This article originally appeared on the Affinity Consulting February 2013 newsletter on legal technology.

In this cold and flu season, we should remember that our computers can become “ill” as well. As Mac users, we’re accustomed to ignoring or chortling at the howls frustration of our Windows-using friends. According to a recent New York Times article, viruses are more prevalent than ever and our approach, blacklisting the bad rather than whitelisting the good, is failing to keep pace. The initial detection rates for zero-day viruses and malware, meaning new exploits, is less than 5%. Then it usually takes the antivirus companies a month to analyze and protect against a new exploit. That’s terrible, especially given that, on the Windows side, we’ve gone from fewer than 1 million malware strains in 2000 to over 49 million today. Yuck.

So, that’s what your Windows-using friends face. How about we Mac users? As of today, there are 35 known malware exploits on the Mac. Not too bad. But, rather than rest on our laurels, let’s do a deep-dive primer into what a Mac-using lawyer should know about computer security’s seedy underbelly.

Best Practices – Executive Summary

Regardless of your virus or malware risk as a Mac user, you might be required to use security software. Check with your malpractice insurance carrier and your state bar to see what they require for computers. If they lack requirements or answer with something like “reasonable care” then it’s your call. If they mandate antivirus and anti-malware, the two best choices are Sophos (free) or ClamXav (free) if you want something that continuously runs in the background, or Dr. Web Light (free), VirusBarrier Express (free), or VirusBarrier Premium ($10) if you only want the scanner to run when you specifically request it.

Malware Primer

Although most people talk in terms of “antivirus software,” viruses are not the only threat to your Mac’s health. There are actually two types of malware: viruses and trojans. The difference is the effort you have to make to get infected. A virus can infect a computer without any user interaction. It simply arrives on an infected file or is unintentionally transmitted without the user’s knowledge — think Stuxnet. These fly “under the radar” and seek to spread without drawing attention to themselves.

The second type of malware, trojans, relies on “social engineering” – i.e. the recipients naiveté, prurience, or greed – to spread themselves. In the case of trojans, the biggest security risk is between the chair and the keyboard . . . you. These sorts of messages come as spam promising easy money (Nigerian princes), faked “locked account” personal information requests (spoofed PayPal emails linked to Russian servers), or simply unknown or unexpected links or attachments that seem suspicious. The best way to stay safe from trojans is to employ common sense. A trojan cannot infect your computer or steal personal information without you taking affirmative steps, although that could be as innocuous as clicking on a web link designed to take you to a server that infects your machine.

Keeping Your Mac Safe

Firstly, never underestimate the value of good luck. It’s not a strategy and it’s not bulletproof, especially with trojans, but the Mac’s small market share means that the overwhelming majority of viruses and trojans, those designed to hit a Windows system, cannot infect or propagate on a Mac. Conversely, if you’re running Windows on a VMware Fusion or Parallels virtual machine on your Mac, antivirus and anti-malware are a must-have. I would consider it irresponsible to run Windows, even in a VM, without it. Microsoft includes both with Windows 8, and provides the good and free Security Essentials for Windows XP, Vista, and 7. Get it and use it.

The second point, which I mentioned when discussing trojans, is to rely on your good judgment in opening files and visiting websites. If a website or email seems sketchy, avoid or delete it.

Third, Apple does not work in a vacuum. It knows that threats, even to the Mac, are on the rise. Since Mac OS X Leopard (10.5), Apple has included and updated a module in the operating system called XProtect that silently protects against known malware exploits. To see the list of current malware it protects against, look at this file on your system: System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist. For example, when the US CERT recently made headlines by advising users to disable Oracle’s Java plugin, Apple could immediately take action to prevent Java from running on Macs until a patch shipped. This update happened silently and comes free with Mac OS X. One can expect such quick action will happen in the future. It’s security that you don’t have to think about.

Fourth, as Oracle’s Java exploit demonstrates, even if Microsoft and Apple have “gotten religion” on security-conscious coding and testing, third party applications and venders provide an increasingly serious attack vector for malware. Just as you install security patches that Microsoft releases on “Patch Tuesday” and update your Mac when prompted, you should regularly check your applications and plugins for more recent versions and free security updates. Some of the greatest threats today come from applications like Adobe Acrobat, macros riding on Microsoft Word or Excel documents, or browser plugins like Adobe Flash. Each program has a simple way to check for updates (i.e., launch Acrobat or Word and select Help > Check for Updates; for Flash, launch System Preferences > Flash Player > Advanced > Check Now). Most other Mac apps include a “Check for Updates” option under the app menu (i.e., in the toolbar select NetNewsWire > Check for Updates). Furthermore, if you buy apps from the Mac App Store, you’re prompted to update automatically whenever the developer releases a new version.

Selecting an Anti-Malware Program

If, after reading this article thus far, you’ve decided to equip your Mac with an anti-malware program, Thomas Reed at Thomas’ Tech Corner has done an in-depth analysis of Mac anti-malware programs, comparing their relative malware detection rates. Before discussing his results, he offers two prophylactic statements. The first is an admonition to make sure installing anti-malware does not give you a false sense of security. Don’t become complacent thinking that because you have an anti-malware program installed, you can go crazy clicking on websites for underage Russian mail-order brides.

Second, he believes that certain anti-malware programs create more problems than they solve – gumming-up or breaking something on your Mac. Reed specifically recommends against Norton Antivirus and MacKeeper, which some believe is itself a scam.

If you decide to install an anti-malware program, be aware that there are two types: ones that run continuously all the time in the background and those that run only when you tell them to scan the computer. Those that run continuously in the background have a chance of catching malware as soon as it hits your machine, but having something always running in the background scanning all computer activity has a greater chance to break other computer functions. Those that scan only on your command are less likely to break other programs, but there’s no real-time, immediate protection. In the latter case, you should schedule a scan every night after work if you leave your computer running. It’s a tradeoff.

My personal belief is that you’re probably safe with a daily or weekly scan rather than something running all the time on your machine, which can slow the Mac down or cause compatibility problems. With that in mind, I would suggest either Dr. Web Light (free), VirusBarrier Express (free). Both protect against Mac-centric exploits and are available from the Mac App Store. If you want anti-malware that also detects Windows malware (i.e. that someone emails you; you can be a carrier even if your Mac can’t get infected), then I suggest VirusBarrier Premium ($10), also available from the Mac App Store. Remember to set up a schedule for scanning, and your machine will regularly be checked for malware.

If you want, or are required to have, something that continuously scans your machine in the background, Sophos (free) or ClamXav (free) are the way to go.

Hopefully this article provides some guidance on a Mac-centric approach to antivirus and anti-malware. No matter what you decide on the application side, just remember that you’re starting from a relatively safe place with a Mac, and that prudence and common sense are the first and strongest barriers to infection.

February 1, 2013