Currently, there are more than 100 million users of Mac OS X in the entire world. This number continues to grow rapidly in recent years. With the increase in users of Apple Mac, Mac OS X malware is also growing-including Mac OS X Trojan like version of DNSChanger-and attacks on Mac OS X explode in the year 2011.
In September 2011, the first version of Mac OS X Trojan Flashback appears and extends until March 2012. According to data collected Kaspersky Lab, nearly 700 thousand users are infected until the beginning of April and the number may continue to rise. Although Mac OS X is a pretty secure system, but users still need to take some steps to avoid the attack.
Costin Raiu, Kaspersky Lab Expert gives advice 10 simple tips to improve the security of your Mac.
1. Create a non-admin account for day-to-day activities
Default Account in Mac OS X you are an administrator and malware authors can take advantage of it to infect your computer. For daily activities,you should create and use a non-admin account. Administrator account is only used if there is a need alone. To create your account, go to the option "Accounts" in "System Preferences" and then make a non-administrator account. Use this account for everyday activities, such as email and browsing. It is very helpful to limit the damage from zero-day threats and drive-by malware attacks.
If you are already using an administrator account for the long term and do not want the hassle of transferring user data, you can create a different administrator account for maintenance activities and then lower the status of your old account to "Standard".
2. Use the browser sandbox and have a solid track record in improving security issues in a prompt manner
Kaspersky recommend Google Chrome for various reasons. One is that Google Chrome is updated more frequently than Apple's Safari browser. In addition to the sandbox, Chrome comes with the sandbox version of the Flash Player that provides a significant barrier to dangerous sites. Google Chrome also has a stable update mechanism that eliminates the fragility of the security barrier. Make sure your browser is set as the primary browser.
3. Remove the stand-alone Flash Player
Unfortunately, of Adobe Flash Player is often the target of hackers to take over your computer. The old version of Flash Player is very risky when you browse the Internet. To remove Flash, you can use two options provided Adobe, for version 10.4 - 10.5 and 10.6 and more.
4. Fix problems in Java
As with Flash Player, Java is also a target for hackers to embed malware in your device.
Kaspersky recommends that you remove it from your computer. Unfortunately, Apple does not allow Oracle to update Java for Mac directly. They do it by yourself is usually a few months later. This makes the Mac vulnerable to attack longer than PC users.
Java Preferences option located in / Application / Utilities; uncheck the box next to the list version on the General tab.
If you need Java for specific applications, it is important to disable Java in Safari and other browsers. For Safari, go to the Preferences - Security - Web Content and uncheck "Enable Java".
5. Run "Software Update" and add it directly to your device if updates are available
Lately, many attackers Mac OS X to take advantage of the old software or not updated. Typically Microsoft Office, Adobe Reader / Acrobat, Java and Oracle. However, many other applications that can be abused as well. Office for Mac 2011 is better than the security of Office for Mac 2008. If you're still using 2008, Kaspersky recommend you to update to 2011. Whenever you look at Apple's "Software Update", make sure you do the repair and reboot the device if necessary.
6. Use the password management to address the phishing attack
The good news: unlike Windows, Mac has a management password that is installed in the system "Keychain." If possible, try to create a unique and powerful phrase to source and store them in the keychain rather than having to remember passwords that are easier. Whenever cyber criminals to attack, they will use the same password for all your accounts-Gmail, Facebook, eBay, PayPal, and others. Therefore, by having a strong password and unique in each source, you will get a more robust online security.
The other thing is there is a lot more complicated suggestions like having a separate keychain with 3-5 minutes of time for an important password. Password importance including sources can create financial losses, such as eBay, PayPal, online banking, and others. If this happens, you will not lose your entire password.
7. Do not enable IPv6, AirPort and Bluetooth when not in use
Turn off the connection when not in use. This is to maintain IPv6, AirPort and Bluetooth are a loophole for hackers to attack. IPv6 is a new communication protocol that can be used on the Mac. It is still very rarely used all my travels over the past few years. We've seen one able to support IPv6 services that can be connected in parallel with IPv4. However, it might be safer if you turn off when not in use IPv6.
To disable it, you can choose Apple menu> System Preferences and then press Network. If the Network Preference locked, click on the lock icon and enter your admin password to make changes. Select the network service you want with IPv6, such as Ethernet or AirPort. Click Advanced and click TCP / IP. Click on the Configure IPv6 menu that appears (usually set automatically), and select Off. For more information see http://support.apple.com/kb/HT4667.
8. Turn on the full disk encryption (Mac OS X 10.7 +) or Firevault
In Mac OS X Lion, Apple updated the encryption solution (FileVault) and adds full-disk encryption, known as the "FileVault 2". This is a benefit for the overall security of the disc compared to the home folder and can be very useful if your laptop is stolen.
For more information see http://support.apple.com/kb/HT4790.
9. Update Adobe Reader to version 10 or later
Adobe Reader has been the target of cyber criminals target the Windows platform and still be ranked among the highest in the world. Make sure you get the latest version by downloading from Adobe page.
10. Attach a good security solution
"Macs are not infected with the virus" has become a common theme we hear from the ad, which was launched in 2006 with a picture of a PC that is "sick" and Mac are "healthy". Six years have passed and the situation has changed dramatically. In 2011, cyber criminals began pressing DNSChangers and falsified anti-virus for Mac users in an aggressive way. Trojan Flashback arising September 2011 caused a huge buzz in March 2012. As of half a million users worldwide are infected.
Nowadays, security solutions are very important for Mac users. You can download and try the Kaspersky Anti-Virus for Mac. For users of Mac OS X, such as Little Snitch option can be used to determine the time course appears to be used when connected to the Internet, and gives you the option to allow or deny the connection.
Summary of Steps to Safe Your Mac OS X
In early 2012, Kaspersky predicts no growth in the number of attacks Mac OS X that take advantage of zero-day or unpatched fragility.
This is a normal development occurs also in other platforms with a large market share, to protect themselves from the virus creators, including lovers of Mac OS X. In the months ahead, we see this kind of attack to focus on two main things: the software is not renewable and users are less vigilant. If you follow the steps above, updating everything and guard against this attack, your chance to be a random victim will be reduced.