The massive Flashfake attack on thousands of Mac computers has formally exposed the vulnerability of Apple?s operating system.
Kaspersky Lab security expert Costin Raiu explained that in the next few months, similar attacks will likely occur which exploit two main things: outdated software and the user?s lack of awareness.
The Russia-based Internet security company, however, has created a list of tips that can help Mac users ensure that their devices remain secure.
?If you follow these steps, keep everything updated and be aware of these attacks, your chances of becoming yet another random victim will be greatly diminished,? Raiu reminded.
1. Create a non-admin account for everyday activities — create a non-admin user where you only log in as administrator when you need to perform administrative tasks. This greatly helps to limit the damage from zero-day threats and drive-by malware attacks.
2. Use a Web browser that contains a sandbox and has a solid track record of fixing security issues in a prompt manner — Google Chrome is updated more often than Apple?s built-in Safari browser. Google Chrome also comes with a sandboxed version of Flash Player that puts up a significant roadblock for malicious exploits. It has also a silent, automatic update mechanism that removes the burden of patching security vulnerabilities.
3. Uninstall the standalone Flash Player — Adobe?s Flash Player has been a common target for hackers as it allows them to take complete control over target computers. Removing it will significantly lessen security risks.
4. Solve the Java problem — Java is also a preferred target for exploit writers looking to plant malware on your machine. It is recommended to have it completely uninstalled.
5. Run ?Software Update? and patch the machine promptly when updates are available — Many of the recent attacks against Mac OS X took advantage of old or outdated software. Commonly exploited suites include Microsoft Office, Adobe Reader/Acrobat, and Oracle?s Java. It is recommended to update to 2011 as soon as possible. Be sure to apply the fixes and reboot the machine when necessary.
6. Use a password manager to help cope with phishing attacks — Mac comes with a built-in password manager, the ?Keychain,? which generates unique and strong passphrases for a device?s resources. Whenever the cyber-criminals manage to compromise one account, they will immediately try the same password everywhere — GMail, Facebook, eBay, PayPal and so on. Hence, having a unique strong password on each resource is a huge boost to your online security.
7. Disable IPv6, AirPort, and Bluetooth when not needed — Turn off connectivity services when not in use, or when not required. These include IPv6, AirPort and Bluetooth — three services that can be used as entry points for hacker attacks.
8. Enable full disk encryption (MacOS X 10.7+) or FileVault — In MacOS X Lion, Apple updated their encryption solution (FileVault) and added full disk encryption. Now known as ?FileVault 2?, this has the advantage of securing the entire disk instead of just your home folder and can be very useful if your laptop gets stolen.
9. Upgrade Adobe Reader to version ?10? or later — Adobe Reader is also a preferred target of cybercriminals. Version 10 includes numerous security enhancements which make it a lot safer than any previous versions.
10. Install a good security solution ? It is no longer true that ?Macs do not get viruses.? After six years, the situation has changed considerably. The Flashback trojan which appeared in September 2011 caused a huge outbreak in March 2012, which amounted for over half a million infected users worldwide. Thus, a security solution is absolutely required for any Mac user. One can easily download and install a trial of Kaspersky Anti-Virus for Mac.