Historical Documents

admin

Securing your Mac, pt 3

Between September 2005 and July 2011 I was a regular contributor to MacFormat in the UK.

Whereas I’m posting the published articles for my MacWarehouse writing with the MacFormat ones I’ve decided to post the text as submitted, including any comments that I included for design. I am, however, allowing myself a few small edits for clarity.

The particular one is my seventh column, written in March 2006. This is presented purely as a historical record as much, if not all, of the information contained in it may well have changed in the meantime.

Securing your Mac, pt 3

Last month I talked about the benefits of having a good password and not having your Mac save it for you. One of the key ways to ensure that your password is a good one is to not use real words, the name of family members etc. Whilst it may be easier for you to remember the name of your dog than a random collection of letters and numbers it is also much easier for someone to guess. This can be exploited by something called social engineering.

Social engineering is used by both virus writers and spammers to try to trick the unwary into exposing their system to an attack of some form. You may get an email that appears to come from your bank that asks you to log onto their website to confirm your account details or password. Trusting your bank you do just that and in doing so give the spammer all the info that they need to access your account. Your bank will never ask you to do anything like that, if they ever do I suggest that you run a mile and start banking with someone else. If you need to confirm things then log on to the bank’s website in the usual way and do not click the link in an email as it will probably lead you to a site designed to look like the real one that your bank uses.

Alternatively you may get an email from a friend that says something like “Hey take a look at these great new pictures” but the pictures are nothing of the sort and really contain a Windows virus that would, on a PC, replicate itself and mail a copy to everybody in your address book in the hope that, since it appears to have come from you, they trust and open thus perpetuating the virus.

Note that in the paragraph above I stressed that it would be a Windows virus that would infect a PC. Until recently I would be pretty confident that this sort of thing only affected PCs and not Macs but the world of malware is changing. Malware is an overall term that encompasses not only spam and viruses but also other nasties such as trojan horses, spyware and phishing attacks. Many people confuse viruses and trojans, and there is a definite distinction between them, but either way malware of any sort should be considered a bad thing.

In the past few weeks there has been a lot of noise in the Mac community about the first genuine OS X viruses having been found. As of today, and things could very easily change in the short time between me writing this and it being published, there have been no OS X viruses found “in the wild”. The items that are being talked about are trojans rather than viruses and are generally just a proof of concept rather than a finished product but that doesn’t mean that we should dismiss the treat that they, and their descendants, pose to us.

First, the basics. OS X is essentially a secure architecture. Many of it’s components have source code that is open and so there are lots of eyes trying to fix any holes that are found in it. When Apple release a security update you should install it, taking the precautions that I mentioned in previous columns first. Turn your firewall on and only open it to the services that you actually need to have access to your Mac. Use anti-virus software and ensure that it is regularly updated. If you don’t update it then it is worse than useless as it will give you a false sense of security. Today we are mainly ensuring that we don’t pass on Windows viruses, tomorrow you may be stopping a Mac virus from spreading.

Second, watch out for social engineering. Before opening an email ask yourself if you really were expecting Aunt Agnes to send you some “cool new pics”, which is really just a trojan in disguise. Your bank and other organisations should never ask for passwords and account details in an email.

Third, watch what you install. OS X will ask for a admin user name and password before installing applications that scatter parts of themselves throughout your system. If a dialog pops up asking for your password were you expecting one? If you weren’t, e.g. you just clicked on a picture in an email, then don’t give it your password. Don’t just enter passwords blindly, make sure you know why you are being asked for it and what for.

Fourth, don’t use an administrator account for general use. If you can make sure that you log into your Mac as a user that doesn’t have the right to administer the computer. This gives you an added layer of security as you will have to enter the name of an admin user and their password before you, or a virus, can do anything really destructive. You can always log out and log back in as an administrator if you want to make major changes, just remember to log back in to your regular account when you have finished.

admin

Securing your Mac, pt 2

Between September 2005 and July 2011 I was a regular contributor to MacFormat in the UK.

Whereas I’m posting the published articles for my MacWarehouse writing with the MacFormat ones I’ve decided to post the text as submitted, including any comments that I included for design. I am, however, allowing myself a few small edits for clarity.

The particular one is my sixth column, written in February 2006. This is presented purely as a historical record as much, if not all, of the information contained in it may well have changed in the meantime.

Securing your Mac, pt 2

In the last part of this article I discussed the risks that might occur with an isolated Mac. This month I’ll cover simple steps that you can take to secure that Mac from prying eyes. They won’t defeat a determined attacker but will help to stop the casual interest of the wrong person. You may not choose to take all of these steps but the more you do the more secure your Mac will be. The balance between convenience and security is ultimately your choice.

Have, and use, a firewall. Most Macs are connected to the internet for at least part of the day, some have a permanent connection via broadband. Statistics show that if an unprotected PC is connected to the internet it will probably be compromised in just a few minutes. Whilst Macs are more secure than PCs we cannot be blasé about our security. This article is too short to go into a great deal of depth about firewalls, I’ll save that for another time, but ensure that you turn on the one that is built into OS X and if you do have broadband make sure that either your router has a firewall built-in or you use a separate one. The OS X Firewall can be found by opening System Preferences, selecting Sharing and then selecting the Firewall tab. Turn the Firewall on and make sure that in the section labelled Allow you only have a check box against the services that you actually need.

Use a good password, and remember it. A password is of no use at all if all someone has to do is to look at a Post-It™ note stuck on your screen to find it. Use different passwords for different things. Don’t use names of pets or family, in fact don’t use real words at all. Mnemonics are useful, as it will be easier for you to remember a phrase than the individual characters and use a mix of upper and lower case and replace some of the letters with numbers or other symbols. Hidden away in OS X is the Password Assistant which will give you a good indication of the strength of your password. Open System Preferences and select the Security preference. Then click the button labelled “Set Master Password” and next to the Master Password box click on the question mark. The Password Assistant will now pop up and you can see how strong your own passwords are or try having OS X suggest some more secure ones for you.

Don’t have the Mac save passwords for you anywhere. It is very convenient to have your Mac start-up without having to enter a password, to connect to any servers automatically and to have usernames and passwords entered into websites for you. Life is much easier when you don’t have to remember all those passwords but what is a convenience when the rightful owner is sat in front of the Mac becomes a very real security risk when the wrong person is there. The more steps that someone has to go through to get to your information the more likely they are to give up before they get there.  The first place to start is back in the Security preference pane. Select “Disable automatic login” and “Log out after… minutes of inactivity”. These two items will ensure that all users of the Mac will need to log in using their password and if they stop using the Mac for a period of time they will be logged out and will have to log back in again. Also select “Require password to wake…” which, in conjunction with setting your screen saver to come on after a period of inactivity, will give you two levels of security if you walk away from your Mac whereby, for example, the screensaver will come on after 5 minutes and require your password to unlock your Mac and after 30 minutes you will be logged out completely. The screensaver can be configured in the Desktop & Screen Saver preference pane and by selecting the “Hot Corners…” button you can set a corner of the screen as being somewhere to start the screensaver immediately. By doing this all you have to do is to move your mouse to that corner of the screen for a few moments and the screen will be locked with your password.

As an aside all users of the Mac have a password but there are a surprising number that don’t know that they have one. You will have had to enter it when you started your Mac up for the first time in the account creation part of the Setup Assistant and you will need it every time you install software on your Mac. If you can’t remember it for whatever reason now is a good time to change it to a more secure one. Go to the Accounts system preference and select your user name, which should be listed under My Account and click on the “Change Password” button. You can access the Password Assistant to help with setting a secure password from here as well, but this time the icon for it is a key. It is also good practice to ensure that all users of the Mac have a separate account. You can always share pictures, music etc. by keeping them in the /Users/Shared/ folder but by having a separate account for each user you enable them to not only keep private information private but everybody can have their account setup the way that they like it with different desktop clutter, dock icons and Finder preferences.