With the completion of the "OnMac" contest in late March,
Apple's release of Boot Camp on April 5, and the announcement of
Parallel's Workstation (beta) one day later, the Mac world is abuzz
with talk of dual-booting, virtualization, and the great potential
of multi-OS Macs. (To be fair, there are some nay-sayers, although
they aren't making as much noise as I anticipated.)
I think Apple's release of Boot Camp (see our review, Not Perfect Yet, but Boot Camp Works as
Advertised) is one of the best marketing moves since "1000
songs in your pocket". Its brilliance lies in the fact that Apple
is primarily a hardware company, and as much as we all love
OS 9, OS X, and the Apple applications, we have to
recognize that these exist essentially as elaborate sales pitches
for Apple's hardware.
If you doubt this, consider the iPod: Originally a Mac OS-only
product, it became clear that making a Windows-compatible iPod and
porting iTunes to Windows would sell more hardware (iPods) than
trying to attract people to Macs via iPod sales.
Macs are no longer the "malware-free"
computer they once were.
Boot Camp represents a similar opportunity for selling Macs, but
on an even larger scale. It also brings an ominous truth to the
forefront of my mind: Macs are no longer the "malware-free"
computer they once were. While OS X remains untouched by any
substantial malware threat, anyone using any form of Windows
on their Mac - including through Boot Camp - is vulnerable to
malicious software ("malware") attack.
This struck me when I first read the headline announcing Boot
Camp on CNET. In an ironic juxtaposition, three headlines down
read: "Gates acknowledges that some malware renders Windows
unrecoverable". It didn't take long to realize that this level of
threat is so unfamiliar to longtime Mac users that they may not
know how to protect themselves.
One statistic I read claims that the average new,
just-out-of-the-box Dell would be infected with malware less than
20 minutes after being connected to the Internet. That could be
just as true for your dual-boot Mac.
...most Windows malware issues are the result
of overconfident, lax, or slow attention to protection.
The truth is, most Windows malware issues are the result of
overconfident, lax, or slow attention to protection. Most of my
computing friends are Windows users, and very few of them have any
substantial problems with malware - because they all know how
important taking protective measures is on that platform.
If you're planning or even thinking about a dual-boot or
virtualization setup (or, if you're considering Microsoft's Virtual
PC for a PowerPC Mac), you can live with similar levels of security
and trouble-free computing. But your learning curve for dealing
with malicious software just got a lot steeper.
To guide you up that learning curve, I recruited one of my
friends to help with this article. Ashley Dusenbery is an IT
specialist who works primarily with the Windows platform - but he's
also a "Mac-friendly" guy, so he has a good appreciation for our
beloved platform as well. Ashley will give us the specifics on the
different areas of security we must give attention to.
Viruses
It all starts here, since this is the form of malware everyone
is most familiar with. Viruses pose a genuine and frequent threat
to the unprotected computer: They can be as harmless as simple
pranks or as harmful as deleted files and directories. Viruses are
self-propagating, so they can spread fairly quickly, and it's
normal behavior for one to attach itself to outgoing emails or
other files in order to spread to other computers.
One thing that longtime Mac users will have to get used to is
the way we think about the Internet. Since Macs are almost
completely virus/malware free at present, there must be a shift in
thinking when using the Net: The Internet is a dangerous place. If
the Internet were a gigantic swimming pool, the thought of jumping
in and taking a dip would be repugnant to you. It's more than just
a lone Baby Ruth at the bottom of pool; there is a heavy sheen of
ichor that infuses the waters of the Internet.
When it comes to antivirus protection, we tend to believe that
you get what you pay for. Here's how it works: You shell out $40
for the software and usually a year's subscription of regular virus
definition updates - and an additional $40 a year to renew the
update subscription. Old viruses are modified and new ones are
released into the Internet ecosystem every day.
Antivirus software requires that you update the list of known
virus threats almost daily to keep up with the bad guys. This is
where virus definitions come in. Consumer virus protection software
such as
Symantec's Norton AntiVirus and McAfee AntiVirus offer reliable,
prompt virus definition update service.
There are some free software tools available, and some folks we
know are very big on them. Three fairly well-known options are
Grisoft's AVG, AVAST, and AntiVir. Our experiences have been
very limited with these products.
Adware & Spyware
Here's a concept everyone will appreciate: Do you love "popup"
ads in your browser? What if you could have them all the time, in
any application you use - or even when all applications are closed?
That is the basic premise of adware: small advertising windows that
show up all over the place, simultaneously annoying you and eating
up your system resources.
Then there is spyware. Similar to adware, these are programs
that run on your computer to watch how you compute - think, very
elaborate "cookies" for your entire system. Some commercially
produced spyware programs will report data on what software you use
or what websites you visit. Others will record the keystrokes you
enter into any program so that identity thieves can glean your
credit card numbers and other personal information. Sounds
encouraging, right?
Adware and spyware go hand in hand and are very tenacious and
nasty programs that can not only threaten your privacy but can
actually ruin your computer.
Almost everybody is familiar with the threat that viruses pose.
In truth, viruses have been around since 1986, the virtual Stone
Age of computing. Adware and spyware are much more recent threats
and can be devastating to not just your computer, but to you as
well. The real target of adware and spyware isn't your computer
hardware, but you - your personal information, Web surfing habits,
email addresses, credit card numbers, etc.
The good news is that it's pretty easy to keep yourself free
from threats, and there are some very good free programs. We should
also say that Both McAfee and Symantec offer products that come
bundled with their antivirus programs for an additional cost. They
work just fine, but really there is no reason in the world to spend
money on adware/spyware protection.
The two most popular forms of free adware/spyware protection
software are AdAware and Spybot Search and
Destroy. Both offer regular program updates to account for the
most current threats as well as immunization utilities to keep
threats from recurring. We recommend that you scan and immunize
your system once a week.
Microsoft also has a free adware/spyware utility for Windows XP
called
Windows Defender. It's still in beta testing, and it can be
easily downloaded from the Microsoft website. The big benefit of
Microsoft's utility is that it works in real-time, much like the
active virus monitors in antivirus programs, which offers a
proactive defense.
AdAware and Spybot, on the other hand, require you to perform
the scans routinely. As former Defense Secretary William Perry (or
was it former lineman William "the Refrigerator" Perry?) said, "the
best defense is a good offense."
All these programs offer an automatic scheduling utility that
make things easy for you. Make sure you have Windows running when
the software is scheduled to run, or it won't run automatically at
that time.
Other Threats
If you're running Windows in the field, make sure you have the
Windows firewall turned on. If you're using a desktop Mac and are
behind a good hardware firewall, you can keep the Windows software
firewall off, as it may conflict with some applications.
It's also important to keep Windows up-to-date via the Windows
Automatic Update utility or by visiting the Windows update site
regularly. As new threats emerge, they often exploit weaknesses in
the Windows Operating System. Microsoft often has to close those
holes via patches to the Windows software.
Other Problems for New Windows Users
Boot Camp appears to set the default Windows partition size to
5 GB; in our opinion, that's a pretty small volume for all
that it will need to do.
A standard Windows XP home or XP Professional installation will
fit on the default Boot Camp drive. But Mac users need to be aware
that Windows software typically requires substantially more drive
space than its Mac counterpart.
On top of that, Windows relies heavily on a "Swap file" and a
"virtual memory" system that both tax the available hard drive
space. Basically, Windows sets aside a portion of the boot drive to
use as RAM for running applications. The default amount of virtual
memory is around 800 MB, which should still leave you plenty of
room on the partition for an application or two - but not much more
than that.
All of this leads to the need for a larger partition for an
ideal multi-OS system. This is where some careful planning and
forward thinking is essential. You need to know how many
applications you plan on running. If you are only installing
Windows for one application, say an office database or something,
and you're certain that you won't be using it for much else, then
the 5 GB partition is fine.
Depending on what applications you'll install and run under
Windows, we recommend a partition size of 10-20 GB. Hard drive
space is cheap, and it probably wouldn't hurt to go ahead and give
yourself a little more room to maneuver and grow.
Who knows, you might actually like using Windows.... 
Further Reading
- Windows Security for Mac
Users, Alan Zisman, Mac2Windows, 2006.04.18. Yes, you can run
Windows XP on the new Intel-based Macs, but before you do, you
should know the dangers inherent in having a Windows machine
connected to the Net.
