Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Inside OS X Security: Page 9 of 11

If you're talking about "traditional" viruses, those are, at the operating system level, literally nonexistent in the Mac OS X universe, and were, by the Mac OS 8 time frame, pretty rare pre-OS X. Note I said at the OS level. Application viruses, such as VBA macros in Office 2004, or JavaScript macros in Acrobat, are still a factor.

Ironically, the upcoming release of Microsoft Office 2008 for the Mac will effectively kill the ability of VBA-based viruses to propagate on the Mac, since it will no longer support VBA. Microsoft Entourage never supported VBA, and so has always been less vulnerable than Outlook to such things. But, if you're using older versions of Office on the Mac, while VBA-based malware can't do much of anything to your operating system, it can make your ability to do work drop rather precipitously.

If you can't do work, the fact that your operating system is humming along quiet and happy is kind of meaningless. Luckily, this is the one area where things like antivirus software shines, and is of the most use. Other things, like setting your application to not automatically run macros, and only accepting documents from known, legitimate sources help, too.

Remote attacks that start from the outside and target your system are a mixed bag. If you're not running Mac OS X as a client operating system, don't turn on anything in the Sharing Preference Pane unless you need it. Then, only turn it on for as long as you need it. Someone trying to gain root SSH access to your system isn't going to have an easy time of it if you have SSH turned off. If you don't have a door, a cracker can't pick the lock.

If you have to run Mac OS X Server or Mac OS X as a server and you have to expose it to the Internet, your best defense is awareness. If you're running a PHP-based application that ties to a MySQL database, know enough about PHP and MySQL that you can properly secure them or find someone who can, and pay them.