Chapter 6
In This Chapter
Understanding the dangers of going online
Using a firewall
Avoiding trouble online
I know you’ve heard horror stories about hacking: Big corporations and big government installations seem to be as open to hackers as a public library. Often, you read that even entire identities are stolen online. When you consider that your Mac can contain sensitive and private information about your life — such as your Social Security number and financial information — it’s enough to make you nervous about turning on your computer long enough to check your eBay auctions.
But how much of that is Hollywood? How truly real is the danger, especially to Mac owners? And how can you protect yourself? The good news is that you can easily secure your data from all but the most determined hacker. Depending on the hardware you’re using to connect to the Internet, you might be well guarded right now without even knowing it.
In this chapter, I continue a quest that I’ve pursued for over two decades now — to make my readers feel comfortable and secure in the online world by explaining the truth about what can happen and by telling you how you can protect your system from intrusions.
Before I begin, I want to offer you a moment of reassurance and a little of my background to explain that I’m well qualified to be your guide through this online minefield. (After all, you don’t want Andy Samberg lecturing you on how to maintain your Internet security. He’s a very funny guy, though.)
With that understood, here’s what can happen to you online without the right safeguards, on any computer:
To be absolutely honest, some danger is indeed present every time you or any user of your Macintosh connects to the Internet. However, here’s the good news. With the right safeguards, it’s literally impossible for most of those worst-case scenarios to happen on your Macintosh, and what remains would be so difficult that even the most die-hard hacker would throw in the towel long before reaching your computer or network.
Using a Macintosh gives you an advantage: Hackers and virus developers (there’s a career for you) are traditionally interested only in “having fun” with PCs running Windows, so the likelihood that Yosemite could pick up a virus is far less than it would be if you were using Windows. As I mention earlier, if you boot into Windows using the dual-boot feature on your Macintosh (which I discuss at length in Book VIII, Chapter 1), you need to pay heed to Windows security — the same warning also applies to those running Windows in a virtual machine (using programs like Parallels Desktop or VMware Fusion).
Heck, I even know a couple of fellow Mac owners who feel they just don’t need antivirus protection — but believe me, this is not an area where you want to be lax and lazy, and you still need an antivirus application! (More on antivirus software later in this chapter.)
I also want to point out that virtually everyone reading this book — as well as the guy writing it — really doesn’t have anything that’s worth a malicious hacking campaign. Things like Quicken data files, saved games of Borderlands 2, and genealogical data might be priceless to us, of course, but most dedicated hackers are after bigger game. Unfortunately, the coverage that the media and Hollywood give to corporate and government attacks can turn even Aunt Harriet more than a little paranoid. Therefore, time for another of Mark’s Maxims:
It’s not necessary to fear The Bad Guys each time you poke your Mac’s power button. A few simple precautions are all that are required.
“Okay, Mark, now I know the real story on what can happen to my computer online. So what do I do to safeguard my Macintosh?” You need but two essential tools to protect your hardware (besides a healthy amount of common sense, which I cover in the upcoming section “A Dose of Common Sense: Things Not to Do Online”): a firewall and an antivirus program.
First, a definition: A firewall is a piece of hardware or software that essentially builds an impermeable barrier between the computers on your side of the wall (meaning your Mac and any other computers on your network) and all external computers on the other side of the wall (meaning the rest of the Internet).
“But wait a second — if other computers can’t reach me and my Mac can’t reach them, how can I use the Internet at all?” Ah, that’s the beauty of today’s firewalls. By using a series of techniques designed to thwart attacks from the outside, a firewall allows you to communicate safely, even monitoring what you send and what you receive for later examination. Figure 6-1 illustrates the basics of a firewall.
A firewall sounds grand and incredibly complex and highly technical — and sometimes it is — but it can also be incredibly simple. For example:
or
Believe it or not, both of those examples technically involve a firewall. In the first case, the firewall is a physical, tangible presence on the network; in the second case, the lack of a connection to the Internet acts as a firewall. (Think of it as the Air Firewall.) I’ve spoken to a number of readers who do this; however, if you’re running a website or downloading a file from your company’s FTP site, yanking the connection when you head to bed isn’t an option. Therefore, most of us will install a physical firewall through hardware or software.
In some cases, you might already be using a hardware firewall and not even know it. For example, many Internet-sharing devices include a built-in NAT firewall. Network Address Translation (NAT) is the most effective and popular hardware firewall standard in use by consumer devices. If you’re using an Internet-sharing router, check its manual to determine whether it offers NAT as a firewall feature — and if so, turn it on if NAT isn’t enabled by default. (See Book VI, Chapter 2, for more on Internet sharing, routers, and firewalls.)
For instance, Figure 6-2 illustrates the configuration screen for my Internet router. Note the options to disable port scanning and ping responses, which are two tricks that hackers often use to detect what’s often called a “hot computer” — meaning that the computer can be identified and is accessible to attack. Wireless networks are notoriously hot. For more information on securing your wireless connections, visit Book VI, Chapter 4.
OS X includes a powerful internal firewall, which Yosemite makes simple to use. Most Mac owners are perfectly satisfied with this built-in firewall, which is configured through System Preferences. Find more information on setting up your firewall in Book VI, Chapter 2.
You’ll also find a number of popular alternatives to the Yosemite built-in firewall that offer more control over individual applications and more configuration options. For example, consider these commercial software firewall applications:
Next, consider your antivirus protection (under Yosemite and Windows 7 or 8 if you’re running Boot Camp on an Intel-based Mac). Viruses are typically transmitted through applications. You run a program, and the virus is activated. Although they don’t meet the traditional definition of a virus, both scripts and macros can be used to take control of your system and cause trouble, as well. Therefore, you need to closely monitor what I call The Big Three:
A good antivirus program takes care of any application that’s carrying a virus. Some even handle destructive macros in documents. Make sure the antivirus program you choose offers real-time scanning, which operates when you download or open a file. Periodic scanning of your entire system is important, too, but only a real-time scanning application such as VirusBarrier X8 can immediately ensure that the StuffIt or Zip archive or the application you just received in your email inbox is free from viruses. (Oh, and don’t forget that many of the software updates released by Apple for Yosemite plug security holes in our favorite operating system — yet another reason to keep your system updated.)
I heartily recommend both ClamXav 2 (free for personal use at www.clamxav.com) and Intego’s VirusBarrier X8 for Mac (which is included as part of the Mac Internet Security X8 suite I mention earlier) for antivirus protection. Both programs include automatic updates delivered while you’re online to make sure you’re covered against the latest viruses.
You can use one more powerful weapon to make sure your Mac stays safe from unlawful intrusion: common sense. Practicing common sense on the Internet is just as important as adding a firewall and an antivirus application to your Mac.
With this in mind, here’s a checklist of things you should never do while you’re online:
Find more details on securing your network from intrusion — including Internet hacker attacks — in Book VI. In Book II, I cover System Preferences that can affect the security of your system.