It’s true that malware is less common on Macs than on Windows or Android. But that doesn’t mean Macs are inherently more secure, or that Mac users should take their security for granted.
Case in point: Apple’s own employees had their Macs compromised by malware in February of last year (the same attack also victimized Mac users at Microsoft and Facebook). If Apple employees’ Macs aren’t malware-proof, you can bet yours isn’t either.
More recently, our SophosLabs researchers discovered a Trojan attack disguised as an “undelivered courier item” notification in emails targeting Mac users. This malware, identified by Sophos as OSX/LaoShu-A, digs around in your Mac and can send any of your files back to a server operated by the attackers.
So, Macs aren’t immune to malware. But there are some easy steps you can take to improve your security on Mac computers. Here are four easy ways you can improve your Mac security.
1. Remove Java from your Mac unless you absolutely need it
The attack last year on Apple’s Mac users exploited a vulnerability in Java (which Apple belatedly fixed only after the attack). If you can’t eliminate Java completely, at least turn it off in your browser, where most of the worst Java threats are.
2. Keep your software patched with up-to-date security fixes
Hackers find plenty of victims by exploiting known vulnerabilities that could have been halted by a security patch. If you aren’t updating your Mac with the latest security fixes, this is a friendly reminder to do it when prompted.
3. Set GateKeeper to only run digitally-signed apps from the Mac App Store
As we reported in our Security Threat Report 2014, malware authors have figured out how to digitally sign applications with a phony Developer ID to get around GateKeeper security. However, using GateKeeper settings to warn you when you’re attempting to download an unsigned app, or if the app is not from the App Store, adds an extra layer of security. Apple has thus far been very good at keeping malicious apps out of its stores for Mac and iOS apps (iPhones, iPads).
4. Run antivirus software on your Macs
If you’re running a Mac without antivirus, you should download the free Sophos Antivirus for Mac Home Edition.
Mac malware and Mac security tips
If you’re interested in learning more about the evolution of Mac malware and the types of attacks we’re seeing against OS X, download our Security Threat Report 2014. It’s got the latest research from our SophosLabs experts, and includes links to other resources like whitepapers and videos to prepare you for all the threats we’ll face this year.