With the increasing popularity of laptops and desktop computers running Apple’s Mac operating system, Kaspersky Lab, a leading secure content and threat management solutions developer, stressed in a number of ways to ensure that their devices remain secure.
The appearance of the most recent Flashback/Flashfake malware is a testament to the fact that cybercriminals will target any device as long as these would provide them with potential revenue.
Kaspersky Lab security expert Costin Raiu explained that, “during the next few months, we are probably going to see more attacks of this kind which focuses on exploiting two main things: outdated software and the user’s lack of awareness.”
“If you follow these steps, keep everything updated and be aware of these attacks, your chances of becoming yet another random victim will be greatly diminished,” Raiu reminded.
1. Create a non-admin account for everyday activities. Create a non-admin user where you only log in as administrator when you need to perform administrative tasks. This greatly helps to limit the damage from zero-day threats and drive-by malware attacks.
2. Use a web browser that contains a sandbox and has a solid track record of fixing security issues in a prompt manner. Google Chrome is updated more often than Apple’s built-in Safari browser. Google Chrome also comes with a sandboxed version of Flash Player that puts up a significant roadblock for malicious exploits. It has also a silent, automatic update mechanism that removes the burden of patching security vulnerabilities.
3. Uninstall the standalone Flash Player. Adobe’s Flash Player has been a common target for hackers as it allows them to take complete control over target computers. Removing it will significantly lessen security risks.
4. Solve the Java problem. Java is also a preferred target for exploit writers looking to plant malware on your machine. It is recommended to have it completely uninstalled.
5. Run “Software Update” and patch the machine promptly when updates are available. Many of the recent attacks against Mac OS X took advantage of old or outdated software. Commonly exploited suites include Microsoft Office, Adobe Reader/Acrobat, and Oracle’s Java. It is recommended to update to 2011 as soon as possible. Be sure to apply the fixes and reboot the machine when necessary.
6. Use a password manager to help cope with phishing attacks. Mac comes with a built-in password manager, the “Keychain,” which generates unique and strong passphrases for a device’s resources. Whenever the cyber-criminals manage to compromise one account, they will immediately try the same password everywhere - GMail, Facebook, eBay, PayPal and so on. Hence, having a unique strong password on each resources is a huge boost to your online security.