such as a bank. If you logged in with your online credentials, you could be opening your account to access by criminals who’d be happy to steal your money.

So if you just watched out for phishing sites, or other online locales off the beaten path, and took care in where you spent your money, you’d sharply minimize your chances of being infected by anything. Yes, there are several security apps for the Mac, but not much reason to use them. Businesses might, as a precaution, and some of these utilities would guard against PC viruses, so you couldn’t accidentally infect the Windows user in the next cubicle.

As Mac sales increased, some claimed virus authors would find the growing target to be more inviting. But that doesn’t appear to have happened, although security “black hats” continue to find the occasional Mac security problem that they’re only too happy to tout at a hacker’s conference. In 2012, a malware outbreak did reportedly infect several hundred thousand Macs. Known as Flashback, it actually did its nasties to Java. Apple took its sweet time to provide a fix, and now mostly relies on Oracle, publisher of Java, to deliver updates. That, and disabling Java plugins for a browser, has mitigated such problems.

You still need Java to run some apps, including older versions of Adobe’s Creative Suite, but not that often. But since Java is regularly fixed, it’s probably not such a serious issue. It appears that Adobe Flash gets more attention when it comes to security lapses, but updates are also regularly issued. Still, if you can stay away from a Flash site, that’ll provide a extra ounces of protection.

For OS X El Capitan, Apple has added something called System Integrity Protection, a scheme also known as “rootless access,” which prevents you from accessing certain system files and processes. This, in theory, provides even greater protection against hackers doing mischief on your Mac from afar, or, if they get direct access.

Just the other day, I read a piece warning, once again, about the oncoming OS X malware infections, and how things will only get worse soon, someday soon, whatever. Having heard these “cry wolf” pronouncements for over a decade, it’s hard to take them seriously. Be careful, of course, but the sky isn’t falling, and Apple does appear to be taking security more and more seriously these days.