computer safety on a mac
TRANSCRIPT
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
http://WhiteHouseComputing.Blogspot.Com ”
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
http:\\WhiteHouseComputing.Blogspot.Com ”
What?
Me
Worry?
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Visualization of the various
routes through a portion of
the Internet Source:
WWW.Wikipedia.Com
http:\\WhiteHouseComputing.Blogspot.Com ”
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Can lead to mythical
attitudes like this
Common Computer Security Myths
What? Me Worry?
I own a Mac.
Accurate information at excellent
Mac education sites like this
Click the above for their excellent video
entitled “Do you need antivirus software
on a Mac?
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Types of Threats
Annoyances
Spam
Adware
Dangerous
Spyware
Virus – Flashback variants currently in the wild
Phishing
Scareware
Enabler
Trojan
Backdoor
M
A
L
W
A
R
E
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Common Computer Security Myths
Myth: “There is nothing important on my computer, so no attacker would want to access it”
Reality:
“Internet Background Radiation” – a techie term that refers to the constant stream of probes and malicious traffic on the internet.
Probes are looking for any machine that can be “hijacked” to make money for their hijackers.
Spam Robots (spambot – multiple spambots under common control form a “Botnet”)
Zombies trained to attack web sites on demand (extortion robots)
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Types of Threats - Annoyances
Spam – AKA Unwanted, Unsolicited Junk Email
Clogs your email inbox
Can be dangerous
Can lead you to dangerous websites
Example – sites that attempt to exploit unpatched bugs in your
browser to insert “backdoor” or other malware in your system
Adware – Software that delivers targeted
advertisements to your computer
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Types of Threats - Dangerous
Spyware “is a type of malware that is installed
surreptitiously on personal computers to collect
information about users, their computer or
browsing habits without their informed
consent.” Wikipedia. (Spyware)
Can simply record information about your browsing
habits to guide Adware in delivering ads OR
Worst case: Keylogger – can record your keyboard
keystrokes and transmit them over the Internet
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Types of Threats - Dangerous
Phishing “is the criminally fraudulent process of
attempting to acquire sensitive information such
as usernames, passwords and credit card details
by masquerading as a trustworthy entity in an
electronic communication.” Wikipedia
Fraudulent email scares you into clicking a link in the
email taking you to a site that LOOKS like a real
bank (for example) but is not
Fraud site asks for userid password account number etc
Phishing
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Common Computer Security Myths
Myth: “Paying bills online increases the risk of identity theft”.
Reality: Communication from the browser can be secure encrypted
LOOK for the LOCK
Either bottom right or just to the right of the address entry window depending on browser and browser version
AND look for https instead of http in the address
For example: https://WWW.Chase.Com
However – above assumes no keylogers on your machine
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Types of Threats - Dangerous
Phishing – How to Avoid Being Fooled
Avoid following links in emails
If you do and the site wants info DO NOT GIVE IT
Banks, Brokerage Houses, etc WILL NOT ASK
YOU VIA EMAIL TO VERIFY INFORMATION
If they seem to be doing that IT IS A FRAUD
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Types of Threats - Dangerous
Virus “A computer virus is a computer program that
can copy itself and infect a computer without the
permission or knowledge of the owner.” Wikipedia
How is it spread?
Email attachment
Visiting a malicious website with an unpatched buggy browser
Infected files on any portable media (thumb drives, CDs, floppys, etc)
Over a network when file sharing is too broadly set up
Above Threats in Windows Environment
OS/X Environment: Threat Rising Rapidly
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Types of Threats - Dangerous
OS/X Environment: VirusThreat Rising Rapidly
Flashback
First (2011) delivered on infected media masquerading as a Flash
player installer and so refered to as a Trojan (Horse)
First delivery in DriveBy attacks detected April 2012
600,000+ Macs affected, botnet formed
Java vulnerability enabled “drive by” attacks
Click HERE for info re detect and remove
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Types of Threats - Dangerous
OS/X Environment: VirusThreat Rising Rapidly
Apple’s Response
Software updates correct Java vulnerabililty (Apple SLOW to do so in
Flashback case)
Software updates can be automatic in Mountain Lion, Lion.
Latest updates remove Java processing from OS/X based browsers
Restrictions “fence in” Applications – Gatekeeper vs Sandboxing
Gatekeeper
Sandboxing
Additional Sandboxing link
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Types of Threats - Dangerous
OS/X Environment: VirusThreat Rising Rapidly
Apple’s Response
I believe that in the future (today being 11/2/2012), if your
“Gatekeeper” selection (on Lion, Apple Menu / System Preferences
/ Security & Privacy / General Tab) is “allow applications to be
downloaded from anywhere” Apple will force you (once you make
that selection” to click “I Accept” on a waiver form that says
something like “I acknowledge I have been told by Apple I should
not do this and hereby absolve Apple from any responsibility for the
consequences. I also agree that, from this point in time, I have
forfeited any right to service from Apple under any warranties that
might otherwise be in effect”
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Types of Threats - Dangerous
Four Rules
1. Apple menu – software updates – check DAILY - plug the
holes that let the gunk in.
2. Install and run Anti Virus software – keep subscription current
2. Run a Firewall
3. Keep your ear to the ground. Stay in tune, read apple
blogs and info sites like http://www.Macmost.Com and
http://www.macobserver.com
4. Consider running antivirus / antispyware software as risks
multiply. When you make that decision do the necessary
research to decide which one to use.
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Firewalls Prevent unauthorized entry from outside
Can be hardware
Routers include a NAT firewall preventing
unauthorized entry from outside but not necessarily
reporting or preventing rogue applications inside your
computer from communicating outbound
Can be software – Lion: Apple Menu / System Preferences /
Security & Privacy / Firewall / On
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Firewalls
How Secure is Your Firewall?
Major corporations have their firewalls intentionally
probed periodically by a security service to test them.
You can do the same thing at the “Shields Up” site
located at https://www.grc.com/x/ne.dll?bh0bkyd2
NOTE the above site DOES NOT scan your machine
for malware of any sort. It provides only a test of your
firewall (or lack thereof) and its ability to block intrusion.
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Firewalls
Laptops
If you depend on a hardware firewall at home, you need to be
sure you have a software firewall running on your laptop if
you take it out of your house to connect from another
location. If you have file and printer sharing turned on (to
share files with other computers in you house) TURN IT
OFF before connecting to a public WiFi hotspot or someone
else’s hard wired LAN because you will be behind their firewall
sharing your files with them
Lion: Apple Menu / System Preferences / Sharing / uncheck sharing
of all kinds
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Information Source
WWW.OnguardOnline.Gov
“a partnership between the FTC, other federal
agencies, and the technology industry -- offers tips to
help you be on guard against Internet fraud, secure
your computer, and protect your personal
information. “ Federal Trade Commission web site
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
Backup
Time Machine (Apple standard, “free”)
Can restore any file(s) you select to any time/date
you took a backup.
Carbon Copy Cloner from Bombich Software
3rd party commercial software, will image (make a “carbon
copy” of your hard drive contents
“all or nothing restore” , not file select restore
Can boot directly from the backup if your HDD fails
If CRITICAL keep copy off site
CCU / OLLI MAC CLUB
Computer Education
WhiteHouseComputing
Safe Computing on a Mac
The End