Apple users: Try these five tips for better Mac security

Filed Under: Apple, Featured, Malware, OS X, Security threats

Security for Macs is often a hotly-debated topic, perhaps because Apple has a reputation for security that is based more on a brand promise than reality.

Unfortunately, Apple doesn't have a good reputation for transparency about security updates.

Unlike Microsoft, which has a long-standing and regular process for providing security updates, Apple simply provides updates when it feels like it.

This can leave many users unaware of the updates and even unconcerned with their own security.

Microsoft also has a long view about product retirement that appears to be totally lacking in Apple's case.

Windows XP users have known for a long time (or should know by now) that Microsoft is ending support for XP in April.

But what about Mac users?

Does anyone really know when Apple will end support for previous releases of OS X, or even what its current commitment is to support those versions?

When Apple released OS X 10.9, better known as Mavericks, it included a raft of security fixes that didn't come out for OS X 10.7 (Lion) or 10.8 (Mountain Lion).

Similarly, the OS X 10.9.1 point release was not accompanied by corresponding updates for 10.7 and 10.8 users.

But in Apple's latest Mac security update, when Mavericks 10.9.2 was released, the company published security fixes for Lion and Mountain Lion at the same time.

Poor Snow Leopard (OS X 10.6) is left out in the cold.

It's time to get Mavericks

In order to get Mac users to upgrade to OS X 10.9 Mavericks, Apple is giving away the upgrade for free: a good move by Apple, but not everyone is up to date.

Since Apple released Mavericks in October 2013, a lot of people have upgraded, but the majority of Mac users are still running something older.

For business users, companies have been even slower to upgrade than home users.

Our own survey of Macs running Sophos Anti-Virus, conducted at the start of 2014, showed that only about 18% of enterprise Mac users are running Mavericks, with 19% still running the out-of-support Snow Leopard.

Mavericks came out of the gate with numerous security improvements, and we recommend that the first thing you should do to stay secure on your Mac is to upgrade.

Just click on Software Update.. in the Apple menu to download Mavericks, or visit the Mac App Store.

Be warned: it's a big update, totalling about 6GB for the Mavericks download and the update to the latest point release, OS X 10.9.2.

But you will be moving forward to the latest, fully-supported-and-patched OS X version.

Once you've upgraded to Mavericks, which you can consider our Tip Zero if you like, here are five steps you can take to give yourself an edge against cybercrime:

1. Stay current with security updates

It's easy to keep your Mac up to date with security fixes.

You can use Software Update.. from the Apple menu to check for updates manually, or go to Apple Menu|System Preferences|App Store to set up your Mac to check for updates automatically:

OS X malware is much less common than malware attacking Windows, with the result that many Mac users seem to have adopted a rather casual attitude to security patches.

But cybercriminals are definitely trying to exploit Mac users who fall behind.

For example, we recently reported on digitally signed Mac malware that arrived as an undelivered courier item.

These phony package delivery messages actually contained malware designed to dig around in your Mac for interesting files, which the crooks then uploaded to a server under their control.

2. Turn off Java in your browser

One of the cybercriminals' favorite targets is Java.

Although Java is disabled by default on Mavericks, it should be turned off if you're not on Mavericks yet.

So, if you're on a pre-Mavericks version of OS X, make sure you turn it off in your web browser.

Apple's own employees had their Macs compromised by malware in February 2013 via a vulnerability in Java that criminals also exploited to compromise Mac users at Microsoft and Facebook around the same time.

In 2012, an attack on another vulnerability in Java infected 600,000 Macs with the Flashback malware (including some in Apple's Cupertino headquarters).

The truth is, you probably don't need Java to use the web, so having the Java plugin enabled just puts you at needless risk.

If you find that you do need Java after all, you can always turn it back on again.

3. Don't forget security updates for non-Apple software such as Java and Flash

If you use Oracle Java and Adobe Flash, remember that they have their own security patches to apply.

→ Unfortunately, Oracle and Adobe use different update calendars. Oracle issues regular security patches on the Tuesday closest to the 17th of April, July, October and January. Adobe's red-letter days are the second Tuesday in March, June, September and December.

In addition to scheduled updates, both Adobe and Oracle sometimes issue emergency fixes, often called out-of-band updates.

On Mavericks, Flash and Java have their own configuration items in the System Preferences window:

Both products can be set up to check for updates automatically:

4. Use Mac FileVault for full-disk encryption.

With so many ways for your files to fall into the wrong hands, full disk encryption (FDE) is an important defense.

If your whole disk is encrypted, no one without the encryption key can access any data on it at all.

Documents, downloads, applications, configuration settings, temporary files, everything - even the operating system itself - gets encrypted with FDE.

So if your Mac gets lost or stolen, you don't have to worry about any of your data falling into the wrong hands.

Macs have the benefit of easy full-disk encryption with Mac FileVault.

You can turn on FileVault by going to System Preferences|Security & Privacy|FileVault:

When you turn on FileVault, you'll get a back-up code, called the "recovery key," in case you forget your password.

Write this code down and store it in a safe place.

5. Use a Mac anti-virus

There are still OS X threat deniers out there who tell us that they consider malware in its traditional sense to be impossible on OS X, "because you have to click on and run a program by yourself and then type your admin password into the warning popup."

But at the recent PWN2OWN competition in Vancouver, Canada, Google's security team was able to break out of Safari and run a program as the OS X administrator, just by browsing to a website.

So attackers can sidestep both of those giveaways when launching malware.

A good Mac anti-virus program will prevent malware from loading, whether you make a bad choice of software to install, or visit a booby trapped website by mistake.

The free home version of Sophos Anti-Virus for Mac gives you the same protection that Sophos provides for our business customers, but it's completely, totally free.

Sophos Anti-Virus for Mac won't slow your computer down, and it automatically updates to protect you from all the latest threats, based on intelligence from our SophosLabs.

Get it now - you'll be glad you did when the next Mac malware threat rolls around.

(By the way, Sophos Anti-Virus for Mac also detects all the Windows malware that your Windows-using friends might email to you or pass to you via USB key.)

, , , ,

You might like

57 Responses to Apple users: Try these five tips for better Mac security

  1. Ian MacLaren · 181 days ago

    Mavericks is still not recommended by our IT team, as it has caused problems with some third party SSDs. I am running it, but not all at this site are.

    • Paul Ducklin · 181 days ago

      Really? (And, if so, is that the fault of the SSD firmware or of Mavericks?)

      Remember that there are IT teams out there that are still running Windows XP, and consider their reasons to be scientific :-)

      I don't mean to cast nasturtiums on your IT team, but if what they claim has a scientific basis, why don't they say "we recommend 10.9 unless you have upgraded your Mac's hard disk to one of these SSD models. [List included.]"

      If I had a third-party SSD that my IT guys thought might cause trouble if used with _any_ current mainstream OS version, I'd be inclined to replace it with an SSD that did not display that sort of instability. That's because my inclination, albeit that it might be wrong or even ill-informed, would be to distrust the SSD firmware as much as the OS.

    • 4caster · 178 days ago

      I had no problems after upgrading to Mavericks, but when I upgraded from Lion to Mountain Lion it deleted the drivers for my Brother printer and Agfa scanner without warning. Admittedly they were old (1999) but still working 100%. I had to seek and pay for third party drivers. Surely it would do Apple no harm to leave all drivers in place when they upgrade their OS. They only occupy a few Kbytes, and no-one's going to mount a cyber-attack via 1999 printer software!

      • Paul Ducklin · 178 days ago

        Upgrade from Lion, or from Snow Leopard? If you have Mac software from 1999, it'll be compiled for the PowerPC processor, and not even for OS X, which wasn't out then. Apple dropped the PPC and switched to Intel chips in 2006 for its Mac range. For a while, you could run old PPC software using an emulation/translation layer called Rosetta. This allowed old apps to run, but not as well as modern apps. Apple removed Rosetta from the default install of OS X in 10.6, and binned it for ever in 10.7.

  2. Sacha Sommer · 181 days ago

    As far as I know Apple is always supporting the 3 last editions of OS X.

    • Paul Ducklin · 181 days ago

      I've heard lots of people say this. I even used to think it was a "fact" myself.

      But, as JohnZ asks in the article, "Does anyone really know when Apple will end support for previous releases of OS X, or even what its current commitment is to support those versions?"

      And if Apple really *is* supporting 10.7 and 10.8, where were the security updates to align with 10.9 and 10.9.1?

      In short, Apple *seems* to support the current and two previous versions, albeit a little half-heartedly.

      But I can't find anything to make that a *fact*...it seems more a question of "what everyone thinks/would like to be true," and Apple isn't saying.

      • Apple isn't saying because that would mean going on record with their total absence of long term support, and they don't want to do that. They keep you guessing just so people will assume there more support than the actually give.

  3. Graham G · 181 days ago

    Great Advice - as long-term Mac users (for Graphic Design/Print), we have used anti-virus for many years. HOWEVER, people updating to Mavericks should be aware that there are many (expensive!) programmes - in Graphics Arts especially, which are not compatible in their older versions. Check absolutely that your versions are compatible before upgrading, or be prepared to pay for the "Mexican Hut" in the Cloud or a major upgrade to the big "Q"!

    • Paul Ducklin · 181 days ago

      Isn't it an irony that the more expensive the software, and the bigger the vendor, and the more coders and testers they have...

      ...the slower they are to support the latest version of the operating systems they claim to support :-)

      (Apologies for the unscientific comment. Consider it satirical, not a law :-)

      I switched to Mavericks the day it came out. I found two applications that said they didn't support 10.9 - and neither vendor could be bothered to say when it might do so.

      I used it as an excuse to test the market. I quickly found replacements that I rapidly realised were greatly superior. Perrhaps that's because the vendors were still actively developing them, not spending time explaining to their customers why they were stuck in the past?

  4. Basically everything in this article shown as a security recommendations is the default configuration of the Apple's OS X. Well, except the introduction (plenty of FUD) and the final recommendation that the user need buy anti-virus tools.

    • Vito Tuxedo · 181 days ago

      No, the article's intro is FACT, not FUD. And I guess you missed the part about Sophos Antivirus for Mac being free.

    • \facepalm · 181 days ago

      I agree Antonio. The computer security researchers at Sophos do not know what they are talking about, I mean once they touch the surface of a Mac they will understand why Mac's are invulnerable to all things bad.

      Seriously though, my Mac did not come encrypted or prompt me to encrypt the hard drive and it doesn't automatically set flash and java for auto update. Besides, what is wrong giving security tips so people who are not as security savvy can double check their configuration?

      > "The free home version of Sophos Anti-Virus for Mac..."

      Lastly, where did it say to buy anti-virus tools? You do realize what FREE means, right?

      See you at the next troll meeting!!!

  5. Mark · 181 days ago

    For those of us that were left in the dust a long time ago by Apple, all I really do is use Sophos and pray. I'm using Safari 4.1.3 as I'm using an old Apple eMac People PC, running Mac OS X 10.4.11, and really can't update to anything newer in the Apple world. Java has been turned off for years and I always block pop-ups and browse in private.

  6. Paul · 181 days ago

    You are a real piece of work, you are obviously jealous of Apple and it's lack of need for people like you and Sophos. I tried Sophos three times on my Macs and it slow the the machine down to a Wintel speed. It didn't find problems it created them. There are other programs that do a better job and do not slow the machine down. This whole article is to promote you as being brilliant and Sophos as being essential for a healthy Mac. You did not make the sale, but revealed yourself as a Wintel guy that thinks common knowledge is a sign of brilliance.

    • Paul Ducklin · 180 days ago

      "Wintel." I haven't heard that word in years.

      You definitely win the flame-of-the-week award, though, despite your anachronism.

      PS. What's wrong with "common knowledge," as you call it? Do you think that facts are somehow demeaned if they become widely known?

  7. Will · 181 days ago

    These tips are all great, but please be aware that Snow Leopard has not been confirmed as "out of support" - it simply didn't have the SSL bug that was fixed in 10.9.2 (and on 10.7/8).

    • Paul Ducklin · 181 days ago

      For a product that isn't "confirmed dead", things are nevertheless looking dangerously lifeless on the 10.6 support front, wouldn't you say?

      If I were a gambling man (there's a song about that!), I'd wager that 10.6 *is* out of support, not least because 10.7 and later all have a different architecture and only work with newer, albeit now fairly old, Macs. As a cut-off point, supporting back to 10.7 makes a lot more sense for Apple than supporting back to 10.6, and can be still be considered reasonably generous.

      Think of it as a generational shift.

      I'd written off 10.7 and 10.8 as unsupported, too, until they inexplicably got security updates at the same time that 10.9.2 came out. The appearance of updates for those versions and not for 10.6 sounded like a bit of a requiem for 10.6 to me.

      (Don't forget - the SSL bug that wasn't in 10.6 *wasn't in 10.7 or 10.8 either*.)

      • Will · 178 days ago

        I'd normally be inclined to say yes because of the time since the last update, but keep in mind they still sell Snow Leopard on their store and it received a security update as recently as October, so I'm not sure I'd classify it as confirmed dead, or even dangerously lifeless...and it's the very fact that they DO have a different architecture is what's keeping SL alive. Many macs still in service can't update.

        You're also seemingly assuming that previous versions of the OS have the same bugs (and thereby require simultaneous updates). It's true that 10.7/10.8 didn't have the SSL "go-to fail" bug mentioned, but the 10.8 patch corresponding with 10.9.2 DID actually fix a different SSL bug, leaving certain traffic vulnerable to malicious decryption.

        Again, I'm not debating the validity/worth of the tips above, all I'm saying is that signaling the end of SL seems a bit...premature to me.

        • Paul Ducklin · 177 days ago

          "As recently as October" is what made me consider it dead, not alive :-) In fact, the last security update for 10.6 (I'm not counting the Java update that applied to 10.6, just Apple's "here is a 10.6 security update") that I can find is dated 12 September 2013.

          So we've gone from equinox to equinox - with no security updates at all for 10.6. (In that time, 10.9 has had three, 10.8 has had one, and 10.7 has had one. You are invited to extrapolate to the next equinox based on these figures.)

          Interestingly, Apple explicitly denotes the OS X 10.9 release as a security fix for "Mac OS X v10.6.8 and later" on the HT1222 page. So, strictly speaking, the most recent security update for 10.6 was in October 2013, and it was called Mavericks :-)

          An OS in the modern era that has had zero security fixes for six months while its more recent versions get several...I'd be inclined to call that unsupported. Or as good as.

          • Will · 177 days ago

            That is a tad hyperbolic, no? First, a Java update in a case where it's embedded in the OS (and not a totally separate install as with Windows) is a security update in my opinion. However, even if we ignore that, the next update is a month earlier, as you noted, as frequent as it is with Microsoft.

            As far as Mavericks being a security update: you were reading a security update list (HT1222), and it was referencing several things that promote upgrading if you are able. Similar content can be found for both Vista and Windows 7. Nowhere did it say, "security update for Snow Leopard, install Mavericks now".

            Snow Leopard went through several major revisions (10.6 - 10.6.8) which fixed many things and they've slowed down as they're not making feature additions to the OS anymore. Increased patching frequency for a newer OS isn't necessarily an indiciation of anything beyond the fact that it's new code, and new vulnerabilties have been identifed.

            Without knowing the specifics, I'd wager that XP patches have slowed (in number, not frequency) as they continue to identify and fix vulnerabilities without adding significant new features (thereby increasing the liklihood that things will need patching). They just happen to have a much larger target on their back thanks to install base, and more eyes on them. They're also working with a code base that has a 10 year lifespan (more if you count legacy code it was built upon), and continued to have a plethora of changes. That's more equivalent to OS 10.x than it is 10.6, 10.7, 10.8, etc.

            • Paul Ducklin · 177 days ago

              I'm simply not convinced that a six month hiatus of security updates in 10.6 is a healthy sign. Apple does have a history of slow response to security problems (look how long it took to patch the infamous - and serious - sudo bug last year! look how old the SSL bug is that was fixed in the last 10.8 update!), but no patches at all for six months feels unlikely to me.

              (Anyway, why doesn't Apple just say, "Yes, 10.6 is fully supported, and there will be security updates if and when"?)

              XP patches may have slowed but I don't recall a month there hasn't been at least one...

  8. Vito Tuxedo · 181 days ago

    I agree that it sucks that Apple provides Mac users with no clear statement of its schedule and policy for support of earlier versions of OS X. It does seem that Snow Leopard users have been rudely abandoned without so much as a nod or a warning.

    Unfortunately, "Tip Zero" (install Mavericks) is easier said than done. The fact that Apple doesn't charge for Mavericks doesn't make it "free". It broke many apps and plugins that I rely on for my daily workflow. Developers are gradually releasing fixes, but there are still enough that don't work in Mavericks to make it not just a nuisance to install it, but an outright impossibility if I want to remain productive. At this point, the lost productivity that would result from installing Mavericks is too high a price to pay for a "free" system.

    On the upside, I'm glad to see that Apple is still supporting Mountain Lion...at least for security fixes. Abandoning that version of OS X at this point would be tantamount to twisting the knife.

    • Paul Ducklin · 181 days ago

      I hear you, and there is some truth in the idea that Mavericks "broke" old apps.

      But (as I alluded to above in replying to the comment by @Graham G) there's also a sense that it's the old apps that are "broken."

      Maybe some of the apps you have that don't work could be replaced by ones that do? Those developers who haven't updated their apps yet...how quickly would they be able to update in the event of a security hole?

      • Vito Tuxedo · 177 days ago

        II realize that you're writing for a much larger audience than someone like me, who has invested a small fortune in pro audio, video, and music software. So I assume your comment about there being "some truth" in the breakage wrought by Mavericks means that it didn't break anything (or didn't break much, at least) for most of the Mac users whose hardware will run Mavericks.

        That might well be true, but it's irrelevant to me and to any other user who depends on production software that Mavericks broke. And I'm not talking about poorly supported apps by little known developers with a relatively small user base. I won't mention them here, but it's a virtual certainty that you've watched movies and listened to music produced with these apps, plugins, and libraries...and if you haven't, millions of others have. For better or worse, they're the tools I own. Where it's even possible to replace them (and in some cases it's not), the cost would be prohibitive.

        Even so, I've already replaced many apps with more recent versions (some of which STILL don't work in Mavericks)—not because I have more dollars than sense, but because I recently updated my system from Snow Leopard (SL) to Mountain Lion (ML). The hell of it is that everything was working perfectly in SL; my workflow zipped right along with no interruptions. But, like you, I'm counting Snow Leopard as essentially dead. I can read the signs. My perfect workflow won't stay that way if my Mac Pro gets taken down by an attack on an unsupported system.

        So I swallowed hard, installed ML on a cloned boot volume on a "test bed" drive, and set myself to the task of spending some time each day testing everything in ML on the test bed drive. As expected, I found many apps that I had to replace (...no Rosetta after Lion). All in all, it took several weeks to plan for and make the transition to ML without a loss of productivity...er, not counting the time it took to make it happen with minimum disruption, and not to mention the cost in replacing software that wouldn't run in ML.

        But there's no point in grumbling about the forced obsolescence of stuff that's working perfectly well. It's a fact of life now. We don't have to like it, but we do have to deal with it if we want to stay secure. I consider that a responsible approach.

        Nevertheless, my paycheck also depends on my productivity, and I have responsibilities there too. My family has grown accustomed to living indoors. Downtime costs money and pays nothing. I don't appreciate being stuck between a security rock and a productivity hard place. From my perspective, the (apparently) nonchalant attitude that you have observed in Apple's support of their software doesn't reflect a high regard for the combined factors of continued productivity, security, and the budgets of Mac users. It seems to me that Cupertino could learn some lessons from Redmond in that regard.

        • Cavenewt · 174 days ago

          Thank you for this articulate comment. I don't mind blogs recommending an upgrade, as long as they preface it with a warning to do your due diligence to make sure everything is compatible.

    • Bill K. · 181 days ago

      Excellent point regarding lost productivity time. I too have encountered a vast number of mystifying work-flow disruptions following my transition from Mountain Lion to Mavericks.

  9. If you iMac is older than mid 2007, as mine is, then you can't upgrade.

    • Daniel Hiller · 178 days ago

      This really peeved me off! I have an older (2006-7) MacBook Pro 15 so I tried upgrading to Mavericks as soon as it came out. I couldn't upgrade from 10.4 so had to Buy Snow Leopard (10.6), only to find that the hardware wasn't supported by Mavericks! Even the 'Evil Empire' support upgrades to the nasty Windoze 8 on hardware older than 2007 (yes, I know there are minimum requirements) but Apple don't make it easily known that you should check your hardware FIRST before trying to upgrade.

      • Paul Ducklin · 178 days ago

        To go into bat for Apple for a moment...choose your favourite search engine...try "mavericks hardware requirements" and you should land here:

        http://support.apple.com/kb/ht5842

        Your OS version is nine years old and your Mac about eight years old...I don't think it's _entirely_ unreasonable to assume you'd check that your computer's up to the task of running the latest version of any OS. (If you downloaded a modern 64-bit Linux distro, would you blame the Linux Foundation for the wasted bandwidth when it refused to run on your 32-bit processor?)

  10. Brian · 180 days ago

    IMHO, the last great Mac was the beige G3. That said, I own 3 quad core G5's running 10.4.11, because that was the last OS to support the classic environment, which, btw, Apple promised would always be supported. The reason; I have thousands of dollars invested in classic applications that to this day still do everything I require of a computer. Note that a G5 processes faster than any of the Window XL systems I use at work. If I eventually lose I'net access because of this, so be it.

    • Paul Ducklin · 180 days ago

      You should try one of the new quad core Macbook Pros with Retina display and SSD, even if you have to chuck out your old apps and find free open source alternatives :-) (You don't say what your classic apps are.)

      • Brian · 180 days ago

        Here's a list of a few of my classic applications: Adobe Acrobat, Adobe Illustrator, Pagemaker, Adobe Photoshop, Aldus Persuasion, SuperPaint, Amazing Slow Downer, Appleworks, BBEdit, CADintosh, CanOpener, Canvas, Corel Graphics, FileMaker, Fontographer, FoxBase, FreeHand, HyperCard, a limited version of MetroWorks Code Warrior, M.Y.O.B., NissusWriter, OmniPage Pro, Practica Musica, Quark Express, Dantz Retrospect, RightWriter, TurboPascal, TypeStyler, TypeTwister, Vellum and my least favorite; Microsoft Office. That's before I get into all of the MIDI and recording software I have, the utility software that still functions and then there are my classic games. The bottom line is, I have no reason to spend more money to replace applications that do exactly what I need.

        BTW, most of all, I miss AppleTalk which networked my Apple laser printer, dot matrix printer (I love carbon copies) and QMS ColorScript 210 printer and I can no longer use my SCSI CD changer because there are no drivers for it for OS 10. However, I still have my Mac IIFX, Quadra 950 and the beige G3, but I do not have the space to set them all up...

        • Paul Ducklin · 180 days ago

          SCSI CD drives...now *there's* a trip down memory lane :-)

          I think you can use an old PowerPC-based Mac running OS 9 as an AppleTalk to TCP/IP router.

          • Brian · 178 days ago

            And I have an external RAiD 5 array attached to one of my G5's right now. (Thank God for ATTO!) 8)

            As I said, I don't have the space to set up another computer. I do appreciate the help with the inexpensive apps.

        • 4caster · 178 days ago

          That lot would cost much more to replace than a new computer costs. You are right to be annoyed with the planned obsolescence of the computer industry.

          • Paul Ducklin · 178 days ago

            Maybe there are modern alternatives that can do as good (or nearly as good a job) for much less money? Pixelmator or GIMP for images, for example; Inkscape for vector graphics; Pages for Word; Keynote for Powerpoint? (Most people I know who have tried Keynote simply never go back to PPT. And Keynote, which was always fairly cheap, is now $0.)

  11. Tim Mars · 180 days ago

    I'm on Snow Leopard and the reason I haven't upgraded to Lion, Mountain Lion or Mavericks is that they don't support Rosetta. I run Microsoft Office X for Mac (2001) and would lose that by upgrading. I need the later, fully OSX-native Microsoft Office to dispense with Rosetta.

    At the suggestion of an Apple Store Genius Bar techie, I was recently planning to upgrade from Snow Leopard until I discovered that Microsoft Office 2004 and earlier (including Office X) will not work as Rosetta (which is needed to transition PowerPC-based applications like Office X) is neither included nor supported in Lion or later. I'm glad at least I found out before upgrading!

    Office X is already over-featured for what I need, but I can't do without Word and PowerPoint.

    And please don't just tell me to shell out £100-odd for an up-to-date Office for Mac suite!

    • Paul Ducklin · 180 days ago

      Well, if Word and PowerPoint are *that* important, presuambly for business purposes, surely £100 isn't that much to pay? If you've made your current version of Office last 13 years, then the per year cost is pretty low.

      You could, of course, just use Pages and Keynote instead. They're native Mac apps and they are free. Or just grab Libre Office and you'll never need to pay for Microsoft Office again.

      I often wonder how much people who go out of their way to save £100 on a software upgrade end up costing themselves in time, added security risk, and incompatibility? (How on earth do you open Office files from the vast majority who have recent versions of Office, which use file formats incompatibile with yours?)

  12. Joe · 180 days ago

    I have a 4GB MacBook Pro and upgraded to Mavericks -- briefly. After a few weeks with it, I had to return to Mountain Lion because it was just too damned slow. Admittedly, it is a 5 year old laptop, but I do not feel it's justified to throw any more money at it, even for a memory upgrade. With the exception of the advice to go to Mavericks, this document hits all the right notes. For those who do NOT think an OSX machine can get viruses, you apparently haven't been watching your Mac-based antivirus program catch mainly Internet threats before they land on your hard disk. I've seen a steady increase in OSX threats over the last few years.

    • Gail · 177 days ago

      I too upgraded to Mavericks as recommended and found it slower than molasses, it did not support my digital camera software, it messed up my printer software,and it changed my gmail in ways I didn't like. So I had to have Apple support help me delete Mavericks and reinstall OSX 10.6.8 (from my backup hard drive, which I'm so happy I had). I'm much happier now and just crossing its my fingers that Apple will update 10.6.8. By the way, does Sophos update its antivirus software for Mac? I installed it but have seen no upgrades.

      • Paul Ducklin · 177 days ago

        There are updates numerous times a day :-)

        If you want to see if updates are working you can right click the shield and choose "Update Now." This makes the update process visible in a popup window. Also, while an update is downloading, the "S" in the shield becomes a small arrow moving downwards.

  13. Bacteria · 180 days ago

    Sophos always (or, at least very often) hangs when doing a fast users switch. This should be fixed. I used the latest Enterprise version of Sophos AV on Mavericks. Happens also with the free SAV version.

    • Paul Ducklin · 180 days ago

      I'm afraid I can't offer you advice or support for your Fast User Switching problems - if you're an enterprise customer I presume you have tried support - but I do have a solution for you.

      Don't use fast user switching :-)

      (I don't have a lot of science to go on here. But I've never been a fan of "fake logouts," which is pretty much what Fast User Switching is. It lets you log in as user X and user Y, and perhaps Z and M as well, simulataneouly, but shields all but one of the users from the keyboard and mouse. It can be very handy - standard example is flipping to an account that doesn't have all your work files lying on the desktop when you want to do a presentation. But I am convinced it gives a false sense of security, since switching from user X to Y gives the impression that X has logged out, where in fact all X's processes keep on going.)

      That doesn't fix your latent problems with Sophos Anti-Virus, or (to be fair to us) what might be an interaction between SAV and some other app that doesn't like running in two sessions at a time, and I'm not offering it as an excuse or explanation. I'd recommend to anyone to be logged in, or logged out (or shut down), and nowhere in between. Just feels leaner, meaner and cleaner to me.

  14. Much as I agree that Apple is not up to par with their attention to security, certainly over the past year, I have to take exception to your praise of Microsoft's monthly update approach versus Apple's 'when they feel like it' approach. Removing the 'feel' aspect of Apple's approach, providing random security updates is EXACTLY the way to do it. Scheduling regular expected security like clockwork is exactly the WRONG way to do it. Why: (And note that this is a very old subject of contention). You want two things:

    1) Get the security update out ASAP. No waiting around for any schedule. Throw the schedule away and never return to it. The goal is only ASAP fixes, nothing else.

    Having an expected schedule means handing the malware and exploit rats a critical tool to help them perform their evil deeds. You've let them know when the updates are coming out. They sit poised at the ready, slurp in the CVEs that were patched, then rapidly rip out into the wild exploits and malware to take advantage of them. This is quite effective because there is consistently a large number of users who do NOT install security updates the moment they're released, therefore they get a pwn-job. 'Gee thanks!' reply the malware rats.

    2) Automatic random patches without fanfare or expectation. Apple is able to make malware inert ASAP via its XProtect system. Malware hits the streets, Apple blocks it in XProtect, silently, in the background, the user and the malware rats never know unless they're constantly surveilling the XProtect background updates. Now, admittedly Apple did a face plant with XProtect this past year, missing several in-the-wild malware. They had to be shamed in public to catch up, a recurring theme in Apple's history. But their approach with XProtect is brilliant. It's so background and unnoticed that it wasn't even mentioned in this article.

    • Paul Ducklin · 179 days ago

      You seem to be suggesting that the crooks will more easily be able to reverse engineer a patch if they don't know what day it's coming out than if it comes out on the second Tuesday of the month - even though, once published, each type of patch is 100% public.

      I find that astonishingly hard to believe. Reversing a patch becomes feasible immediately a patch is published, and not before.

      As for XProtect being "an anti-virus," I think it would be a big stretch to call it that. Indeed, if memory serves, it was Apple who urged us not to refer to it as an "anti-virus," back when it came out: http://nakedsecurity.sophos.com/2009/08/28/snow-leopard-malware-protection/), so we haven't.

      (By the way, I trust you can see the irony in your claim that XProtect's "brilliance" that it is "background and unnoticed," while also noting that Apple "had to be shamed in public to catch up." If Apple's "automatic random patches without fanfare or expectation" were timely and effective, you might have a point. But they aren't, so you don't.)

      Two things about Microsoft's Patch Tuesday: it is not ony regular, *but frequent*. In other words, it's self-imposed pressure on Microsoft to keep producing patches *even when it doesn't feel like it*.

      Anyway, having a regular schedule for privately-disclosed doesn't mean you can't also publish special-case urgent updates whenever you want, as Microsoft sometimes does.

      In short, Apple seems IMO to lack regularity, frequency and urgency in its updates, and "when the vendor feels like it" isn't really good enough these days.

      • Yes Paul. Like many others, I see zero point in handing patches to the malware and exploit rats on a plate on an appointed day. There's no defense for that behavior other than the fact that many IT staff are lazy and like it that way, which of course is an idiotic excuse.

        As for XProtect being “an anti-virus,”

        I never called it that. Anti-malware is the accurate term. Tradition is no reason to keep using the 'virus' word when it doesn't actually apply.

        What Apple called XProtect, I don't know. But the way it works is to do the very traditional anti-malware thing of using malware signatures to stop it from being run in the system. You know how it works.

        As for irony: I am very explicit in what I write. Please read what I write and direct your comments to what I write. I kept the 'ironic' issues entirely separate. They should be addressed as separate issues.

        As for the issue of 'frequent', thats ridiculous. I know your work well enough to expect you know exactly what I meant by ASAP patching. There's nothing 'frequent' about holding onto a patch for weeks until the second Tuesday of the month. It is in fact irresponsible IMHO. Isn't it.

        Are Apple patches frequent enough? That's an important question and we know in some cases the answer is NO! I recall the Java security hole mess from 2012 and 2013 when we learned that BOTH Apple and Oracle had sat on Java patches for months on end. That's of course not acceptable.

        However, we both know that the patches Apple has to make are often less frequent because there are fewer to make. That's also a factor. IOW, if Apple got foolish and did the scheduled security patch routine, there would be months with NO patches to make.

        As I expect you comprehend, I'm specifically stating that ALL patches should be 'special-case urgent' patches, no exceptions. Get them out ASAP. That's the responsible solution. Scheduled patching is irresponsible. I'm that simple and direct in my assertion. That's not going to change.

        We both agree that the 'feel like it' factor is irresponsible for the reasons I state above. ASAP patching. Tough luck if the lazy IT staff don't like it. Tough luck if the malware rats don't like it.

        • Paul Ducklin · 178 days ago

          Sorry, you simply haven't convinced me that it's easier for a crook to reverse engineer a patch into an exploit if the patch comes out on a Tuesday. Once a patch is published, it can be reversed. That may or may not produce a working exploit. (It's not always as easy as you might think to do that, but it's reasonable to assume that it's no easier on the second Tuesday of a month that at any other time. If you assert that it is, you need to produce some evidence, or at least a plausible explanation.)

          What you may be trying to say - I'm not sure - is that a lack of advance warning makes it trickier for the crooks. I can't see why it would, but if it's the predictability you don't like in Patch Tuesday, please remember that Apple makes its actual updates available in advance to developers, often for weeks on end. Each week you even get the latest updates to the forthcoming updates! (Microsoft, in contrast, announces the total number of Patch Tuesday fixes, and which products are affacted, but the actual code and the description of what was fixed appear *on Patch Tuesday and not before*.)

          So the crooks actually get hold of Apple's patches before they ship to the general public, giving them even more time to get ready.

          As for your statement that "we both know the patches Apple has to make are often less frequent because there are fewer to make," there two problems with that.

          Firstly, you are putting words in my mouth. Please don't do that.

          Secondly, I say you're wrong.

          You claim that I know that "if Apple got foolish and did the scheduled security patch routine, there would be months with NO patches to make," but the evidence is entirely against that.

          Apple shipped 10.9.2 just a shade over two months after 10.9.1. In 10.9.2, there are close to *thirty* separately disclosed security holes patched in `10.9.1, of which about half are classified as remote code execution holes. (That's where just browsing to a website could infect your Mac.)

          Now convince me that there would have been nothing for Apple to ship at the end of January 2014, one month between 10.9.1 and 10.9.2 :-)

          [This thread is now closed.]

  15. John Zorabedian · 177 days ago

    For those interested in reading an independent review of Sophos Antivirus for Mac, check out this post at LowEndMac.com: http://lowendmac.com/2014/mac-anti-virus-why-im-trying-out-sophos-home-edition/

  16. roy jones jr · 171 days ago

    Most of these replies seem to be complaining and whining. I'm surprised that on the Sophos site, PC savvy people aren't willing to put in the work on their own machines. You do realize that they are doing updates to help you? And while it seems unfair (bring out update after update, uninstall and pay for updated 3rd party software) the truth is that this is how it is.

    You do a disservice to yourself to think that because a PC worked fine for 4 years without issue that there is nothing wrong with it or that its the best iteration. I used to think like that; until my 1st virus appeared on my home computer in 1992.

  17. Dave Miller · 155 days ago

    I am a current user of Sophos Antivirus for Mac, and on my current laptop it works great. I also have an SSD on this laptop. When I had a real hard drive in my previous laptop, I had to disable the on-access scanning, because it *did* slow down the computer noticeably. The most obvious place was in the Finder when loading directory listings... with the on-access scanning disabled, everything would show up in the window almost instantly when you opened it. With it enabled, I'd have to wait 2 or 3 seconds for the file listing to appear and another 10 or 15 seconds for it to load the icons to go with the filenames. That was a early 2011 model MacBook Pro, so it wasn't exactly old.

    In my Late 2012 MacBook Pro with the SSD in it I don't notice the difference with the on-access scanning enabled.

    As noted, that experience is from 2 years ago, so maybe that problem has been worked out since then. I haven't used it on a machine with a real hard drive in that time.

  18. Deborah · 134 days ago

    So I downloaded Sophos, and it resulted in me not being able to access the internet because it interfered with my connection ability -- I had to go to the Apple Store, and they sorted it for me. Then I looked down this article and noticed it recommended using FileVault -- another red flag for me, because using that caused me no end of trouble some years ago. So I'm not impressed with this software/site...

    • Anna Brading · 134 days ago

      Sorry to hear that Deborah. Did you try to contact our support department?

  19. Anonymous · 86 days ago

    DON'T upgrade to Mavericks unless you have a new MacBook pro with 16GB of memory! Mavericks does not work properly. It is slow (spinning beachball of death) launching applications, cannot deal with multiple applications requesting network access and crashes frequently if you install the unecessary sophos anti virus. Ignore the climate of security fear sophos is trying to encourage with this article.
    There is a choice to be made here between a functional system and a "secure" one. An unnetworked computer isolated in a faraday cage is secure but not much use for everyday needs. By upgrading to Mavericks and instaalling sophos anti virus you effectively create a secure computer inaccessible in a cage.

  20. Paul B. · 86 days ago

    If I encrypt swathes of disk, don't I lose the abiity to make incremental backups? What's my greatest risk? Being hacked or having a hard drive fail on me (again)?

    • Paul Ducklin · 85 days ago

      If you use FDE, or "full disk encryption" (like FileVault), then your files are automatically unscrambled as they are read in and rescrambled when written back to disk. So your backup program sees the files as if they were unencrypted.

      This is both a strength (applications don't need to take care of the decryption themselves; indeed it is invisible to them), and a weakness (if you copy a file onto an unencrypted device, the copy doesn't get rescrambled).

      Time Machine lets you create encrypted backups, again in this automatic way, so it can still work incrementally.

  21. Robert Goldberg · 85 days ago

    On my Mountain Lion version of Safari, "Enable Java" is replaced by "Enable Javascript." Not the same thing at all. Facebook hates trying to run without Javascript enabled.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Zorabedian is a blogger, copywriter and editor at Sophos. He has a background in journalism, writing about technology, business, politics and culture. He lives and works in the Boston area.