As Mac users, we’re accustomed to ignoring most of the scary IT stories that surface in the Windows’ world. Fundamental weaknesses like viruses, root kits, and even device driver conflicts are scarce to non-existent on the Mac. Thank god. But, that doesn’t mean that we’re immune to all computer-related hauntings. Let’s tackle a couple of those this October.
Plugins Be Gone
We Mac and Windows users share the same Internet. And, despite the Web’s reduced dependence on third-party plugins to display content, most users still have a few core plugins that they install in Safari, or their browser of choice. These are Flash, Acrobat Reader, and Java. As Apple, and particularly Microsoft, work diligently to harden their respective operating systems from intrusion, hackers have started to look at third-party programs for ways to invade and infect your computer.
Adobe Reader
It’s worth noting that none of these three programs come installed by default on your Mac. If you open a new Mac out-of-the-box, and never install these three plugins, you’re as safe as can be from the potential pitfalls of these add-ins. In lieu of Adobe’s admittedly bloated Reader program, every Mac comes with Apple’s own PDF reader and light editor, Preview. For day-to-day use, and certainly for reading PDFs on the Internet, Preview is more than capable. It’s regularly updated by Apple. It also, honestly, has fewer features (such as the inability to execute Javascript) that make it less vulnerable than Adobe’s Reader. Unless you can name a reason that you need Adobe’s Reader over Preview, in which case you have or someone in your IT organization has hopefully made an informed choice, there’s no need to install Reader. If you do need it, Adobe releases patches and security updates at least quarterly, and sometimes more often if critical vulnerabilities are exposed in the intervening time. To ensure that you’re running the most current version of Adobe Reader (11.04. as of this writing), launch Reader and then click on Help > Check for Updates. If there’s an update for your version, Reader will download and install it.
Adobe Flash
After PDF reading, the most common plugin legal professionals might need is Adobe’s Flash. Since this plugin also comes from Adobe, you have a similar likelihood for vulnerabilities and the same quarterly security patch schedule. Thankfully, in large part because of the rise of iOS and Android mobile devices, none of which run Flash, this plugin is gradually being supplanted by HTML5 technologies, which are built in to all modern browsers including Safari on the Mac and iOS. However, you will still encounter this plugin for websites on Macs. Depending on your philosophical stance on Flash, you can take one of two approaches.
The first is to download and install Flash in your browser of choice, and then make sure to check regularly for updates (System Preferences > Flash), or check the option that lets Flash check for updates regularly on its own. This method is the simplest and most straight-forward. The second option is to not install Flash in Safari (or Firefox), but to download Google’s Chrome browser and use it exclusively for sites requiring Flash. Chrome’s installation includes a Flash viewer that is sandboxed within Chrome, and which Google updates automatically as it updates Chrome itself. You can still view the overwhelming majority of sites in Safari, and install extensions like YouTube5 for Flash-heavy websites that still require Flash despite working perfectly fine as HTML sites when accessed by mobile browsers.
The second method – Google Chrome for Flash-only sites – is the one I use and prefer, but it does require a conscious choice to use two browsers; Safari or Firefox for general purpose browsing and Chrome for Flash-requiring websites. Using this approach means tolerating those times when you land on a website in Safari, where it doesn’t work properly, and then copy the web address, launch Chrome, and paste the address there. If you can become accustomed to this approach, it is safer and, if you’re using a laptop, you may see improved battery life because Flash is known to be a battery drain.
Java
Recently, we’ve seen no end to Java vulnerabilities. The current release, version 7, was launched in July 2001, and has seen 40 patch cycles. These subsequent releases include fixes for 30 vulnerabilities in update 9 in October 2012, 50 vulnerabilities in update 13 in February 2013, and 42 in update 21 in April, and 40 more in update 25 in June. One could make two arguably contradictory arguments at this point: 1) Java is patched and updated often, and 2) If Java 7 has been out for more than two years and their still patching 25 vulnerabilities in month 23 after the release, how many more remain undiscovered.
I tend to lean in favor of the second view, and avoid installing Java if I can. That being said, Java can play two roles on your Mac. The first, and relatively safer one, is as part of a desktop application used for strictly desktop purposes. An example of this would be NeoOffice, an open-source office suite. There are other desktop programs that require Java. Installing it for those purposes is fine.
What you want to avoid is installing Java and letting it be active in Safari or your web browser of choice. If you’ve determined that you need Java installed, and have installed it from www.java.com, make sure to go to Safari > Preferences > Security, and uncheck “Allow Java”. This will allow you to use desktop apps that require Java without exposing this plugin to the Internet.
Conclusion
Hopefully this article protects your browser and computer from some of the scary parts of the Internet. Feel free to reach out if you have questions.