Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to avoid Mac malware by using Gatekeeper and common sense

Glenn Fleishman | July 12, 2016
Two new attacks on Mac users and a coming change in macOS Sierra show that educating users beats malware.

The best weapon against Mac malware is your mind: recognizing the key aspects of illegitimate software, and configuring your Mac correctly, go a long way toward avoiding a takeover. We've seen two new examples of OS X malware in the last week-Backdoor.MAC.Eleanor and OSX/Keydnap, both of which are blocked from executing unless a Mac's settings are too liberal. The ability to set a Mac to be vulnerable is about to change for the better in macOS Sierra, too.

And, as I've written about here before, the problem with malware typically isn't you, a reader of a column that addresses security and privacy. Rather, it's the behavior of all the people you know who aren't techies, but computer users-sometimes very naive ones, no matter whether they're 5, 35, or 95 years old.

Apple has a burden of education, as do software developers as a whole, because while malware isn't a problem of their making, it's something that affects their customers and may deter people from buying third-party software whether in or out of the Mac App Store. (I wrote a few months ago that developers needed to switch entirely to https delivery of websites and file downloads to reduce man-in-the-middle software hijacking, for example.)

But each of you reading this column can also help educate those who turn to you for Mac advice on how to configure their Mac, how to avoid executing malware, and how to be generally less credulous. Many people trust whatever a website or downloaded software says, and that's a bigger risk than OS exploits.

The power is within you

Some malware, there's nothing you can do to avoid. That's largely software that leverages vulnerabilities in the operating system to install without verification or by masquerading itself as something it's not. You have to rely on the quick discovery by researchers or the makers of an operating system.

Apple has in its back pocket XProtect, a listing of "signatures" that identify malware and block it from executing. XProtect is an unlabeled part of Gatekeeper, which restricts how apps and other components run in macOS. (Intego tracks these updates; Apple doesn't release notes separately.)

But attack software like the two from this last week require people to overcome blocks put in their way in order to become infected.

Backdoor.MAC.Eleanor is a Trojan horse distributed under the name EasyDoc Converter. As my colleague Lucian Constantin noted, it's "distributed as a file converter application through reputable websites that offer Mac software," but actually does nothing. I've warned before about downloading software from any site but that of the developer, especially since many download sites now package software inside of installers that also install adware or other unwanted apps.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.