Macintosh security is a hotly debated subject for various reasons, including the scarcity of viruses. In fact, the number and severity of viruses is just a very small piece of the big picture. Those who really understand security know that a comprehensive security profile for the Mac is required to deal with threats via the Browser, port/firewall breaches, sensitive data protection, application sandboxing, defense against phishing, and identification of hostile IP addresses. Moreover, the optimum security profile changes with user location. Norton Internet Security (NIS), a bundled suite of three apps, handles all that and more with user friendly UIs.
An analysis of the modern threats to a Mac user will discover that there are many different ways to attack a Mac, via technical means, and the user, with social networking. While Mac OS X, based primarily on the open source FreeBSD, has some key architectural differences compared to Windows, it isn't completely invulnerable.
In addition, modern Mac users are heavy users of the Internet, whether it be research, entertainment or data management, such as MobileMe. These users don't have the expertise to look at logs and determine whether some event is a red alert or a red herring. As Apple has noted, users want to feel secure thanks to the expertise embedded in the OS as well as a security app they have selected and paid for, but they don't want to be a slave to geeky UNIX stuff.
What's New in NIS 4
NIS 4 takes a comprehensive approach to all threats so that the users can select which areas to focus on, depending on their expertise and concerns. Version 4 provides management in five key areas:
- Application Control - Manages which apps can access the Internet.
- Firewall Controls - Manages connections and see who's connected to the Mac.
- Identity Protection - Identifies fraudulent Websites and locks down personal data.
- Location Awareness - Adjusts the level of security based on user definable profiles and locations.
- Blacklisting - Accesses the DeepSight Community, the list of hostile IP address maintained by the U.S. Government.
Managing a Myriad of Settings
A robust security suite can't function if the settings are too complex to comprehend, if the UI is confusing, the defaults are poorly selected, or too much information is presented that distracts the user.
One of the most important design criteria for NIS 4, according to Mike Romo, the Product Manager, was to deal with exactly those four issues. Popups explain details to the user if asked for, Macintosh principles for UI design were adhered to and defaults gracefully select the most conservative setting and leave it to the user to adjust if necessary. Finally, if logs or more detailed data is desired, the user can drill down. Or just let the app do its job.
Also, Mr. Romo didn't mention the benefits of keeping the three apps: Norton Firewall, Norton Confidential and Norton Antivirus separated. However, trying to merge all of them for the sake of doing so would have been a mistake in this reviewer's opinion. Keeping them separate avoids errors in the code, keeps each app focused, and allows the user to focus on the task at hand.
Applications like this use kernel extensions (.kext) to monitor IP traffic, and if the user has some other applications already doing some of these tasks, there could be conflicts. For example, prior to this review I was using the highly regarded Objective Development's Little Snitch to monitor outgoing connections and Intego Virus Barrier to catch malware -- since my job has me living on the Internet in a wide raging fashion. Both of those apps have uninstallers, and so I removed them before installing NIS 4 and rebooted to be safe.
NIS 4, by the way, also comes with an uninstaller.
The installation is via a package installer (.mpkg) and takes about 60 seconds on a MacBook Pro. Right after installation, the DeepSight and Virus databases are checked and brought up to date.
Administrator privileges are required because of the .kext files installed. Any user with Admin privileges can run and configure NIS 4 if it's placed in the /Applications folder.
The app automatically starts a series of screens that enable or disable some basic settings, such as location awareness, phishing protection, and an alert bar in each Web browser launched. (With user permission.) Finally, the user is asked if the apps should be put in the dock and whether feedback to the DeepSight community should be allowed for their analysis efforts.
At this point, with the standard defaults, most users can just sit back and relax. Updates to the virus definitions are done automatically, in the background. If the user is tired of Mac OS X's Finder and others apps constantly reporting back to Apple, those apps can be identified and blocked. Other apps that appear to be reporting in for more than just an occasional version check can be blocked, just as with Little Snitch.
There are no formal preferences for these apps because each app is basically its own configuration control panel for the three classes of settings: Firewall, Viruses, and Confidentiality settings.
In a very nice hierarchical fashion, vertical tabs select the major categories, statuses are clearly marked, and on/off radio buttons are displayed. Then, if the user wants to dig deeper into the configuration, there is often a button that takes the user into deeper settings.
The look is fresh, technical and professional without being either condescending or overwhelming. The apps treat the user with respect because, after all, this is serious business.
In addition to the normal virus scanning and firewall functions, the user can also dictate whether certain files can be accessed or whether specific data can be outbound to the Internet, for example a social security number or account names and passwords.
The permissions go over and above the UNIX permissions to control who can access, modify or delete specified files.
Note: NIS 4 uses its own firewall not the built-in firewall (ipfw) used by Mac OS X. So Symantec strongly suggests that ipfw be turned off. (The Mac OS X firewall setting is found in System Preferences -> Security -> Firewall.)
One of the things I often forget to do, when I travel, is to turn off Apple File Sharing (AFP). NIS will detect when you've changed your location and turn that setting off if so instructed ahead of time. This is a very useful feature.
A Network Operations Center in Your Pocket
If it isn't clear already, excellent Mac security goes well beyond the petulant claim, seen in many forums, that Macs have no virus written for them and the UNIX OS plus Common Data Security Architecture (CDSA) take care of the rest. In fact, comprehensive security for Mac OS X not only involves many different technical elements, but is also ever changing as the bad guys on the Internet develop new techniques and dispense with old ones.
For example, modern UNIX daemons no longer cough up their identity just for the asking on a port, and even Windows users have learned how to keep Ethernet ports closed. So now the bad guys come riding along on port 80 when the results of a Web page are returned via HTTP. Phishing scams have strong elements of human psychology. New techniques will surely emerge. Just the act of using NIS 4 provides a sober introduction to the various ways Mac OS X security and sensitive personal data can be compromised.
Those users who have their appetite whetted for yet more information will find lots of useful resources from Apple on their IT Pro Web pages.
In addition to the Read Me file, which has some technical notes, there is a 26 page User Guide that mostly deals with installation and support. The applications themselves are self-documenting in that the user can dig deeper by clicking on the "?" mark on any of the configuration pages. I found the deeper technical explanations to be useful in terms of layout and clarity, telling the user how to get something done without delving into technobabble.
There is a cosmetic bug in the pre-release version of the Anti-virus component. Unlike the other two apps, the configuration window can't be closed by clicking on the Mac OS X red button. Mr. Romo said this will, hopefully, be fixed in a later patch.
I also had minor trouble with the Firewall app. Even thought I check the box "Don't ask again..." the firewall was persistent in asking for permission to let PathFinder and BBEdit access the Internet. Explicitly adding PathFinder to the application list solved the problem.
Little Snitch has been an essential app for me for a long time, and the addition of Intego's Virus Barrier has likely made for a necessary but insufficient suite of security apps. I like the idea of a comprehensive package with easy to understand settings and all my my needs met in one place. I especially like the inclusion of the DeepSight blacklist of IP address, something no mortal can or should try to maintain individually.
More importantly, if a user would try to duplicate the functionality of NIS, with individual apps, Mac OS X features, such as encrypted .dmg files, and security policies, it's likely more time and money would be spent than the asking price of NIS 4. Experts will always do things their own way and find fault with commercial apps, but for the average Mac user who wants to "set and forget," NIS brings together the essentials of high-level Mac personal security in a simple, understandable way.
Availability and Pricing
Norton Internet Security 4 is available immediately, in the U.S., in the Symantec online store for US$79.99. A packaged version will hit store shelves the first week in January, 2009. The price includes a one year subscription to Symantec protection updates. A bundle, that includes NIS 4 and NIS 2009 for Windows, designed for Mac users also running Windows is priced at US $89.99.
The license is for one machine and one user. No family pack has been announced. That idea was suggested to Mr. Romo, but it remains only under consideration.
NIS 4 requires Mac OS X 10.4, Tiger.