Anti-Virus on a Mac

Posted on
Share This:

Mac users weren’t always used to using anti-virus software. In fact, several years ago there were few choices and most were a bit pricey. Very few viruses were written to exploit the Mac operating system (OS) so the main concern was to avoid spreading viruses via email and file sharing to Windows users.

Most viruses and malware are still designed to attack Microsoft products. However, things have changed. Viruses, trojans and other malware has now been created specifically to attack the Mac OS.

So it’s starting to become risky to run a Mac without security software, especially now with the rise of ransomeware when the data on the Hard Drive is encrypted so you cannot access it without paying the extortioner (please don’t pay, they usually don’t cough up and they’ll put you on a ‘sucker’ list which will lead to future targeted attacks on you).

So whilst you need to back up anything that you value on your computer, (see my previous article on backing up), it would be very wise to install some anti-virus software. Right now (or soon) if you haven’t already done so. If you already have, please don’t start ignoring warning messages and make sure the license has not expired if you purchased it. Give any warnings reported by the software some attention and get help if you are not able to resolve things.

Free software or should I pay?

There are many products out there, paid for and free. Here’s a quick low-down on the choices. With free software the advantages are obvious but typically, they will be slightly less efficient and thereby slow down your system a little more. They may contain adverts and may nag you to upgrade to a paid version. Lastly, free software usually comes with less help and can be a little more difficult to use but most importantly, free versions should give you the same degree of protection so don’t be put off if you’re on a tight budget.

If you have a few pennies and like the easy life, paid for versions of software are usually easier to use and help is often free. The software may be better designed but remember that if you change your card number, the software may not automatically renew so PLEASE DON’T IGNORE WARNINGS.

How do you use anti-virus software on a Mac?

AV software stays on in the background keeping an eye on new emails coming in and trying to spot known viruses whilst looking out for unusual activity on your Mac.

If your machine starts to behave differently, it might be time to run a scan. Often you have the choice between running a “quick” or “smart” scan or running a much slower “full system scan”. If you have suspicions about your machine, run a full scan as soon as possible.

When the software finds a virus it may delete them or quarantine them by placing them in a special folder. Good software will help you deal with issues that arise and you should follow the instructions provided by the results of system scans. If it is unclear, you should probably get some help.

AV software can also be used to run automated scheduled scans. Pick a time when you are unlikely to be using it but it will be switched on and set it to scan at a regular interval. Daily, weekly, monthly etc. Whatever you feel comfortable with but remember, virus scanning slows down the performance of your machine so pick a good time to do it.

How can I choose which AV to use?

Have a look at this 2017 article from MacWorld magazine. It might help you to choose whats appropriate for you.

If you are concerned about online safety, come back soon because I plan to write more on the subject.

Share This:

Passwords Minefield

Posted on
Share This:

I recently discovered a website where you can enter your email address and discover whether it has appeared on a list used by spammers and hackers (the link is below). Now you may not be surprised that your email address is on some kind of list, you get spam right? If you don’t then you are fortunate.

The scary thing about these lists is that many of the addresses on them are accompanied by a password or passwords! Yes, that’s right. Millions of email addresses and passwords associated with them are out there waiting for hackers to exploit them. Spammers are very annoying, but hackers and cyber criminals are causing mayhem with stolen data.

So this is one of the biggest threats out there for people at the moment in the online world and the quicker we all deal with our password problems, the less likely we are to fall foul of this data that’s out there.

How do I know if this is affecting me?

It would be good to know whether we are affected by these security breaches. We can find this out (I include a link further down in the article), but if even if we are in the clear, it’s no reason to continue with poor password practice. We could easily be on the next list as we don’t know which corporations data will be compromised next.

Hacked databases have originated from companies including Yahoo, Adobe, Snapchat, Tesco, Dropbox, Vodafone, LinkedIn, Minecraft, MySpace, Paddy Power, Avast, BitTorrent, Domino’s, Foxy Bingo, Kickstarter, LastFM, Malwarebytes, ReverbNation and tumblr.

That means that the email address and password combinations are either in the public domain or being shared by cyber criminals. Of course, they are being used for sending junk email or spam (with no password required) but also for darker purposes requiring the password, usually involving money, e.g. fraud or extortion.

So what can we do about this?

It may be apparent that we need to take action to avoid being exploited and the simple advice you hear often goes along the lines of:-

  1. Change passwords from time to time
  2. Change any passwords that are not strong
  3. Use different passwords for different services

Unfortunately, in practice, this is all just too difficult. We forget to change passwords unless we are forced to do it and secure passwords are really hard to remember. There is a good solution to these difficulties but first I want to describe the risks in a bit more detail.

These breaches have outlined the password habits of humanity and it has taught the hackers and security experts a lot. Passwords that you think might be clever are being used by thousands of people and are therefore very easy to guess (they use machines to do this).

Common not so clever passwords

12345, qwerty, qwertyui, password, passw0rd, football and welcome and their variations are all incredibly common. Also it has been discovered that many people are using the shape of the keyboard to try and outwit hackers. So zxmnzxmn, poiuyt, qazplm etc are all very vulnerable as are ANY dictionary words and even obfuscated v3rs10n5 of these words.

The hacking tools are getting smarter all the time. In the future, I can imagine a password cracking tool that will automatically scan Facebook accounts and try to crack passwords on other services for that email address by analysing habits, pets names, important dates etc. In fact, a tool like this may already exist whether created by a criminal gang or by some national security service.

What’s the best advice then?

Most security specialists advocate the use of a password manager protected by one very secure password that allows access to all of them. One password to rule them all. On the Mac there is the Keychain, free as a part of the Mac OS. This can work locally (per machine) and there is also an iCloud version to make things easier across multiple devices. On Windows 10 there is Keeper which is also free. Several third party programs exist for Mac or Windows like 1Password, LastPass, LogMeOnce and Dashlane.

Password managers make it really easy to create and save passwords so anyone with the computer password can access all online services without having to remember passwords. But you do have to remember one master password (which must not be guessable).

If however, you don’t use many services or you hate having to enter a password to access your machine, one alternative that works for some is to create a story and then capitalise it. E.g. Memorable phrase = walking, running and cycling are my favourite forms of exercise; password = wr@c.amff0E. This password is quite strong and quite memorable. If you do this, make sure that you don’t use anything to do with your name, address, pets name, date of birth or anything else that you publish online about yourself. If you use the same password for multiple services (not advised), you’ll have to change them all if one gets compromised.

Someone I know used the same password for Ebay and for PayPal. Unfortunately, they responded to a phishing email, clicked a bogus link and entered their Ebay details into the fake website (which looked exactly like the real Ebay). That was bad enough, someone bought loads of products on their account but because the PayPal account had the same username and password, they were able to pay for all the items via my friends bank account. Ouch!

You can check the strength of passwords you intend to use with this tool supplied by the Open University. Try adding a full stop, a hyphen, a capital letter or a number and watch the effects on password strength. This method can be very useful when choosing your master password when you decide to use a password manager (I hope you do).

How do I check my address?

If you would like to check to make sure your email address is secure, visit this security website run by a Microsoft professional. There is a fair chance that you might trigger a positive response and if so, it will tell you where you data was leaked from. This could give you an inkling of when it happened and therefore, which password is vulnerable. Not sure about the validity of this service? See the Wikipedia article about it.

Change your password for the service or services. Change your email password. But also, please remember that any similar passwords you’ve used on other services could now be easily guessable so you should make an effort to update all old passwords for all the services you use or have used. Of course, you should prioritise things like online banking and other services who may have access to your bank cards e.g. Amazon, Tesco, John Lewis etc.

If you get the green light you might breathe easy for now. However, this list is unlikely to be complete and data breaches are happening with alarming regularity. By implementing the advice you assure that if your details are compromised, criminals will not be able to use this information to compromise accounts you have with other providers.

Now I’m really scared, help!

If it’s all too much and you need assistance or advice, get in touch. I may be able to help you with this. Or use the information in this article at your own risk to clean up your own password minefield.


Share This:

Why Backup?

Posted on
Share This:

This kind of conversation happens far too often.

Caller: My laptop is broken, can you fix it.
Tim: Sure, I’ll have a look at it, drop it off and don’t forget the power supply. Do you have a backup?
Caller: Er… Not really
Tim: Is there anything important on the Hard Drive that you don’t have anywhere else?
Caller: No, not really.
Tim: How about photographs?
Caller: Oh yes, all our family photos are on there from the last 6 years.
Tim: Oh! Do you have these saved anywhere else.
Caller: No, I’m afraid not, I’ve been meaning to get round to it…

This is so important for anyone who has digital data, whether correspondence, photos, documents or addresses. Any hard drive, memory stick or data storage device can fail at any time. I’ll say that again, AT ANY TIME. Data is vulnerable unless it is stored on more than one device and in more than one location.

So while it’s important to remember that your equipment could be stolen or damaged by fire, flood etc. It’s really important to understand that mechanical failure is actually not a rare occurrence. It might never happen to you but it’s not unusual. Remember too that electronic data (that includes your family photos) can be damaged or destroyed by hackers, malware, viruses and also human error. You can do it yourself by accident!

So while I don’t want to scare you, I actually do want to scare you enough to take action and avoid the stress of losing your data and enjoy the peace of mind that if your equipment lets you down, you have all your stuff on another device and it can all be retrieved.

You might think that if you take your broken computer to a computer shop, they will repair it and restore your data. Unfortunately, all too often the machine is restored to factory settings along with, “sorry, your data could not be recovered, didn’t you read the small print?” It is true that data specialists in most large cities can quite possibly retrieve some of your data from a damaged hard drive but this can be expensive and none will guarantee that they can restore your data.

So, for those out there who like to get on with things yourself and are keen to get on with it, get informed, buy an external hard drive and find a way of copying your data. If anything is absolutely critical to your business or to your happiness, get multiple backups and consider the possibilities of fire, flood and theft.

If you have considered online storage to cover you for fire and theft, read on. In one way, data stored with a corporation like Google or Apple is probably safer than data in your house as the chances of them losing it are very slim. However, consider these factors before you jump in.

  1. Broadband speeds in much of the UK make backing up your whole system online impractical, you might want to limit it to just the most critical data.
  2. Good providers use strong encryption with two-step verification
  3. Large corporations are the target of malicious hacking on a daily basis, they don’t like to talk about this. Serious breaches have occurred including the publication of usernames and passwords
  4. Remember that large corporations like Facebook, Google and Apple like to give you the impression that they are acting in your interests but they nearly always act in their own interest

Now you know what you’re getting into, you can decide which of your data if any you’d like to store with an online service e.g. iCloud Drive, Dropbox, Microsoft OneDrive, Google Drive. These companies do have a vested interest in keeping their products secure and they have infinitely more resources than you or I to keep their storage robust  and secure.

If this is all too much of a minefield for you and you are concerned to put your house in order, why not get in touch with me to discuss whether I can help you or sign up here to be considered for a free consultation.

Whatever you do, BACK UP!

Share This: