Tuesday, November 18, 2008

Don't Click "Yes"

The following is not meant as a fearmongering message. It is just important to know for your own safety and internet enjoyment.

We Mac users tend to get a bit complacent when it comes to security. I say this simply as a point of humility, because I haven't been bitten by this yet. One thing that I've told all my friends who have since switched to Mac, as well as those who haven't, is that you will be less vulnerable to malware than you would on the Windows side. This is still true. It is HIGHLY unlikely that a Mac user will contract some random piece of bad program just by doing their everyday normal stuff.

But one thing that we as computer users in general on all platforms need to remember is that there is more than one way to attack one's computer. Something becoming more and more common these days is "social engineering." In essence, this is the act of tricking someone into either providing personal information or downloading and running something they didn't ask for.

The former is known as a "phishing scam." This is one of those things that I would hope by now that everyone is aware of. Sadly, they're not. If you're one of them, read carefully. You may get phone calls or emails telling you something like "there has been a problem with your account and we urgently need you to log on right now and verify your username and password." It will link to a page that looks like an authentic eBay page or your banking website. Again, I would hope that by now no one should fall for this, but the fact that people still do things like this means that it still works, and that you (hopefully not you but someone else who's reading this) could be a victim.

Just remember one thing. Reputable institutions will NEVER e-mail or call asking for your passwords or personal information, i.e. social security number. If someone asks you, he or she is a bad guy. Delete the e-mail.

The latter method of social engineering I mentioned is a fake warning that pops up on your computer screen. If you EVER get a message telling you that

a) you have virus "xyz" on your computer and you can click here to download "abc" antivirus 2009 or
b) you are missing some plugin so the browser can't play some video,

be very, very wary. If you get a), you should NEVER click on any of the links or buttons. Just close the window. It will likely say you have xx number of viruses, but it's lying. The message that pops up IS a virus, and if you comply with what it says you will be destroyed. As of now, stuff like this has no effect on a Mac because it downloads a Windows EXE file.

If you get b) it could be genuine, since browsers by default can display only very basic content, and so some things will need extra plugins like Shockwave, Flash, Quicktime, etc. On the other hand, it could also very well be a fake, and you're letting malware into your computer. By the way, there's no such thing as "ActiveX" on the Mac so if you're a Mac and you see a message saying you need to download it, please kill it.

No matter what platform (that's our term for operating system, really - Mac OSX, Windows, Linux, Unix, BeOS, Solaris, VAX/VMS, CHASM, Silly Dog OS) you're on, if you click on these malicious messages, you're giving permission for them to jump in. Don't click "yes". Just say no, and close the window.