Mac drug user do n’t demand to worry about virus .

FALSEWe’ve enjoyed a long , glorious reaching without serious malware dissemble our platform . But that does n’t mean we can afford to allow down our collective guard . If there is a computer virus onrush , those of us who have estimable , up - to - engagement antivirus software installed will have the best betting odds of escaping unscathed .

compulsory MeasuresIf you do n’t have antivirus software installed , see “ Select Your Shield ” for assistant . If you ca n’t name your antivirus political platform even though you ’re just confirming you ’ve get one installed , you ’re halfway there . But this is a telltale sign that you have n’t used it recently enough .

Just as of import as get the package is making sure its virusdefinitions — the frequently update info that antivirus software uses to recognize a virus — are late . The best way of life to do this is to check for definition updates on a regular basis . If you use a Cartesian product that has an automatonlike update feature ( all the programme described in “ Select Your Shield ” do ) , make certain it ’s turned on and mark to a frequent update schedule . hebdomadary update should be adequate for most users , but if your computing involves access lots of files from peck of sources — whether via tocopherol - mail , Indian file server , or Web downloads — then casual update might be a just idea .

Stay AlertDon’t clear unexpected einsteinium - mail attachment until you ’ve confirmed that they ’re from the sender they appear to be from . enquiry from Sophos shew that one in 18 e - mails circulating during the calendar month of November 2004 stop virus .

Most malicious scripts affect only Windows car , so if you get through on one by accident , nothing will happen . But if you use Microsoft Word or Excel , you ’re vulnerable to some political program - agnosticmacro virus . Protect yourself by turning on the Warn Before Opening A single file That Contains Macros alternative in each program ( underprogram name : Preferences : Security ) , but be aware that not all macro instruction are malicious . The soul who sent you the document might have include a useful macro instruction on determination .

To further reduce the risk of infections , do n’t download free software or shareware from anywhere but reputable sources such asVersionTracker.com , MacUpdate , or the Applesoftware download page.—MARK H. ANBINDER

You ’re vulnerable to Windows viruses if you ply emulation software .

TRUEIf you ’re run Microsoft ’s practical microcomputer or another emulation intersection and running Windows , your Windows environment is susceptible to all the maladies that a put up - alone Windows PC is . Virtual PC and similar tools do n’t merely let you get at Windows - created document and track down software intended for Windows machines ; you’reactually course the Windows operating organization .

Virtual PC , Real VirusesYou can minimize the risk by keep your Windows environment meticulously up - to - particular date via Windows Update , by turning on the built - in firewall in Windows XP ’s Security Center , or by installing your own firewall . ( Yes , that might mean running a Mac firewallanda Windows firewall . )

Also helpful is avoiding some of the security holes that provide Windows user receptive to computer virus and other malware . For starters , do n’t use Virtual PC ’s Virtual Switch meshing background , which let your practical Windows estimator turn as though it were abstract directly to your internet . If you put window right on your internet with its own IP name and address , it ’s vulnerable to any internet - based attacks , such as those that exploit Windows file - sharing vulnerability . ( Once Windows has been compromised , portions of your Mac ’s severe crusade that have been shared within Virtual PC might be accessible . )

Instead , use Virtual PC ’s share - networking schema . ( Select Shared Networking in the Networking tablet of each practical PC ’s configurations dialog box . ) This offers shelter similar to that of a caller firewall or a home broadband router , separating your computer from the Internet at large .

Finally , if you ’re run Windows , you need antivirus software installed in Windows , not just on the Mac side . SeeMacworld ’s sister publicationPC Worldfor recommendations.—MARK H. ANBINDER

Mac users do n’t need to worry about spyware .

TRUEBreathe a long suspiration of relief . Spyware — programs that record selective information , such as shop habits or keystrokes , and send out it to a remote server — runs rearing on Windows , but there are currently no real spyware programme that affect the Mac . There are several programs that can monitor what you do by taking screenshots at different time and immortalise your key stroke ( for instance , Camp Software’s$29 KeystrokeRecorder X , Red Byte Software’s$46 MonitorerX Pro 2.0 , andRampell Software’s$35 TypeRecorder X 2.1 . But these programs are plan for citizenry who want to supervise the activity of their Mac ’s users : businesses , schools , or parents may purchase and put in these programs to keep tabs on employees , students , or kid .

If you ’re a nonadministrative user of a Mac on which an decision maker has installed this type of program , there ’s not much you could do about it : you ’re not provide to remove the software program , since you do n’t have administrative rights . The best you could do is necessitate why it ’s there.—KIRK MCELHEARN

Sending chat subject matter is akin to throw off notes on loosely wadded paper across a crowded classroom .

TRUEIf you habituate any of the popular second - messaging applications for OS X — iChat , AOL Instant Messenger ( AIM ) , and MSN Messenger — your messages can be read easily by someone watch your electronic web dealings . That sound like the study of advanced computer cyberpunk , but all it takes is admission to your electronic connection ( in your companionship , at house , or at a public Wi - Fi location , for exercise ) and a packet - sniffing usefulness such asBrian Hill’sfree MacSniffer orStairways Software’s$39 Interarchy . ( concluding wizards can use the Unix com - mand

For example , the window at the left of “ internet Obfuscation ” display a snippet of textbook ship by iChat as it appears in Interarchy ’s dealings window . reckon past the hypertext markup language inscribe ( which iChat uses to define balloon color and text formatting ) and

hold open peril in PerspectiveBefore you swear off crying electronic messaging evermore , ask yourself a few question . Is it really likely that someone is scan your connection ’s data package ? You ’re probably safer chatting with a friend from a single Mac at home than from a laptop connected to a free Wi - Fi connection in a busy coffee berry store . Also , does your conversation contain top - secret information ? If most of your chats business dejeuner take - out options , you in all probability need n’t worry .

It ’s when you ’re talk over information that ’s individual or proprietary that chatting can become the weak link your competition is waiting for .

Can Software Help?Fortunately , there are several ways to make your chats secret . iChat users can purchase Intego ’s $ 40 ChatBarrier X3 10.3.2 (; November 2004 ) . If both chat participants are running ChatBarrier X3 , a padlock icon will bespeak that the connection is good . Someone using packet - sniff software program will see only encrypted text ( as record in the 2nd screenshot ) .

Another option is to practice software that ’s designed to hand over encrypted text . BitWise(subscription exemplar or limited gratuitous customer ) encrypts every message . However , you’re able to apply it to chatonlywith other BitWise users . If that wo n’t do , the open - sourceFire clientnot only lets you chat securely with other Fire users but also permit you have unencrypted Old World chat with others .

lastly , if you just need to mail snipping of secure selective information , view encrypting single subject matter with a program such asPGP — which stands for “ Pretty Good Privacy ” ( variously price package , including a freeware version ) . Recipients of PGP - encrypted messages must decrypt the text on their remnant . ( Think tiptop - orphic decipherer ring.)—JEFF CARLSON

When I ’m using a wireless meshing at home , I ’m totally safe .

TRUEandFALSEWireless Wi - Fi mesh use tuner wave , which often widen well beyond the four walls of your home . That ’s no big deal if most of the inhabitants of your neighborhood are cricket , but if you survive in an apartment construction or a dense urban area , it ’s easy for a neighbour or a visitor to a nearby business to skip onto the meshing . Less frequently , people might make it their mission to recruit your connection and attempt to get at your computers .

Because you ’re not a Windows substance abuser , there ’s no current need to worry about multitude on your AirPort internet misdirect your estimator with virus or malevolent program . So far , there ’s no such animal that does n’t also call for an administrative password . But you should be interest if your meshing hasnoprotection . In that case , someone could try out to link to your data processor and surf your shared folders .

By default , guests can connect only to the Public folder in each user ’s Home directory , which think they can see only files that you ’ve placed there on purpose . If you do n’t want uninvited guests to access that , secure your data processor . Go to System Preferences : communion : service , and turn off Personal File Sharing , Windows Sharing , Personal Web share-out , and FTP Access .

Locking Down the AirwavesIf you do n’t want to riskanyoneconnecting to your reckoner , sour on wireless security measure . Under AirPort , you may enable WEP ( Wired Equivalent Privacy ) . It ’s not the best surety standard , but it will rebuff all but determined crackers . If you use AirPort Extreme and all of your computers are operate Panther or Windows XP , you could opt for the stronger WPA ( Wi - Fi Protected Access ) . Here ’s how to ferment WEP or WPA on :

1 . Launch AirPort Admin Utility ( Applications : Utilities ) .

2 . Connect to your infrastructure place . ( Configure all al-Qaeda station this path if you have more than one with the same context . )

3 . fall into place on Change Wireless Security .

4 . Choose WPA Personal or 128 - bit WEP .

5 . For WPA , enter a long passphrase that check letters and numbers in the internet Password field , and verify it by re - entering it in Verify Password . A phrase like “ M*y ct hAZZ fleez9 ! ” is better than “ My cat-o'-nine-tails has fleas . ” The former has no words a redneck can discover using adictionary attack(when a program attempt to detect a password by combing through and combine all the words in a lexicon ) .

6 . press OK .

7 . select Update to re-start the base station .

On each computer that connect to this base place , use the AirPort menu to connect , pick out the method acting of encoding that you pick out in the AirPort Admin Utility , and put down the passphrase . convert it regularly for great security.—GLENN FLEISHMAN

When I ’m using a public hot spot , all of my countersign are being stolen .

TRUEIt ’s notliterallytrue that your word for e - postal service , FTP ( File Transfer Protocol ) , and Web sites are always being nabbed whenever you use Wi - Fi in a coffee workshop , a hotel entrance hall , or an airdrome . But the potential is so high that you might as well turn over it to be true .

citizenry connecting to the same Wi - Fi internet can see all the information pass away over it if they have readily uncommitted liberal packet - sniffing software installed , and they can snatch your word , e - chain armour content , and files out of the atmosphere .

Safe Passage for Particular DataIf you lug a laptop around for byplay or for pleasure , you could secure your Internet activity one by one . For case , encrypt your eastward - mail using a WWW mail service that supports SSL ( Secure Sockets Layer ) for pasture or that can assure POP , IMAP , and SMTP with SSL . All major Mac eastward - mail clients include SSL support . In Apple ’s Mail , go to the Accounts pane in Preferences and take the Use SSL option in Account Information : Server preferences ( outgoing e - mail ) and the Advanced lozenge ( incoming e - ring armor ) . Another option isFastMail(free to $ 40 per twelvemonth , depending on service level ) , which tender untroubled browsing and secure e - mail .

Web fashion designer often call for to transfer file to update Web web site while on the route . you may encrypt FTP using SFTP ( Secure FTP ) . If you ’re running your own file transfer protocol server on OS X , change by reversal on SSH ( Secure Shell ) on the automobile that has the file repository . Go to System Preferences : Sharing : Services and sour on Remote Login and FTP Access . There is an increasingly great issue of WWW host that also support SFTP for transferring file . You need an SFTP - equipped FTP political program such as Interarchy , too , on the information processing system that ’s connected to your monument .

When you shop or bank online , your data point is almost always already batten down with SSL . But if you detest the idea of your surfing being observed , use a service of process such asSecure - Tunnel , which propose free anon. surfing . impregnable surfing costs $ 8 per month .

Private Networks in Public PlacesIf you want a more comprehensive way to protect your wireless activities when you ’re out and about , consider securing your Roger Huntington Sessions with a virtual private connection ( VPN ) connexion . A VPN encrypts all the data that enters and leaves a computer over a internet connecter , such as AirPort , foreclose all snooping .

VPNs are n’t just for corporations any longer . OS X Server 10.3 ( Panther ) includes both tone of VPN server presently in wide habit . The veritable version of Panther includes a VPN client . ( Go to Applications : Internet Connect , and choice File : New VPN connexion ) .

Pick a Secure ConnectionFinally , at Starbucks , FedEx Kinko ’s , Borders , and other T - Mobile HotSpot locations , you could join to the cyberspace securely from within Panther throughT - Mobile ’s 802.1x service , a for - fee web that lets you sign in without using the typical gateway entanglement page that greet you . Instead , you enter just as you would to a dial - up internet . The hotspot ’s login server then automatically bring home the bacon your organisation with a unequaled encryption winder that protect your information from everyone on the same connection.—GLENN FLEISHMAN

The Mac ’s default security options are all you require to protect your computer from drudge onslaught .

FALSEHackers attempt to attack your computer over the Internet by encounter open , unsecured ports and exploiting them . A interface is nothing more than a room access through which computer data can be passed . Every calculator has thousands of them , and every receptive port is a likely unveiling point .

listen you , undecided port are a necessary part of your daily computer experience . Every prison term you open a Web page , you ’re using port 80 . Every vitamin E - chain armour you send goes through port 25 . share your iTunes music depository library ? You ’re using port 3689 . Open is n’t necessarily risky — as long as your Mac ’s operating system and the covering using the embrasure verify that only legitimate datum is being passed through those ports .

Hackers set about to incur open ports by trolling the Net , sending out messages that your Mac infer as “ Hey , anybody there ? ” When such messages hit your Mac ( even if they hit a closed porthole ) , it behaves like a puppy dog-iron , merrily skin back , “ Yep , I ’m here ! ” That response let hackers bonk there ’s something out there they can seek to exploit . They ’ll then use port - scanning software to bring out an undefendable door they can get into .

To foreclose this from pass off , you need a firewall . A firewall is simply a piece of software or ironware that digest between your computer and the rest of the creation , making sure that every piece of datum amount or leaving through an open port on your Mac goes only where it ’s presuppose to .

OS X has a firewall that ’s turn off by default . you may change that by going to System Preferences : communion : Firewall , and then press the Start button . candidly , there ’s no reason not to turn the firewall on if you always have your Mac connect to the cyberspace . As soon as you begin the firewall , all the ports on your Mac arestealthed . Stealthing a port makes your Mac behave like your high-pitched - school day crush who ignored you no matter how many times you attempt to make small lecture in the Asaph Hall . You made your presence known , but you were n’t even get the time of day . Any legitimate port that are open on your Mac will permit information to kick the bucket through and exploit normally , but to the rest of the humanity , your Mac becomes invisible .

However , for some the great unwashed , the Mac ’s built - in firewall is n’t the best choice . To find out if you ’re one of those drug user , see “ Raise the Wall . ” — JEFFERY BATTERSBY

Your personal information is in risk when you channel-surf the Web .

TRUEBut not , perhaps , in the way you think . Most people imagine some characterless practical basement , where frowsy hack act in the dark , drinking Jolt cola and waiting for you to slue up so they can get at your bank statement , credit card numbers game , and passwords .

But more often , your surfboarding will result in the smaller annoyance of spam . For instance , some sites require that you register , and then they sell your atomic number 99 - mail destination to others . The best way to prevent this is to make disposable e - mail address that you may use when you register . If you have a .Mac subscription , for deterrent example , you’re able to createaliases , which are unlike e - mail service address that funnel post into your account . These are linked to your master e - postal service account , and you’re able to delete them at any clock time .

Be John or Jane DoeAnother choice is to avoid registering by using a military service such as BugMeNot.com . If you go tothis Web web site , you may find substance abuser names and passwords for all variety of WWW sites . These are n’t shopping situation — you wo n’t receive someone ’s exploiter name and password for Amazon.com . But you ’ll find the login information require to access newspapers and other selective information sites that apply enrollment to track what you view .

Fooled by PhishingMore - serious security breach commonly happen because you ’ve inadvertentlygivenyour datum to the wrong mortal . For instance , phishingis when malevolent people air e - post subject matter pretending to be eBay , PayPal , your coin bank , and so on . The substance asks you to “ confirm ” your write up by entering your social surety issue , quotation card figure , or other sensitive entropy .

These content seek to trick you into pass on your personal information away so hackers can exploit it . Do n’t ever select a nexus in an e - mail like this . Also , twist off HTML display in your atomic number 99 - mail program so you could delay the validity of such contact . For model , if you get a content from eBay or PayPal that need you to enroll your info , look at the actual link . Very often , you ’ll see that it take a sphere name in another country , such as Korea or Russia ( .kror.ru ) , or you ’ll see a numerical reference , such as 192.168.123.456 instead of www.ebay.com . If you ’re ever in doubt , go forthwith to the WWW site in doubt and tangency customer supporting to affirm the content you receive.—KIRK MCELHEARN

As long as you have separate user explanation , your personal information is safe when you divvy up your Mac with others .

FALSEOS X uses filepermissionsto keep trail of who can study , write , and execute each Indian file on the Mac . This is all-important because it ensures that one user ca n’t access another ’s Indian file . But the scheme depends on the computer ’s executive , who has entire control over all the files and who must set up permissions correctly . You ca n’t all protect your files unless you are theonlyadministrator .

Even if you ’re the only executive , or if your administrator has coif up exploiter accounts very carefully , others can access your stuff and nonsense unless you ’re measured . For representative , anyone in your office , home base , or dorm can stroll up to your desk , sit down , and begin search through your personal documents if you walk away without logging out . Anyone with an OS X installation CD can start up your Mac with that cadmium and use its utilities to readjust the decision maker watchword .

If you have any in truth tender file on your Mac — from company financial plans to your top - secret spy material — the best style to protect them from pry eyes is to encrypt them ( see “ 8 Ways to Protect Your Mac Right Now ” ) .—KIRK MCELHEARN

[ Mark H. Anbinder is a senior technical adviser at Cornell University and a contributing editor in chief ofTidBits . Jeffery Battersby is a connection analyst at the law firm of Finkelstein & Partners in Newburgh , New York . Jeff Carlson is the make do editor of TidBits and the author of several books about the Mac , includingiMovie 4 and iDVD 4 for Mac OS X : Visual QuickStart Guide(Peachpit Press , 2004 ) . Glenn Fleishman wrote“Take Control of Your AirPort web”and writes day by day about Wi - Fi atWi - Fi Networking News . Kirk McElhearn is the author of several books , includingiPod and iTunes Garage(Prentice Hill 2004 ) . His web log , Kirkville , talks about Macs , iPods , and much more . ]

Still wearing a self-satisfied feeling because so few viruses affect the Mac ? It ’s not unjustified . No virus outbreaks affected Mac user in 2004 , and the other security incidents in our recent past are largely hypothetical :

•MP3Concept ( April 2004)Intego throw the Mac residential district by announcing that VirusBarrier would protect against the “ first Trojan horse ” affecting Mac OS X. In fact , a harmless test copy - of - construct utility , not an factual Trojan cavalry , had been developed .

•Opener ( October 2004)A malicious shell script first account onMacInTouch , Opener disables a Mac ’s firewall , turns on file sharing , creates a novel user account with admin privileges , and more , but only if the Mac ’s user installs and escape the script and put down an administrator countersign when incite to do so . Enter your executive password only if you have intercourse why you ’re being asked to and only if you believe the germ of the software that ’s asking !

Your defence ? Security UpdatesMeanwhile , Apple has patched a identification number of vulnerability that have n’t yet been exploit . For instance , Security Update 2004 - 05 - 24 prevents the accidental execution of malicious codification via certain types of uniform resource locator , and it adds a warning before launch an software for the first time as the outcome of double - clicking on a document .

Always stay on top of OS X ’s Software Update feature . To check that that you have it bend on and set to check weekly or daily , go to the Software Update preference pane in System Preferences.—MARK H. ANBINDER

From breaking codes to pull together tidings on terrorist organizations , the National Security Agency ( NSA ) is pay to bereallyparanoid . Downloadits pathfinder to bullet - proof OS XTC security .