Rich Mogull

On April 4, Russian antivirus vendor Dr. Web published strong evidence that more than 500,000 Macs have been infected by the latest variant of the Flashback trojan. As Mikko Hypponen, Chief Researcher at F-Secure pointed out via Twitter, if there are roughly 45 million Macs out there, Flashback would now have infected more than 1 percent of them, making Flashback roughly as common for Mac as Conficker was for Windows. Flashback appears to be the most widespread Mac malware we’ve seen since the days when viruses were spread on infected floppy disks; it could be the single most significant malware infection to ever hit the Mac community.

Here’s what you need to know about Flashback, what you can do about it, and what it means for the future of Mac security.

The iPad is one of the safest computing devices you can use. Its combination of hardware and software security translate to a device that's probably more secure than your PC or Mac--especially if you take the right steps to secure it.

Because there are currently no known remote attacks against iPads, the biggest security risk is physically losing the device. Thus, the first step is to make sure your tablet's data is safe in case it's lost or stolen. For that, I'd suggest a combination of encryption and remote wiping.

First, Apple releases a support note admitting that Mac Defender is indeed a problem, providing instructions on how to clean it, and announcing an upcoming patch to prevent it. Then a new version of the malware appears almost immediately, one that automatically runs its installer (if you haven't already disabled Safari's Open "Safe" Files After Downloading setting), without requiring your administrative password.

Apple's response and the bad guys' response to that are both firsts. But before we start wallpapering our desktops with eight different antivirus tools, it's important to take a step back and try to understand what Mac Defender really means. Because, as momentous as this event is, it doesn't mean we face an upcoming Mac Malware Apocalypse.

When criminals obtain your e-mail address, credit card, or Social Security Number, your information enters an underground economy where it's sold, bought, and (maybe) eventually used in a crime.

As detailed throughout this series, your data can be harvested by a variety of means--malware, phishing, sniffing, and other attacks. The most common method today uses e-mail, Web, and social networking phishing to trick users into installing malware on vulnerable computers; that malware then links infected mashines together into a botnet. Those systems are scoured for any potentially valuable information, then used to attack others under the control of the botmaster. (Fortunately, such attacks are almost entirely targeted against Windows machines; attacks on Macs have been few and far between.)

Maintaining privacy on social networks is much like hanging all your dirty laundry on a highway billboard--and then asking only your friends to look. While it's possible to avoid sharing your life's story with the entire world, it takes a lot of effort and is often contrary to the goals of the services you use. Remember: these services are free because they're selling access to you.

Your private profile

The CEO of a major technology company once famously opined that, in the Internet Age, "You have zero privacy. Get over it."

Some of us would rather not. We'd like to keep our personal information--from the stuff we share on Facebook to our credit card and Social Security numbers--under some control. We'd prefer not to let such details out into the wild, where they can be bought and sold and, often, used against us.

When you browse the Web, it's like you've allowed a bunch of companies to implant a tracking device in your arm and a small camera in your head, recording where you go and what you look at. Thanks to ad networks, search engines, ISPs, and social networks, your online activities are tracked, analyzed, and sold. But there are a few things you can do to maintain some degree of privacy.

Advertising networks

Adobe's Portable Document Format (PDF) is the single most popular file format for sharing documents on the Internet. Supported by a free viewer (Adobe Reader) on all major computing platforms, it allows people to read faithfully rendered documents created in hundreds of programs (either natively or converted to PDF using Adobe Acrobat).

But it's very popularity and ubiquity is a challenge to security; allowing attackers to target a single program widely used on Macs, Windows PCs, and Linux systems. And the very flexibility that allows a PDF file to include everything from a complex presentation, to a government form, to a high-end catalog, creates a wide attack surface for criminals to take advantage of.

Under ordinary circumstances, and in the hands of an educated user, a properly configured Mac is not much of a security risk. Sharing a network with Windows systems doesn't change that; the Mac is still relatively safe.

Under some circumstances, however, even a properly configured Mac, with an educated user, can compromise the security of the Windows systems to which it's connected. But that risk is easy to manage with a few simple precautions.

When you say "computer security," most people think "viruses," "worms," and other forms of malware. They also think, "Mac users don't have to worry about it." And they're correct. But that could always change. So it pays to keep your eyes open for credible reports of new Mac security problems and to change your computing habits accordingly.

Viruses and worms

Portable technology--laptops and iPhones particularly--come with their own special security risks. They can be lost, for starters. And iPhones can be made especially vulnerable if you jailbreak them. Here are some tips for keeping your mobile technology--and you--safe.

Jailbroken iPhones

Some security problems are due to user error (or user laziness). It's not that hard to practice good system security on your Mac. But a surprising number of people--including some who should know better--don't. Here are some basic tips on practicing safe computing.

Poor passwords