By Vic Hargrave
While those of us who use Macs have felt safe from virus attacks, recent security news should give us all cause for concern. During the past few weeks the MacOS has been the target of fake antivirus malware in the forms of MACDefender, MacProtector, and MacGuard.
To make a long story short, victims were led to malicious sites that tricked them into downloading fake AV malware ̶ to get rid of viruses they didn’t have ̶ and paying for the fake AV malware online that enabled the bad guys to steal their credit card numbers. Fake AV scams like this have existed for years in the Windows world but were comparatively rare for the MacOS, until now.
MACDefender and MacProtector both require users to enter their passwords to install. MacGuard on the other hand installs itself when users clicked on the “Open safe files after downloading” option in Safari. It’s not a good idea to open downloads automatically so you should disable this option. But this is just a first step. There are other precautions you can and should take to help protect your Mac and your wallet from fake AV threats.
Create Another MacOS User Account With Limited Privileges
Most MacOS users login to their systems with a single “Administrator” level account that has full and unrestricted access to all system resources. In addition, many users login automatically to their systems as administrators without providing user name or password. Convenient though this may be, it is not a secure arrangement.
The first thing you should do is disable automatic logins. Here’s how:
- Open your System Preferences panel.
- Click on the Security icon in the Personal section.
- Click on Disable automatic login.
From now on you’ll have to provide your user name and password to use your Mac.
Next you’ll want to create another user that has limited system privileges, more specifically, a “standard” user who cannot install software automatically without authentication. Here’s how you do this:
- Open your System Preferences panel.
- Click on the Accounts icon in the System section.
- Click on the + symbol under the Login Options portion of the accounts section.
- Enter the full name, account name, password and password for the new account. Remember to choose a good password.
- Make sure the New Account field is set to “Standard”.
- Click on the Create Account button.
- When you return to the Accounts screen make sure the “Allow user to administer this computer” is unchecked for the new user account.
Now you can login with the new standard account you just created. When you try to install software as a standard user, either intentionally or accidentally, the MacOS will prompt you for your Administrator account’s credentials. This effectively blocks malware like MacGuard from sneaking onto your system without your knowledge.
Of course, if you log in with your administrator account, you can still install bad stuff, but at least with another login you are given a chance to think twice about it.
Keep Your MacOS Up-to-Date
Apple posts frequent security updates to the MacOS, but they don’t always get downloaded to your system in a timely fashion. You can manually check for updates as frequently as you like by following this procedure:
- Click on the Apple icon in the upper left hand corner of your desktop.
- Select “Software Update…”
- If you are doing this from the standard account you set up in the previous section, enter you Administrator login credentials.
The Apple update server will send back any updates available and you can either apply them immediately or wait until later.
Don’t Forget to Use URL Blocking Software
Let’s not forget that if the victims of the MACDefender, MacProtector and MacGuard hadn’t gone to the sites that hosted the malware, they wouldn’t have gotten in trouble in the first place. Avoiding malicious websites is always an effective strategy for staying safe in cyberspace.
Trend Micro™ Smart Surfing for Mac provides the capabilities to block links to dangerous websites and perform regular malware scans on your Mac to keep it free from viruses and spyware.