Mac Planet: Apple and security

Photo / Supplied

I still meet people who appear surprised that Apple devices remain largely untroubled by viruses and malware. It's true Apple regularly releases Security Updates for Mac OS, but these are mostly designed to close avenues into the system that Apple has become aware of rather than responses to actual threats, or to add in Flash or Java updates to make those third-party (non-Apple) products safer.

Check the list and you'll see what I mean.

Another thing you will hear often is something to the tune of 'Macs aren't safer, they're just not attacked much because they're an insignificant part of the market'.

There is some truth in this, but let me put it this way: back in the mid 1990s there were plenty of Mac viruses and anti-malware was de rigeur. In these pre iDevice days, Apple had around 11-12 per cent of the personal computer market. It's back at around that market percentage now, but do bear in mind that 12 per cent of today's computer market is a hell of a lot more Mac users, in pure numbers, than 12 per cent of the 1995 computer market, which was about 45 million. Most think the overall computer use figure went past a billion in 2010.

However, two things mitigate Apple's much bigger potential target: one is that Apple went to OS X for the Mac's operating system from the year 2000. Until then, Apple had used systems up to 1999's Mac OS 9. This 'classic' Mac OS had been Apple's primary operating system since the 1984 introduction of the first Macintosh.

OS X is quite different to Apple's previous 0-9 series of operating systems. It's a Unix-like operating system built on technology developed by Steve Jobs' NeXT company through the second half of the 1980s. Apple purchased NeXT in early 1997, when Jobs went back to Apple, giving it access to NeXT's development. This didn't make OS X more secure per se, but it means a virtual two-system-layer to break into: a simple Unix one, then the complex OS X.

The second is that there is security inherent in OS X. It has app 'sandboxing' that isolates apps from the critical system components of Macs, your data and your other apps. Even if an app could be compromised (and note that Apple does not says apps couldn't be) by malicious software, sandboxing blocks it to safeguard your computer and information.

OS 10.8x also contains Runtime Protection, can flag suspicious websites, the OS has always had a firewall built in; there's Parental Controls to limit access to certain things for minors and/or those under your care; Password Assistant and the keychain and more. Apple has a page explaining all this.

For more experienced users like me, this all adds up to a pain in the neck. After considerable criticism that Macs weren't secure enough, just not attractive enough as a target, Apple ramped security up a lot. This did have the side effect of making Apple computers and iDevices much more attractive to enterprise. But that means that we have to jump through way more hoops than before to keep our devices safe. I know that's a good thing, and it's hardly Apple's fault; it's the fault of those who would hack. I should be thankful.

A lot of the security features are user configurable, so you can turn security up if you are heading into a less secure place. About.Com's NetSecurity blog tells you how to turn your MacBook into "a mobile Fort Knox". Possibly the most important part of this article is item 2: Enable your MacBook's OS X Security Features (Because Apple Didn't).

Apple's official guide to OS 10 security settings for previous versions of OS X (Panther, Tiger, Leopard and Snow Leopard) is also worth checking out if you have an older Mac.

There are two areas where Apples are no more secure than PCs at all. One is so-called 'phishing': an email arrives that looks official asking you to re-input credit card or other bank details. I demonstrated how easy this was to Mac Senior Net a couple of months ago: went to a website, pulled some logos off a page, put them into an email message ... you have to understand that no bank will ever email you about important things this way. If you think it really is your bank or whatever, please call them to confirm.

Another common trap, but easier to spot, is to ask for funds to help move millions that you will then profit off. Yeah, right. Yes, you will lose any money you spend. Worse, you may give them your bank details. These days people mine Facebook for personal details. With your bank details and a few judicious searches, people can work out potential passwords from a date of birth on Facebook, your mum's name and the names of your pets and more. Since most passwords aren't very random, this info might be all they need to work yours out. That's why Facebook privacy settings are so important.

As you can tell, phishing relies on your naivety or gullibility, and since it's just an email we Apple users are as susceptible to them as anyone else. (Of course, Mail does have a Junk filter for spam like this.)

iDevices are also vital to your safe electronic life - worse, they are much easier to mislay or have stolen. Like Macs, these also require seemingly endlessly escalating password setting, but since they have encryption you can turn on, they can be really hard nuts to crack.

This also means that if you have criminal things on your Apple devices, they can be hard for law enforcement agencies to unlock, too. Apparently Apple can bypass the security software if it chooses, to the extent it has a police waiting list thanks to high demand. Court documents show that federal agents in the US were so stymied by the encrypted iPhone 4S of a Kentucky man accused of distributing crack cocaine they turned to Apple for decryption help last year. But they were placed on a waiting list!

This adds to the trope that went around a few years ago, that the CIA had let it be known that if you were serious about computer crime you should be using Macs, as the CIA found them very hard to get into.

I honestly don't know whether this improved sales - or indeed, thefts - of Macs to criminals.