Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Inside OS X Security: Page 6 of 11

So the big question is, how do you protect yourself from Trojans? Well, the best way is to be careful. Once you start running a program, it's just the operating system and blind luck between you and a subverted computer. If you give it elevated privileges, then it's just blind luck.

Hoping for bugs in the Trojan isn't a great strategy here. Don't download software from random sites. Don't use software where you aren't sure about the source. Just because it says "Microsoft Office 2004" doesn't mean it is.

If it's legitimate software, then you can get it from the vendor's site. If you want a software aggregator site, my personal favorite is VersionTracker, at www.versiontracker.com/. In addition to Mac OS X software, VersionTracker also has Windows, Mac OS 9, and Palm software links.

While downloading from a reputable source isn't a guarantee, it does greatly decrease the chances that you'll download malware disguised as something else. (If you download software from random sources on P2P networks, you're playing Russian roulette. Eventually, it's going to hurt you.)

Another tip is to not give out administrator credentials just because a program asked for them. If you aren't sure why it needs them, ask the developer. If the developer doesn't tell you, or you don't like the answer, find another application. If the application is distributed as an Apple Installer Package, you can use a utility like Pacifist to see where every file in that installer is going to go.