Sophos Cloud Optix
Mac malware is making big headlines, with numerous reports of users being affected.
The latest attacks don’t even need you to enter a username or password to install their fake anti-virus attacks onto your Mac.
With more variants of the malware appearing all the time, we’ve clearly reached a tipping point – and it wouldn’t be a surprise to see more cybercriminals trying to take advantage of the many Mac users who haven’t properly protected themselves with anti-virus software.
Aside from anti-virus software (and, by the way, you can’t claim money is a reason why you haven’t protected your Macs, as we offer a free anti-virus for Mac home users), there are some other steps you can take which might reduce your exposure to attack.
One step, for instance, that every Mac users should consider is changing the default settings in Apple’s Safari browser.
Apple made a poor decision when setting the defaults for Safari, allowing so-called “safe” files to be automatically opened after downloading. This can obviously be exploited by malware attacks, such as the fake anti-virus campaigns that we have been seeing recently.
So, make sure that “Open ‘safe’ files after downloading” is un-checked on your Macs.
Of course, even when turned off it’s still possible to manually open malicious programs that have been downloaded to your Mac, but disabling this feature would seem a sensible step for most Mac users at this stage.
Hopefully Apple will reconsider the default settings in a future version of Safari.
Just to be clear, making this settings change is no substitute for running anti-virus software on your Mac. But you knew that, right?
Free Anti-Virus for Mac
Download Sophos Anti-Virus for Mac Home Edition
How about Safari on Windows?
One of the many superitoty of Windows is that IE doesn't open files automatically once downloaded ;).
Windows FTW!
Just to make things more confusing, Safari for Windows has a different setting.
Rather than the Mac's "Open 'safe' files after downloading", the Windows version of Safari has "Always prompt before downloading" in the same place on the preferences dialog.
In other words, on Mac you want the option un-ticked and on Windows you should definitely have the option ticked!
Sigh…
Fortunately, at least the Windows version of Safari doesn't offer to auto-open the file you've just downloaded. We should be grateful for small mercies..
I'm presuming other browsers doesn't open the files automatically.__In Macs perhaps .dmg installers could stand for DaMaGe 😀
IE8 and IE9 have a "smartscreen filter" to detect Malware independently.
Just saw this article after your follow up on the Google chrome Nintendo thing (I used to work with Dave Rogers) and my default Safari setting is actually un-checked for the same version of Safari. And I know that I didn't do this myself by accident . . . .
About Sophos Anti-Virus for Mac Home Edition …
I tried to install it and it didn't work under Mac OS 10.4.11 – any suggestions?
Graham – This might be an obvious question, but if I don't change my Safari settings and I still safe using Sophos AV for Mac?
While I'm sure Sophos AV is a great product, AV itself is not an exact science of a product, especially when new threats first arise. Due diligence in modifying default settings to something more secure should still be a task you do. Don't develop a false sense of security because you have AV.
I agree.with NetD. Also I didn't see Apple publishing advisaries to avoid malwares. They merely claim that go ahead surf with ease and you will NEVER get malware!
Microsoft advisary to avoid malware: http://www.microsoft.com/security/pc-security/spy…
What about the iPad safari browser?
I think ipads are more secure because apps on the ipad can only be gotten from the appstore which must be approved by Apple (and boy are they tough! They screen each and every app and deny admission if it deems it rival to their app or malicious or inappriopriote.).
In addition, non-signed apps cannot be installed on an ios unless the ios is jail broken. Furthermore, Apple ipads cannot run mac executable.
No, thanks, I like the default settings
Suit yourself!
okay…I've been trying but I'm unable to find the general button on my mac to make the changes you suggest. could you please tell me how to get there.
thanks
Open Safari.
Choose the menu item Safari / Preferences
Make sure you choose the "General" tab.
And there's the option.
okay…I've been trying but I'm unable to find the general button on my mac to make the changes you suggest. could you please tell me how to get there.