The Mac Security Blog

Security & Privacy

Don’t Believe in Antivirus? Malware is Only One Tool in a Cybercriminal’s Arsenal

Posted on by

Even though the number and severity of Mac malware has been growing steadily, and despite Flashback infecting a significant percent of the Mac user population last year, there are still some people who don’t “believe” in using antivirus software on their Mac. Usually the reasoning is they’re “smart enough to avoid getting infected in the first place,” or they think the chances of getting infected are really low, especially given Apple’s own internal security tools. No matter what we or anyone else say to those folks about the increasing risk of Mac malware, they’ve made up their minds and don’t want to believe in the necessity of protecting themselves. However, regardless of whether or not you believe malware is a problem on Macs, it’s not the only threat you should be concerned about.

The aim of most cybercrime is data theft, and malware is just one tool in the arsenal criminals have at their disposal to get hold of sensitive personal information.

Depending on where you are, attackers can reach you a variety of different ways:

  1. Public WiFi — When you’re on public WiFi, you’re sharing a network with complete strangers. There’s no telling who those strangers are or whether they include people who would do you harm – especially if you’re somewhere very public and crowded, like a hotel or an airport.
  2. Breaches — When your school, bank, email, social networking site, or other keeper of your personal information gets breached, it may provide the attacker enough ammo to steal your identity, or it could give them sufficient information to target you for further attacks.
  3. Hacking Accounts — This may be the after-effect of a breach. Now that you’re on a hacker’s radar, they may send you targeted malware or try to attack your computer directly.
  4. Phishing — This is another way attackers can get into your account. If they find your email in a breach, if it’s published publicly, or if they attack someone who has your contact information, they can send you an email to try to get you to reveal your password.
  5. Targeted Attacks — If you have something an attacker particularly wants, they may go the extra mile to try to install malware or hack into your accounts or computer, creating tools or attacks that specifically target your vulnerabilities.

In all of these cases, the goal is the same: someone is trying to take advantage of ways that systems are left open and vulnerable in order to sneak in and make off with your data. Apple does provide some protection already, but it’s not intended to close all the holes attackers could use to get in.

By using a few additional defenses, you can make their job much, much harder so that your data will be a less tempting target:

Encrypt Your Data

There are two times an attacker can go for you data:

  1. When it’s in place on your machine
  2. When it’s in transit to or from the network.

On your machine, you need to know what data lives where and then keep it in a central location that you can encrypt. To protect your data in transit, you can use a Virtual Private Network to keep out prying eyes. Make sure sensitive data is encrypted by checking to see the website you’re sending to is using HTTPS (rather than simply HTTP) when you look at the URL.

Use Layered Defenses

Apple provides a few ways to keep you from getting harmed by malware – namely XProtect, the Application Firewall, and Gatekeeper. Using all of these technologies is good, but it does leave a few holes. XProtect helps detect malware, but there’s still a big window between when researchers discover new Mac-related threats and when they’re added to XProtect. Malware that is less prevalent never makes it into XProtect, which isn’t much help if you’re one of those few that are affected.

Gatekeeper can be helpful in preventing new threats, but there are still plenty of ways malware could get around this tool. Having a dedicated anti-virus program will allow you to detect and remove a wide variety of threats a very short while after they’re discovered – before they can hit a large number of users.

The Application Firewall will help you filter inbound connections, but not outbound. If malware or hackers manage to get into your machine, it can send your data out to attackers. Having a full-featured firewall can help identify and prevent incoming attacks as well as someone trying to get data out from your machine.

Update Your Software

Humans write software and humans make mistakes, so software sometimes has vulnerabilities which need to be corrected. Most software companies update their products from time to time, and popular software is a popular target by criminals, so they frequently update to fix vulnerabilities. Be sure to install those updates as soon as you can to limit your exposure.

While there are a lot of ways out there that cybercriminals can try to get your data, there are also a lot of ways you can protect yourself. You don’t necessarily need to have your data locked up tighter than Fort Knox – you just need to have your data locked up well enough that it’s not easy pickings. By closing up holes, fortifying your defenses, and protecting your valuables, you can make stealing your data more trouble than it’s worth for cybercriminals.

toolbox photo credit: Stitch via photopin cc