Don't Panic Just Yet

At the "PWN 2 OWN" contest during last month's CanSecWest, which claims to be the "world's most advanced conference focusing on applied digital security," a MacBook Air was the first of three laptops to be "pwned," i.e., to be broken into. The other machines were running Windows Vista and Ubuntu Linux, and only the latter managed to withstand all attacks until the contest's end.

Is it time for Mac users to finally start panicing about malware on OS X?

It's not only Apple's official stance that Mac OS X is "safer by design" which makes many Mac users think that their operating system of choice is invincible. It's also the fact that, as of this writing, there are basically no OS X viruses out in the wild and just a few occasional proofs of concept for malware have surfaced so far. Yet, the fact that some developers find it worthwhile to write "scareware" such as "MacSweeper" or "iMunizer" is an indication that the Mac may become a financially sound target for malware, after all.

What now, then?

As a first step, let's put things into perspective. Even though you may disagree with some of his comments, Daniel Eran Dilger has compiled a very interesting list of "10 Things to Remember About CanSecWest and Software Vulnerabilities" that helps understand what security holes like the one that was unearthed during the "PWN 2 OWN" contest, mean for the average Mac user.

Using Common Sense

The second, yet more important, step: use common sense, and you should be safe. But what exactly is common sense in this case?

Covering a broad range of security-relevant aspects, Open Door Networks's "Internet Security for Your Macintosh: Top 10 List" is a good starting point for sharpening your senses and increasing your awareness for the kind of behavior that might put your Mac at risk.

As for the more specific topic of anti-malware utilities, TidBITS's security wiz Rich Mogull has explored the question of "Should Mac Users Run Antivirus Software?." Sneak peak digest: there are scenarios in which it makes a lot of sense to run AV software on your Mac, but most average Mac users can safely do without if they follow certain rules. As a useful companion to Rich's article, Lukas Mathis has compiled a set of just such rules that will help you "Avoid Catching Computer Viruses".

The great thing about these three documents is that they not only provide explicit advice for protecting your Mac from outside threats, but they also teach the underlying common-sense-thinking that will help you come up with your own "best practices" well beyond what said articles cover in detail.

Speaking of "best practices": have you implemented specific tweaks to your OS, or have you put procedures in place that help keep your Mac safe and sound? Let's hear 'em!