Never Bring a Mac to a Gun Fight

The Macintosh is benefiting from the iPhone and iPad halo effect. Macintosh sales continue to grow and Apple continues to note in its earnings reports that half of their retail sales are to former PC users. The Mac is being embraced, more and more, by thousands of newbies, students, and people of all ages who are looking for a “PC” that’s secure and almost as easy to use as their iPhone.

What this all means is that Apple’s many new customers — who were told that the Mac is more secure than the PC — are entering a world where they think their security problems are over. That can bring on a bit of overconfidence.

You're the target

So what should the average Mac user’s posture be? One of my colleagues at TMO has never run any kind of security software and doesn’t even turn on the Mac OS X firewall. But he also admits that he’s never been hacked. Those who have detected an intrusion on any OS are rather more gun-shy. Naturally, those who have never been successfully hacked tend towards, perhaps, a bit of complacency. Those IT managers who’ve been in the line of fire, every day for years in the work place, have a whole different attitude.

The discussion of mentality is important. Around the Internet, you’ll find some strong opinions that if you fall for one of these Mac targeted phishing schemes*, you’re an idiot and it’s all your own fault. That’s not a very helpful approach because it doesn’t help us diagnose the threat and learn how to respond. It doesn’t help us develop a healthy security mentality.

The Bad Guys Are Coming

Internet Criminals are out to make money. Like any hard worker, if you don’t succeed, you don’t get paid. Failure means less money, fewer toys. As a result, Internet criminals are highly motivated to invest in technologies, software kits that will help them succeed. You may buy a book on how to succeed as a salesperson. These guys buy documents and software that describe proven methods to make them money. This is just a simple fact of business life on the Internet. 

Phishing is best chance these criminals have right now of making serious money. Lots of new Mac users who are inexperienced creates a target-rich environment.

Survival Class 101

One of my favorite books when I was young is Robert Heinlein’s youth novel “Tunnel in the Sky.” It’s about young Rod Walker who’s taking a survival class. He’ll be transported to another planet where the dangers are unknown and the only rule is that there are no rules. The students in this survival class can take any weapons they choose.

Those who took armor and heavy weapons were ready for a fight, but they were overconfident and died right away. Rod is told by the armorer, “Remember, though, your best weapon is between your ears and under your scalp — provided it’s loaded.” So young Rod takes only a knife and keeps a very low profile until he can diagnose the dangers. His belief that he needs to be smart, quick, suspicious, develop allies and not engage in fights derived from overconfidence keeps him alive.

NHL goalie

This is how I think Macintosh customers should be. Don’t believe people who tell you there is no threat or that you don’t need to worry. Be like young Rod. Don’t live in abject fear, but don’t believe that you can take a Mac to an Internet gun fight and win. Be alert. Be defensive. Be smart. Be suspicious of everything. Be like a winning NHL goalie, ever observant, a fighter in the crease. Also, get onto Twitter and follow the right people, Macintosh editors and writers, so that you aren’t working in the dark. Your noggin is your best weapon.

While you may or may not decide to add extra layers of software protection to your Mac, what’s not optional is a good attitude. The bottom line is that, like young Rod Walker, the defining principle that will guide you through this new onslaught of sneaky, social engineering attacks on Mac users is that of caution, suspicion, intelligent preparation and alertness. Think defense.

There’s never a good time to be overconfident when you know they’re out to get you.

_______

* See, for example, “Protect Your Mac From Bad Guy Phishing.” It explains technical measure you can take to protect yourself.

Images courtesy: iStockPhoto.com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.