Given the recent discovery of an Apple malware toolkit, and the fact we have a number of Mac OS X endpoints in our shop, are special precautions necessary to defend these machines from malware and prevent them from becoming zombie machines in a botnet?
Any computer connected to a network, and particularly the Internet, must be protected against unauthorized access, infection and attack. In the past, many Apple users felt they were immune to the types of viruses and malware that plague Microsoft Windows users. They were certainly less likely to be attacked; the Windows user base is much larger and offers better returns for hackers. However, this sense of safety is misplaced. Any software as complex as an operating system contains flaws that an attacker can potentially take advantage of.
The recent discovery of an Apple malware toolkit shows there has been a shift in the focus of attacks in the last few years. Since Microsoft greatly improved the security of its products and network perimeter defenses became more robust, hackers have had to look for easier ways to successfully take control of a computer or break into a network. This is why there have been so many vulnerabilities reported in Adobe software over the past few years. Their software hasn’t suddenly become flawed; it’s simply been subjected to a concentrated effort by hackers to find flaws they can exploit. With the success of the iPhone and iPad, and the growing number of Mac users, hackers have started earnestly looking for and exploring the vulnerabilities in Mac OS X software and applications.
You need OS X antivirus software or antimalware software installed, and the software should be kept up to date with the latest signatures. The major AV vendors such as Sophos, Symantec, McAfee and Kaspersky all offer AV programs that run on Mac OS X. A free AV solution is ClamXav, which uses the open source ClamAV antivirus engine. Once you have installed your choice of AV software, you need to scan all your machines to ensure they are not already infected.
Mac OS X includes an application firewall that allows you to control connections on a per-application basis. This can be used to prevent malicious applications from taking control of network ports that have been opened by legitimate applications. You should ensure this is enabled and configured on each machine, but your network still needs a firewall between it and the Internet. This may be a device you already have, but how up to date is it? It should be capable of blocking access to known malicious sites and preventing sensitive data from leaving your network.
Finally, to ensure users don’t unwittingly infect their Macs by clicking a link in an email from an unknown sender or visiting an malicious site, for example, you need to have an Internet acceptable usage policy that clearly states what users can and can’t do. Also, provide security awareness training so users are aware of the potential risks when using the Internet and Internet-based services such as email, Facebook and Twitter.
This was first published in October 2011