Defending Your Mac from Net Attacks

The Internet is a major source of threat to the health and well-being of your Macs and the network to which they are connected. You face two fundamental types of threats: viruses and hackers. Although viruses receive more media attention, defending against viruses is easier than defending against attacks from hackers. However, with some relatively simple activity, you can protect yourself from both threats.

Defending Your Mac from Virus Attacks

No matter what level of computer user you are, because of the extensive media hype about viruses, you are likely to be keenly aware of them. Although many viruses are relatively harmless, some viruses can do damage to your machine. Part of practicing smart computing is understanding viruses and taking appropriate steps to protect your machine from them.


Under previous versions of the Mac OS, there were many fewer viruses on the Mac platform than for Windows or other operating systems. And, as of the release of Mac OS X, version 10.3, this is still the case. However, because Mac OS X is based on Unix, Unix viruses can be a threat to machines running Mac OS X. Until this threat is more fully understood, Mac OS X users would do well to pay additional attention to virus threats.

Understanding the Types of Viruses

Although there are many types of individual viruses, there are two major groups of viruses of which you need to be aware:

  • Application viruses? These viruses are applications that do something to your computer. What they do might be as harmless as displaying a silly message or as harmful as corrupting particular files on your hard drive.

  • Macro viruses? A macro virus can be created in and launched by any application that supports macros (such as the Microsoft Office applications). When you open a file that has been infected by a macro virus, that virus (the macro) runs and performs its dirty deed.

Covering the multitude of viruses that are out there is beyond the scope of this book and, besides, there is no real need to become an expert on the viruses that exist. It is more important to understand how to protect yourself from these viruses and be able to recover from an infection should one occur.

Preventing Virus Infection

I hate to use this cliché, but when it comes to viruses, an ounce of prevention is indeed worth a pound of cure. The main way to avoid viruses is to avoid files that are likely to have viruses in them. Following are some practices to help you "stay clean":

  • Find and use a good antivirus software program; keep the virus definitions for that application up-to-date.

  • Be wary when you download files from any source, particularly email. Even if an email is apparently from someone you know, that doesn't mean the attachments it contains are safe. Some users will unknowingly transmit infected files to you (especially beginning users). Some viruses can use an email application to replicate themselves. Before you open any attachment, be sure it makes sense given who the recipient is.

  • When you do download files, download them from reputable sites, such as magazine sites or directly from a software publisher's site. These sites scan files for viruses before making them available so your chances of getting an infected file are lower. Remember the expression, "Consider the source."

  • After you download a file, run your antivirus software on it to ensure that it isn't infected. Most programs let you designate the folder into which you download files and automatically check files in this folder.

Identifying Virus Infection

Even with good preventive measures, you might occasionally become infected. Hopefully, you will find out you have been infected by being notified by your antivirus software?that means it is doing its job. But if you suddenly notice that your computer is acting peculiarly, you might have become infected. What does acting peculiarly mean? Viruses can have many different effects on your computer; some of the more common effects are the following:

  • Weird messages, dialog boxes, or other unexpected interface elements? Sometimes viruses make themselves known by presenting something odd onscreen. So, if you suddenly see a strange dialog box, you might have stumbled across a virus (for example, one of the Word macro viruses causes a happy face to appear in Word's menu bar). They can also cause menu items to disappear or be changed in some way.

  • Loss in speed? Viruses often make your computer work more slowly.

  • Disappearing files? Some viruses cause files to be deleted or hidden.

  • Errors? Many viruses cause various errors on your computer and prevent applications from working properly. If you haven't changed anything on your machine for a while and you suddenly start experiencing errors, you should check your computer for a possible infection.

Using Antivirus Software

Although the best defense against viruses is being very careful about the files you transfer onto your machine, you should also obtain and use a good antivirus application. Good antivirus applications generally perform the following functions:

  • Monitor activity on your computer to identify potential infection

  • Periodically scan your drives to look for infections

  • Notify you if an infection is discovered

  • Repair the infected files and eliminate the virus

  • Delete infected files if repairing them is impossible

  • Enable you to identify particular folders that should be scanned automatically, such as the folder into which you download files

  • Update themselves automatically


Most viruses are identified by their code. The antivirus software knows about the virus's code through its virus definition file. As new viruses appear, this virus definition file needs to be updated so that the new viruses will be recognized as being viruses. You can usually obtain an updated virus definition file from the Web site of the manufacturer of your antivirus software. Most programs automate this process and can update the virus definition at intervals you set.


One of the important things to look for in an antivirus program is that it can detect and repair macro viruses. Macro viruses are easy to create and spread, and some of them are quite nasty.

As with previous versions of the Mac OS, there are several major antivirus applications, including Norton AntiVirus for Mac and Virex.

These applications provide most of the features in the previous list, and they work well. You should obtain and use one of these applications to protect your Mac against viruses and to repair your Mac should it become infected.

If you have a .Mac account, you can download a free copy of Virex. When you download and install Virex, you can keep its virus definitions current and access other virus resources as well.

To get more information about Virex and to download it (if you have a .Mac account), visit and click the .Mac tab.

Viruses and You

Frankly, viruses are less of a problem than they appear to be from the tremendous amount of media hype they receive. Most of the time, you can protect yourself from viruses by being very careful about the files you receive in email or download from the Web. Because the only way for a virus to get onto your machine is for you to accept a file in which it is contained, you can protect yourself from most viruses by using common sense. For example, if you receive an email containing an oddly titled attachment (such as the famous I Love You file), you should either request more information from the sender before you open the file or simply delete the message.

This is one case is which being in the minority as a Mac user is beneficial. The vast majority of viruses are designed for Windows machines and have no affect on a Mac.

Adding and using an antivirus application makes your machine even safer, but if you are very careful about downloading files, you might find that you can get by just fine without one.

Defending Your Mac Against Net Hackers

If you have a broadband connection to the Internet such as a cable or DSL modem, being attacked by hackers is a much more real threat than are viruses. And with a broadband connection, you will be attacked, daily if not hourly or even more frequently. Hackers are continuously looking for machines they can exploit, either to do damage to you or to use your machine to do damage to others (such as using your machine to launch a spam attack). Most of these attacks are carried out by applications, so they can be both automatic and continuous.


Never expose a machine containing sensitive or production data to a broadband connection without protecting that machine from network attack. Doing so makes everything on such a machine vulnerable to exposure to a hacker, and the machine itself can be used to carry out attacks on other networks and machines.

There are two fundamental ways you can prevent your Mac from being hacked through your broadband Internet connection: Use a server/hub to isolate the machines on your network from the outside world or use a software firewall to protect each machine on the network from attack.

Using a Server and Firewall to Protect Your Network

You can isolate the machines on your network from attack by placing a physical barrier between them and the public Internet. You can then use a Dynamic Host Configuration Protocol (DHCP) server that provides network address translation (NAT) protection for your network, or you can add or use a hub that contains a more sophisticated firewall to ensure that your network can't be violated. A benefit to these devices is that you can also use them to share a single Internet connection.

To learn how to install and use a DHCP server or firewall, see Chapter 27, "Sharing an Internet Connection," p. 855.


One of the easiest and best ways to protect machines on a local network from attack and to share an Internet connection is to install an AirPort hardware access point. These devices provide NAT protection of any computers that obtain Internet service through them, and for most users, this is an adequate level of protection from hacking.

Using a Software Firewall to Protect Your Network

You can also install and use a software firewall; a software firewall prevents unexpected access to your Mac from the Internet. Software firewalls can be quite effective and might be the best solution if you have only a single Mac connected to the Internet.


Unlike a hardware firewall or NAT hub, a software firewall must be installed on each computer attached to your network.

A software firewall works by blocking access to specific ports on your Mac; these ports are linked to specific services. If hackers can access these ports on your machine, they can use them to attack your machine directly to launch attacks on other computers, servers, and networks (such as denial-of-service attacks, in which a system is overloaded by repeated requests from many machines).

Because Mac OS X is based on Unix, it has built-in firewall protection. You can enable this firewall to protect a Mac from Net attacks by doing the following:

  1. Open the System Preferences utility.

  2. Click the Sharing icon to open the Sharing pane.

  3. Click the Firewall tab.

  4. Click the Start button. The firewall begins working and blocks inappropriate requests for access to your Mac (see Figure 28.10).

    Figure 28.10. Enable Mac OS X's built-in firewall by clicking the Start button on the Firewall tab.



    To enable a service to access your Mac through the firewall, you need to enable the service on the Services tab first.

  5. If you want to enable specific ports for a service that you are allowing access through the firewall, select the service and click Edit. (You can't change the ports for built-in services, such as personal file sharing.)

Only the services you allow will be permitted to access your Mac. All others will be denied. This provides more than adequate protection for most Mac users.

You can gain more specific control over the firewall if you choose to. However, configuring this firewall directly requires a fairly complete understanding of Unix and firewalls and requires more energy and time than most Mac users will care to spend on it. A better solution is to use an application that provides an interface for the firewall so it is much easier to configure.

    Part I: Mac OS X: Exploring the Core
    Part III: Mac OS X: Living the Digital Life