Security

Living With Windows: Security

Under ordinary circumstances, and in the hands of an educated user, a properly configured Mac is not much of a security risk. Sharing a network with Windows systems doesn't change that; the Mac is still relatively safe.

Under some circumstances, however, even a properly configured Mac, with an educated user, can compromise the security of the Windows systems to which it's connected. But that risk is easy to manage with a few simple precautions.

Infecting Others

Macs rarely experience viruses or other forms of malicious software. But they can act as vectors for infections targeting Windows systems. It's not that the Mac is infected and used to attack the PC. Rather, the Mac may host an infected file; because of the networked relationship, a vulnerable PC that trusts that Mac might then become infected.

For a Mac to act as a vector that spreads infections to Windows machines, three conditions must be met:

--The Mac must access and share the infected file--via e-mail, instant messaging, shared storage (a flash drive, for example), or some similar mechanism.

--The Windows system must be vulnerable to the malware, and its security defenses must fail to protect it.

--The file evades network security filters. Typically, this is relevant only on corporate networks, which might have tools to filter Web traffic or to scan e-mail and file servers for viruses.

Because those three things need to happen, Mac-to-PC infections aren't common. Still, you can take a number of measures to prevent them.

The first and best defense is to make sure your Windows systems are properly secured, with up-to-date security software.

Second, if you're on a Mac, it's a good idea to send and receive e-mail through a server or service that filters for viruses. Such services are updated more frequently than desktop antivirus apps, protect you from the few pieces of malware that do attack Macs, and don't require maintenance on your part.

Third, if you exchange lots of files with PC users over a network, you should install a Mac-based antivirus app that scans for Windows malware. Mac security products from Intego, [Kaspersky] (http://usa.kaspersky.com/products_services/anti-virus-for-mac.php), Sophos, Symantec, and Trend Micro all scan for Windows malware. Whatever app you use, make sure it's configured to scan e-mail, downloaded files, and files from portable and shared storage.

Virtualization

You can infect neighboring PCs if you run Windows programs on your Mac using virtualization software. And a Mac running Windows is as vulnerable as any PC.

Both VMware Fusion ( Macworld rated 4 out of 5 mice ) and Parallels Desktop for Mac ( Macworld rated 4 out of 5 mice ) enable you to share the file system, the network, and even the desktop between OS X and Windows. So if your Windows virtual machine is exploited, the data on your Mac could be exposed. You could even infect your own machine by downloading a file to your Mac and then accessing it on your hard drive from the Windows virtual machine.

Your best--actually, your only--option is to implement the same security measures on a Windows virtual machine as you would on a PC. Make sure you have Windows antivirus software installed on it, and that it's configured to scan any file you open in Windows, not just e-mail attachments and downloaded files. If you don't want the Windows antivirus program to slow down your Mac while it checks all the files on your system, you can disable or limit file-sharing between the two operating systems.

Compliance

There's one other security concern, but it's relevant only to corporate networks. Some companies have policies in place requiring all systems on the network to be manageable using centralized security tools--also called "end-point security" tools. That means you have to make sure your Mac can be managed.

Most major endpoint security tools (from many of the same companies that make desktop antivirus apps) offer at least some basic Mac support. If you're bringing a Mac into a new company, check with the IT department to make sure they'll approve and to have them install the necessary client software.

Subscribe to the Security Watch Newsletter

Comments