Stuxnet meets Snotnet
Web-based threats, email
spoofs, keyloggers and spyware..... Like so many things these days,
there's little use in wondering why it happens or where it comes from;
you have to protect yourself anyway. There are threats from online
booby traps ("Trojans"), email spoofs with forged addresses, hackers
scanning ports, redirected communications, massive data breaches (latest being
Equifax), identity theft scams and CIA/NSA
Motivated by greed, politics, bravado or
just-plain-vicious malicious intent, it's all out there.
Common threats require
your participation to some degree, even if it's just an inattentive
click, acting on assumption or using a weak password. Apple has
eliminated the threat of viruses designed to attack Windows PCs, but
that's not to
say Mac users can be complacent about security. Keeping
your OS updated is the first step to protecting your Mac, but no
OS can protect you from YOU. If you
need some plug-in, viewer, utility or app, go to its
actual source to find it -
never click links that pop-up uninvited on the
internet, and never download from third-party or torrent sites.
Aside from data breaches beyond our control, the most significant
threat to security is that of physical
access. This includes shared machines,
unattended or unsecured computers, and lost or stolen mobile devices.
area networks (LANs), wifi spies and freeloaders can also be a problem,
but most of these threats are managed by using security protocols
and proper passwords. As long as you've taken steps to establish
protection you'll have little to worry about. This page is about the
current state of
security on the Macintosh and the things you should know to protect
As a friend says, "you have to be smarter
than the tools you work with." Just because that email sez it's from a
friend or family member doesn't mean it is. Logos, addresses and
content in an email are easily forged. A link within an email - if you
click on it -
might take you to a web site that looks totally legitimate, but
that doesn't make it real.
Looking at the address suffix - known as
Code (ccTLD) - can be
enlightening, too. Be aware that it takes no effort at all to fake a
'reply to' address in an email. Trust
NOTHING about an email or its contents.
adequate passwords and change those associated with cloud
functions, online banking, web mail, and internet accounts
periodically. Pay attention to news of data breaches that may affect
you and act accordingly to protect yourself. Record those passwords
someplace safe, too.
click email links. Examine that address
carefully. Parking your cursor over a link
for a second or two will produce a small box exposing the link's true
address. You can always
avoid the link by opening a web browser (Safari) to use a bookmark or
type in the address
yourself. Or make a phone call instead.
respond with credit card numbers, passwords or personal info.
Never "login" thru an email link - legitimate sources
should direct you to their web site instead. Providing a link is
and they _do_ have a legitimate use, but it pays to be skeptical.
'Junk' filtering. Whether you
use web mail thru a browser, or use an email client on your computer
(Mail.app), all email apps have a "spam" function for weeding out the
garbage we all get. Something like 90% of all email is spam, and once
you label a spam message as "junk" you shouldn't see anymore messages
from that specific source in your inbox ever again.
Of course, if you rely on web mail thru Yahoo or Google or any other
online service, the security of your email (including your address book
and whatever else is attached to your account) is out of your hands and
up to the service provider. They get hacked on a regular basis these
days, so don't be surprised if it happens to you and suddenly everybody
you know is getting spam with your name on it.
Such security breaches
occur all too often, and that's the risk you take when using free
online mail servers. Your choices are to change your email address or
just wait until it blows over (which it eventually will).
If it comes
looking for you, you don't want it.
Real-world internet security concerns (regarding Macs)
revolve primarily around downloads that may be deceptive and/or
damaging if installed. This cannot happen without your active
participation and knowledge. In other words, you're free to download
and install phony utilities and bogus apps if you wish - but it can't
happen behind your back
like it often does on a Windows PC. If you see some unexpected message
popup while surfing the 'net, and it wants you to download, scan,
install something, don't do it.
Cancel/close and ignore the message. Force-quit your browser if you
must, in order to get away from it (Apple menu -> Force Quit).
In the case of email attachments, a virus
might well be attached to some email message you receive, but these are
typically incapable of doing any harm to a Macintosh. However, while it
cannot affect your Mac, if passed along to a Windows machine where its
code _can_ execute, it might attack the Windows user. Delete it.
Best advice is to simply be aware, be
suspicious of any uninvited prompts, and don't click anything you're
not absolutely certain of. Clear your history and delete cookies
periodically (although you
may have to hunt for some of 'em - see below), open a new browser
window if you like (File menu -> New Window) and use your bookmarks
or type-in the address you want to go to. Cancel unexpected options and
avoid anything even faintly suspicious.
Here's what you need to know:
"Malware" (short for malicious software) refers to a variety of
bad-nasty things floating around in cyberspace, including viruses,
spyware, Trojan horses, and a host of lesser types (in terms of
potential damage). Rule of thumb: If you need some app or software,
player, update or utility, go to the source and get it. DO NOT download anything that comes looking
A virus must
have three traits in order to qualify as a true virus:
(1) It operates in the background without
your knowledge or participation.
(2) it copies itself - spreads - to every
volume it comes in contact with (hard drives, flash drives, disc
burning, networks, etc.).
(3) it will have some sort of damaging or
is a whole different animal. This category includes commercial programs
designed to track computer use and record keystrokes, but these are not
necessarily viruses. Popular with parents, security departments and
company bosses, spyware provides indisputable proof of computer use and
activity. That's the legitimate use of spyware: Parental control,
tracking company time and tracing activity. But - spyware can also be
used to steal passwords,
banking and credit card info or other personal data for purposes of
A Trojan Horse - like the Greek myth -
requires your active participation to download and install before it
can do its thing. Therefore, it must trick you into bringing it onboard
by masquerading as something attractive or pretending to be something
it isn't. Here's an example, one of hundreds popping-up on the internet
Clearly designed for the Mac with Safari icon and Mac layout.
If you click OK, the next window will be a
"free download" of the trojan disguised as an anti-virus app. Cancel.
are gullible enough to download, you will then have to enter your admin
password to install it and you'll be warned that you're about to
install an app from the internet. Just say no or trash the file before
installation and you'll be fine.
Text is laughable - doubt if many who read this would fall for it.
Some of these trojans will put up a
window listing a few files it claims are infected and should be
"scanned" immediately. We've seen many examples of this type of Trojan
Horse over the years, and most look very much like a genuine Mac
application. (We tracked one to Belize, by way of
Germany, with a contact number in Russia.)
Fortunately, they're easily removed
and relatively harmless.
While the Microsoft Windows world has long been awash in viruses that
cannot infect the Mac, that doesn't mean Macs are 100% safe. The
Macintosh remains largely immune due to proactive prevention by Apple
and by the core of your MacOS, but there are
plenty of other threats about. Nothing gets
installed on a Mac unless an administrator password is entered and you
approve the installation process. The only protection you really need
is common sense.
The World Wide Web should be free, unregulated, uncensored
and untaxed - but it also needs to be approached with care. And as long as you're dealing with the internet, you can
assume you're being tracked and you're likely to encounter something
nasty along the way. Just getting there can fun, what with
routers, modems, ISPs and all. To say nothing of expense. We all need
to pay attention as the situation approaches critical mass in so many
ways. ISPs are throttling bandwidth, playing loose with stats, charging
extra per device, rationing fiber optic broadband, and establishing
additional charges along the way.
If you have a network and internet connection, you must protect it.
Learn how, if you don't already know. Get a router with a built-in
firewall and learn how to set it up.
Normally it's just a matter of selecting the best available protocol
and setting a password to protect your home or office wireless network.
Connecting to other networks out in the wild is another matter
entirely. Consider these to be wide-open party lines and never transmit
anything sensitive over a foreign wifi network. There have even been
reports of thieves setting up adjacent networks with names matching
legitimate ones. That "Starbucks" network might be Starbucks or it
might be some bozo with a notebook out in the parking lot. This type of
spoof can be very
difficult to detect, but it has to be within 150-yards of your
And now you can also assume a growing lack of privacy as virtually
every app you use is phoning home with some bit of data, some chunk of
info, whether it's on a computer, tablet or phone. GPS-equipped devices
attempt to map wireless access locations by sending coordinates and
network info. Computer and software makers collect and send data too,
including OS and app versions, CPU/machine specs. These are legitimate
types of data collection used to enhance product performance and
provide assistance, but the line between that and eavesdropping is
disappearing. As they say, "there's an app for that." If that's not
bad enough, there's a storm gathering in the ever-popular cloud, too.
attention to network
The key (on a Mac) is that nasty stuff, like all
software, requires passwords and permission to install by someone with an admin account. Once onboard
tho, malware can collect
info, spy on activity, eavesdrop on communications and even reroute
network traffic. (Yes, that includes Macs.) It's not unusual to find
Koreans scanning your ports, cookies from countless unwanted sources,
or servers horning in on web locations; these are easily stopped in
their tracks. It's another matter to find something installed on a
System that is opening doors and collecting and/or sending data.
Noticeable effects may include slow network/internet operations,
and it's something to watch for. We recently removed no less than five
different variants of a malware app designed to hijack network
communications, with all five operating from a single machine. One of
apps dated back five years. But, credit where credit is due: That
particular machine had been used to explore the, shall we say, "seedy"
segments of cyberspace and some uglies were voluntarily downloaded in
on your OSX firewall
> Security pane >
Firewall tab - should be on by default), and do not allow file sharing
of any kind over the internet. Sharing thru your own local area network
(LAN) is fine; office networks are probably managed by in-house IT
staff. Torrent, movie and music sharing sites are well-known
for passing malware, so if you want some program or music - hey - buy
it! No sympathy here for those who install
BitTorrent, uTorrent, Limewire, Vuze and other such "sharing" software.
Legitimate sources consider it theft to use such things, and so do we.
you need a 'viewer' or update, go
to the source and get it
Adobe.com has Flash Player (slowly
going extinct), VideoLAN has VLC
for translating WMV and MS file types, and QuickTime will open most A/V
files. Keynote handles Powerpoint files nicely, Pages works on Word
files, Numbers opens Excel, and odds are you already have something
that will do what you want to do. Just avoid
clicking on anything that shows up uninvited while surfing the web,
including video players, "updates" and anything that promises to
speed-up, clean-up or fix-up your Mac.
There's only one way to absolutely
guarantee total network security on any computer, and that's by
disconnecting from the internet altogether.
Short of literally pulling the plug on communications, we must remain
vigilant to intercept and identify potential leaks in
order to remain connected while having some control over security. The
Mac comes well-equipped. Again, the #1 (and arguably only) security
tool most Mac users really need is common sense - and proper password
The biggest threat to any computer is having it fall into the wrong
hands, so restricting physical access is most important. And the threat
isn't just from theft or those with mischief in mind, it can be data
loss or damage done by accident, too.
Hand-in-hand with protecting
physical access is having a proper Admin account with a secure login
password. This is especially important for notebook computers and
portable devices that may go missing, and machines shared by two or
more people. Create a 7-8 character password, make it a good one, and
write it down somewhere safe if you need to, just make sure you don't
forget it. (You can give yourself a hint, too, when you set it up.)
Require a password to wake from screen
saver/sleep to protect your computer if you step away for a moment.
Turn on your Firewall if it's not already on by default. And be sure to
disable automatic login at startup in the Security pane of System
Preferences under its General tab:
Options here include
requiring password to wake from sleep, disabling auto login (must be
checked for password protection at login), the option of locking all
System Pref panes (the lil' padlock in lower-left corner), automatic
log-out after a set time of inactivity, and more. Recommended settings
for least bothersome security options are shown; more robust options
are available if needed.
Then there's the FileVault tab: Here you
can set a master password and encrypt everything on your hard drive -
but we DO NOT recommend doing so. Encryption will
slow read/write operations somewhat, and if you lose your master
password - you're toast. FileVault is there with industrial-strength
encryption if you really need it, but you'd need a _serious_
reason to make it worthwhile. Unless you carry around national security
secrets, hospital medical records or some bank's database, using
FileVault is just asking for trouble and most (normal) people will be
quite adequately protected by using simple passwords without the added
hassles of encryption.
Spyware is a
general category of programs designed to track computer
usage. These are not viruses per se, so anti-virus programs may not
detect them as such. And, because programs used as "parental controls"
or for additional security likely contain keyloggers to record who did
what and when, keyloggers aren't exactly malware either. Even some simple keyboard-shortcut utilities have
keyloggers. Once onboard, spyware can
transparently record chat room and internet activity, emails, logins
and software use. Some spyware apps are capable
of using a computer's camera to take snapshots, record video and/or
send location info as well. This info may then
be stored for later retrieval or sent via network to a waiting
recipient, and such apps may be used to recover lost or stolen
If you are concerned that someone is
spying on you and your Mac for some nefarious purpose, consider what it
takes to put spyware on a Mac: First requirement is physical access
(discussed above). Login password for your admin account is also
necessary, and to properly install spyware so as to make it as
undetectable as possible can take a good deal of time, 3-4
hours or more. So, if your machine hasn't left your possession, it
or available to others for an extended length of time, and it has a
decent login password, you probably don't have anything to worry about.
The same applies to iPhones, iPads, and
other such devices, with one important caveat that might make a
difference. When you sync these devices to iTunes on a computer, iTunes
automatically makes a full backup for you in case it's needed to
restore the device, and that backup remains (buried) on the computer
you synced your iGizmo to - which, by rights (and by design) _should_
be your own computer. But, if you synced to someone else's Mac or PC,
they have all that data, and that might be a problem.
Unfortunately, hunting down spyware
requires forensic processes and techniques that are beyond the scope of
this discussion, especially if the prospect of legal action is
a possibility. Installing anti-virus apps or "cleaning" utilities is
just asking for trouble and should be avoided. Best hope for putting
your mind at ease
is to carefully consider time and access requirements for spyware
installation, continued access necessary to retrieve keylogger/spyware
records, and the likelihood of anyone going thru all that trouble to
spy on you. If you still think you have a problem, give us a call, make
an appointment, and we'll see what we can do. We won't help you spy on
someone else (if that's what you have in mind) but we can certainly
find out if you are - or have been - a target.
CIA and NSA
to Wikileaks we now know the CIA has an Embedded Development Branch
(EDB), creators of a number of programs designed to infect the
Macintosh and spy on users. These programs, code named "Dark Matter",
"SeaPea" and "NightSkies" (collectively known as "Triton") have been
active since 2008 and were being updated to infect new OS
versions as released by Apple. We first ran into Dark Matter in 2011 on
a Samsung SSD a client purchased from Amazon. At the time, 500GB
SSDs were selling for about $500 and were still somewhat rare. We
had no idea what we'd found, only that the drive had a small 64K EFI
partition in an unknown
format - embedded in the drive's firmware - that could not be opened, examined or
As with Dark Matter, these things aren't hard to find and identify if
one knows what to look for and where to look. "Dark Mallet",
"DerStake", the "Sonic Screwdriver" project... the CIA's user manuals
for their spyware reads like any other user manual, all very
matter-of-fact and concise. Only thing missing is the end-user license
Apple claims to have secured its OS against this sort
tampering, but in the spy-versus-spy world of government surveillance
you can be sure the CIA has moved on to new and better things by now.
First we had the NSA recording _all_ communications and location data
in real time, and now we have the CIA turning our computers into spies.
version = there is no privacy. But, with more trouble than should be
necessary, you _can_ take out the trash and keep tracking to a minimum
while sometimes solving online problems. Here's how:
applications (programs) have their own preference settings under menu with app's name, in this case Apple's browser,
Safari. Open Preferences and choose the Privacy tab (image
below). You can do that right now if you want, just move your prefs
aside so you can still see this one.
Different web browsers have different layouts, and the options we're
looking for may be located someplace different than illustrated here.
You may have to do some extra drilling to
clear history, check homepage and toss cookies.
Using Safari here, other browsers should have same
options somewhere in prefs or tools.
Clicking "Remove All Website Data..."
button clears all cookies.
The Privacy tab allows you to remove
cookies from sites and servers tracking you as well as those with legit
purposes, such as login cookies used by discussion groups, vendors and
auction sites. You'll just have to login again if you toss the good
ones with bad, but Safari can remember most logins if you want it to.
"Details..." button if you wish, then delete 'em individually, too. You
might think we're done, but - no.
Shortcut: Older versions of Safari had a reset for
much of the "cruft" that accumulates with web browsing, found under the
Safari menu as either "Reset Safari" (up to OS 10.9) or "Clear History
and Website Data" (10.10) or simply "Clear History" (in OS 10.11 and
"Reset Safari" or "Clear History" produces options to delete web cruft.
checked above are a good compromise between keeping those things that might be helpful and trashing most of the
junk that isn't. So, we're done now, right? Not quite...
Adobe is using it's Flash Player to spy on you, too. Here's the scoop
on Flash Player:
Open your System Preferences and look for the Flash Player
icon. Open it
and pay close attention to the tabs at top of resulting window. Here
you might find things that'll make ya wonder. Or not.
First tab, Storage, has a "Delete All" button below it that I encourage
you to use, since Adobe has leveraged Flash Player to track your
Next two tabs, "Camera and Mic" and the
"Playback" tab, each have their own privacy settings that should be
addressed. Off is the best choice; you
can always turn these on if needed now that you know where they are.
Last tab, "Advanced" has
yet another "Delete All..." button to remove yet another collection of
So now we're done. But, no, not really, just kidding. There are dozens
of browsers out there - Safari, Firefox, MS Exploder, and the new kid,
Chrome (best avoided), to name a few - all have different
"privacy" schemes, different front ends, prefs and options
with their own agendas. Most other apps collect/send
data and check for updates, too. This is why you really can't expect
true privacy, but you can certainly keep traffic to a minimum.