Most computer users, even those who use Windows exclusively, often think that Macs are more secure. Although once there was some validity to that point of view, it hasn't been accurate for quite some time and those who write malware are increasingly developing attacks that are aimed at Macs.
Dan Petrillo of Cybereason says that's particularly risky in a business environment because just a few vulnerable Macs can make it possible for an attacker to get inside the network.
Cybereason provides enterprise-level protection and monitoring for corporate networks, so they're in a position to see trends as they develop. The company offers RansomFree without cost for home users.
Although this discussion addresses the dangers that Macs introduce in a business environment, it worthwhile for those of us who have Macs at home to consider. At one time, Macs were such a small target that crooks didn't bother with them. Macs were also somewhat more resistant to earlier threats because of the underlying Unix operating system, but the threat landscape has changed and protections for the MacOS are lagging behind those offered for Windows computers.
Petrillo says that Mac use in business settings is increasing even though Mac usage overall is stagnant and that alone makes Macs a more attractive target. Nearly all enterprises have some Macs and nearly half of all large businesses offer users a choice between Windows and the MacOS. Windows machines are generally well protected, but a lack of understanding about MacOS security has left a lot of Macs unprotected and a few unprotected Macs can be enough to allow attackers to compromise the network.
Business computers are more lucrative targets than home computers and Cybereason considers three general classes of users to be of interest to crooks.
The danger is exacerbated by the belief that Macs don't need as much protection and that makes them, increasingly, an attractive target. There are several reasons, Petrillo says, that Macs are considered less of a threat.
Dan Petrillo says that most of the attacks aimed at Macs in a business environment are intended to exfiltrate data and increasingly the attacks are "fileless", meaning that nothing is presented to a security system that can easily be identified as malware.
Fileless malware has evolved just as standard applications have. The attacks are continuously improving and becoming more sophisticated, but they can be traced back to TSR applications — terminate and stay resident. TSR technology was developed early in the life of personal computers and was used for helpful applications that remained in memory to watch for certain actions by users. Soon, though, crooks realized that they could use TSR applications. Fileless malware is not written to disk and remains in the computer's memory.
Because nothing is ever written to the computer's hard drive it's difficult for standard protective applications to spot it and it leaves virtually no evidence that can be used by investigators to identify fraudulent activity.
But perhaps the most dangerous threat to organizations comes from attacks that are aimed at the companies that provide products and services for the organization.
Supply-chain attacks are increasingly common. This is a topic we've looked at previously. Crooks aren't stupid, but they are lazy. When they can develop an attack on a third-party vendor that works with dozens or hundreds of corporations, they'll do so because then they can avoid having to find ways to introduce their malware into each of the individual companies.
I'm sure that Cybereason's Dan Petrillo means no disrespect for the MacOS or for Apple, nor do I. At the right of the Windows PC, I have a MacOS PC and on the left of the Windows PC, there's a Linux PC. Although I use the Windows PC more than the others, I respect those who created the operating systems. But I also try to maintain objectivity and reason to ensure that I avoid needless risks.
I may have explained previously how I came to own my first Mac. After spending all week in the Javits Convention Center for PC Expo in 2001, I went further downtown to look at Macs. When I got on the plane at LaGuardia to return to Columbus, a G3 MacBook came along with me. It was the last of Apple's computers that ran System 9 and it came with the first version of OS X.
There's a certain amount of irony involved in spending a week at a Microsoft-centric computer show in "The Big Apple" and then buying a Mac to bring home. That computer was in use for 10 years.
After spending a few days with System 9, I realized that even the not-quite-ready OS X was better. So my understanding of Mac hardware and architecture dates only to the earliest days of OS X. Should it be "OS Ecks" or "OS Ten"? Back then, I thought it should be "ecks" because it was based on Unix. Most Mac users seemed to feel that it should be "ten" because Roman numeral X is 10 and 10 follows 9. For years, I called it OS Ten, but "ecks" seemed to be winning when Apple changed the name to MacOS.
In typical Apple fashion, the company styled it "macOS" instead of "MacOS", but proper nouns in English are capitalized and I've always styled the name with a capital M. The same is true for IPad, IPhone, and all the other I-things from Apple.
A couple of years before I bought my first Mac, Apple had released the first IMac, the ones with plastic cases in a variety of pastel colors, no disk drive, no serial port, no SCSI port, and no Apple Desktop Bus port. People who owned printers, disk drives, scanners, and other peripherals that depended on serial, SCSI, or ADB connections had to buy new devices or buy adapters that would allow the existing devices to work the the IMac's USB technology, borrowed from Windows.
Apple has frequently been ahead of the curve with hardware, switching from 5¼-inch floppy disks to hard-shell 3½-inch disks and then dropping removable disks entirely in favor of optical discs. Many Mac users were most unhappy at the time about the elimination of ADB, SCSI, and serial communications ports.
So happy 20th anniversary of the IMac!
Anyone who has tried to help a distant friend solve a computer problem probably knows the frustration of trying to explain how to accomplish a task without being able to see the other person's screen. If it's your next door neighbor or somebody who lives down the street, its easy enough to just go there. But if you're in Ohio and the person you want to help is in Utah or California, a visit becomes more difficult.
For many years, I used the free version of LogMeIn and we used a paid version at the office. Then the company dropped the free version and the least expensive version costs $350 per year. That's not in the cards for somebody like me who occasionally needs to help a friend or relative. Some years I might use such a program a dozen times ($30 per use), but most years it's more like 2 or 3 times. So I've been searching for other options.
Twice in the past week, I've needed to assist friends who are too far away for a house call and I found Aero Admin. There's a paid version with more features, but the free version turns out to be more than sufficient for my needs. Better still, it doesn't have to be installed on my computer or on the computer owned by the person I'm assisting. The person who's requesting assistance runs the application, obtains an ID number, tells me the ID number, and then accepts a connection from my computer. After that, I can control the computer as if I was sitting in front of it, whether the computer is in Salt Lake City or Berlin.
The remote user will provide a number in the left panel to the person who's providing support. To connect to the remote computer, enter that number in the Client ID box on the right, select Remote Control, and connect.
It's even possible to connect to more than one computer simultaneously. The free version limit this to 2 computers. At the left, is an image of a session with (1) a desktop computer, (2) a notebook computer at the same location, and (3) the Skype connection we used to discuss progress.
The remote session can provide full control or just allow you to see what the user is doing. There isn't a way to switch between modes during a session, but that's not a significant problem. The free version is limited to 17 hours of use per month, 2 simultaneous connections, and a total of 20 separate connections per month; it doesn't include a chat option and doesn't support remote printing. Paid versions ($70 to $130 per year) add features and remove some of the limitations, but seriously: If you're providing on-line support for more than 17 hours per month to more than 20 computer users, you're in business and should be using a paid license.
So if you're somebody who needs a remote control application every now and then, Aero Admin looks like a great choice.