Mac
OS X users are notably resistant to the ploys of anti-virus, anti-malware, and
security-monitoring software offered for our platform. “What—me worry?” could
be our motto, as well as, “Not paying for that!” Over the long haul, that
attitude has served us well, but the nature and diversity of risks has
increased, and is likely to get worse.
McAfee Internet Security tries to address the
virus, malware, and Trojan Horse issue directly, but also includes a robust,
configurable firewall along with a Firefox plug-in that vets and reports on
search result links. Despite my many years without such software installed, I’m
strongly tempted to continue to use the package after testing because it’s a
multipronged and easy-to-manage extra layer that doesn’t seem to slow my
computer down one bit, while providing useful information and the right degree
of control to block remote access.
The fundamental problem with a tool that prevents
the execution of malicious software has been that the damage is usually done by
the rapid spread of such attacks before the protective program has been
updated. McAfee, like other anti-virus software makers, is constantly
monitoring and testing for new vectors and writing defenses against them, and
pushes out responses to discoveries in the wild quite rapidly. The software is
set to pull down updates every four hours, too.
Protect yourself
McAfee Internet Security warns you about malware. Even if you click Open, it quarantines MacDefender instead of launching it.
Given that only a handful of Trojans and viruses
have appeared in recent years for the Mac, and that they are laughable in their
ability for users with any degree of proper caution to avoid, this part of the
security suite might seem useless. But I’ll argue it is not.
First, it prevents you from passing on Windows
viruses that may be sent as attachments that you then guilelessly hand off to
friends, relatives, or colleagues using an unpatched version of Windows. (This
is also useful when copying files back and forth between a virtual Windows machine or
a Boot Camp volume.) Second, you can recommend this software to those who might
not have the instinct to stay away from unknown software or attachments. A
relative might appreciate having this software installed to prevent them from
making a bad choice due to their lack of computer knowledge—especially if they
try to install Trojans masquerading as legitimate files. Third, if someone else
uses your computer without the same care you have, you’re protected there, too,
against old threats and new ones. True, Apple has built virus defenses into
Snow Leopard and Lion that are regularly updated. Consider McAfee a more
explicit second line of defense.
I tested McAfee’s virus protection against the very
few known Trojan horses and other exploits that have been discovered, such as
MacDefender. McAfee refused to let me launch or uncompress the archives
containing the malicious files, and put them into a Quarantine area to make it
simple to review them in a list and then delete them. I tried sending myself a
virus via email, and McAfee prevented that from downloading as well. The
software can defang the malicious part of infected files, but all the files I
tested were entirely comprised of malware.
The McAfee software has three more active
components, however, that can protect you if a Trojan appears before they’ve
detected and issued a fix, as well as to help you identify malicious Web sites
you should avoid. These components let you review programs before allowing them
to launch, use a firewall to prevent intrusions (useful to prevent unintended
access to file sharing, even), and a Firefox extension that brands the safety
of search engine results.
With Application Protection enabled, whenever a previously unused software program (or one that hasn't been given unlimited permission) launches, you're prompted to choose whether to let the program access the network or not, or prevent its launch entirely.
An Application Protection component, configured via
the program’s preferences, monitors software when it launches, and puts itself
in the way with a pop-up prompt. You choose whether to launch with or without
network access provided to the program, and allow the program to be launched
once (just when you approve it) or always thereafter. Or you can deny a launch
altogether. You can modify choices for individual programs or background
processes later through preferences.
Such controls generally prevent software that you
didn’t intentionally install from being able to run and take over your Internet
connection. Of course, this can’t protect against exploits that use techniques
to gain root access to your Mac, and install software that runs beneath the
user interface’s service. Apple has patched many such holes, although there is
little evidence that such attacks were made from Web sites or via email.
Firewall
and Firefox
The
firewall is simpler than many full-featured programs, and I appreciate
that. For most people, being able to click a few buttons is better than an
ocean of pulldown menus and configurations. I particularly like that you can
shut down all incoming or outgoing traffic or both with a couple of clicks
without having to disable your network interface. You can create custom
rules—only certain kinds of traffic may originate from your computer to
specific addresses, or block all but a handful of services from receiving
signals from the outside world. You can also define trusted networks.
Firewalls have the benefit of keeping normal
services you may have switched on, like VNC-based screen-sharing (a somewhat
insecure option in the Screen Sharing service in the Sharing system
preferences), from being accessible or crackable when you’re on an open
network, such as at a coffeeshop.
If you use Firefox, McAfee’s Site Advisor add-on is
a big help in examining search results on Google and other engines. It’s more
tightly integrated with Yahoo (where it disables dangerous links entirely), but
works just fine with others. When you perform a search, the advisor tags each
result with a green, yellow, red, or question mark icon. McAfee constantly
spiders Web sites looking for malware and other problems, and rates sites
accordingly. A McAfee seal of approval appears on ecommerce sites that the firm
separately evaluates.
The Site Adviser plug-in for Firefox adds icons to search results URLs to warn you of sites McAfee has found have might cause you trouble.
It’s a hard sell to tell someone who has had no
problems and expects none to pony up hard-earned cash for a product that seems
unnecessary. But I find the prophylactic effects of McAfee Internet Security
aren’t as interesting as the amount of information and control the software
provides over the routine function of your system and network connections.
[Glenn
Fleishman was first attacked by computer viruses in the 1980s, but he got
better. He is the author of Take
Control of Your 802.11n AirPort Network, updated for Lion.]