Defense: Malware targeting Mac's
Mac's users running any browser with JavaScript turned on by default are vulnerable to being tricked into clicking on a trick image and/or link.
That image may appear to be a standard OS X window with a close box or the typical OS X looking window asking a question with OK or Cancel. It can look like anything really, it's purpose is designed to get you to click anywhere on it and initiate a download to your computer.
Safari tries to be helpful and "Open Safe Files" by default, which is being used with numerous success to run code on one's machine, by bypassing the normal user action of 'open the downloads folder and then clicks on the download to run' process in exchange for convenience.
Most Mac's are used with one person, and the initial setup of a new Mac (or a new OS X install) is the first user is automatically a Administrator User. Running one's typical day to day use while in Admin User mode gives any code running on one's machine more privileges and access than it would receive if the user of the computer created another OS X account and ran most of their computer use as a General User.
The ultimate access for rogue code would be Root User, which on Mac's is turned off by default, however a temporary access window to Root User is allowed when a Admin User provides his or her Admin Password. Once rogue code gets Root user access, it's all over, OS X is completely compromised.
The key to security on a Mac, or any computer system actually, is a process called "Compartmentalized Security" where the more privileges code receives, the more it's subjected to time and scrutiny to determine it's legitimacy.
Web browsers are the forward troops facing a overwhelming enemy, the World Wide Web. Not one modern web browser is 100% safe, not Safari, not Firefox, not IE, not Chrome, not Opera. Neither are plug-ins or scripts that run within these browsers 100% safe.
So the key to maintaining security is to provide a high level of "Compartmentalized Security" steps which shifts the exploit potential further down the privilege level so it can't do much of anything or gain further access.
People can get carried away with downloading and installing software in a rapid fire manner, this provides a ripe opportunity for malware to get onto one's computer, even gaining root access right away.
So in order to provide better compartmentalized security, provide more time and steps before potentially installing rouge code. I suggest the following actions:
1: Run most of your day to day computer use as a General User with less privileges. This can be done by creating a new Admin User, logging out of the present user and into the new Admin User, then turning the first user into a General User.
Whenever certain actions are needed, like accessing the Application's folder (where programs can be changed by malware) a Admin Name and Password will be required. A small hassle, but it provides another step for it to get past.
2: Use Firefox web browser and the following Add-ons: NoScript, Ad Block Plus and Public Fox.
Under the Toolbar customization, drag the NoScript button to the toolbar. NoScript turns off all scripts and plug-ins by default, which if you trust the site your on, you click the button for turning them on and the page automatically reloads.
In Public Fox preferences, set a password on downloads, this way a popup window appears before any download occurs, keeping malware from sneaking into your downloads folder and potentially being clicked on.
With Ad Block Plus, subscribe to the Easy List which automatically appears in the browser window. This will auto-update to keep advertising, which has been used numerous times as a attack venue, from appearing.
Click&Clean, Ghostery, BetterPrivacy, FlagFox, WOT, HTTPS-Everywhere (from the Electronic Frontier Foundation) are also highly recommended add-ons.
3: In Safari preferences, turn off "Open Safe Files" install the Ad Block Plus add-on and the Click2Flash add-on. If any add-on appears in the future to simulate what NoScript and Public Fox does on Firefox, then enable those add-ons.
4: Check the staus of your browser plug-ins. These websites makes it easy, bookmark them in a obvious place so you remember to visit them routinely. As soon as a vulnerability appears, either update or turn off the affected plug-in in your browser until a patch is issued.
https://www.mozilla.com/en-US/plugincheck/
https://browsercheck.qualys.com/
5: If you enjoy surfing the backalleys of the Internet and you have at least a decent dual core Intel based Mac, I'd highly advise installing the free VirtualBox and loading a free ISO of Linux Mint DVD 32 bit 10.10 (most consistent and easy to use, everything included, Linux distro)
http://www.linuxmint.com/download.php
The object is to load and install Linux Mint into the virtual machine like installing a operating system onto a regular computer. Once completed, then save a snapshot to revert to after your Firefox browsing session (in Linux) is completed. All and any potential malware, caches etc is flushed when you revert the entire guest OS back to the earlier state. Keep the Guest OS updated via the Software Update option and save a new snapshot.
6: Use common sense, if it don't look right, then stop and flush the OS X based browser from memory via the Apple > Force Quit menu.
7: Install the free ClamXav, it will remove the OS X malware it knows about, offering some after the fact defense and Windows malware from their files.
I don't advise a full time, always on and running anti-virus solution for Mac's due to Apple's tendancy to change the underlining OS themselves to thwart potential malware. So something like Norton which maintains tight control over OS X should be avoided.
Malware on Mac's are a scarce thing because of Apple's top down approach, but trojans are a potential attack venue and people need to insure more steps to avoid being tricked.
MacBook Pro, Mac OS X (10.6.7), XP, Vista, 7 many Linux distros
