Mac OS X Security

Mac and Linux users aren't used to turning on the news and hearing about security threats that affect us. The Linux stuff doesn't get reported because Linux is too geeky, and the Mac threats have been generally absent because there haven't been many. Well, two Mac issues popped up last week and caused a bit of excitement. The second of the two was really bogus, and probably never would have had any legs at all if the other one hadn't happened. From patched. The other thing (and it is just a "thing" - it's really not a virus and it's barely a trojan worm) was quite exciting to some: Mac Geekery - Basic Mac OS X Security but I am a bit more draconian: Don't carry a loaded gun around the house What I mean here is don't be root. On Mac OS X, the root account isn't even enabled by default and ordinarily you'd want to leave it that way (use "dsenableroot" to enable or disenable it). Don't even run as an Administrator account except when you need to. That's a lot easier to do on Mac than it is on Windows (and there is no such thing on Linux in general), and Fast User Switching makes it painless to login as an Administrator when you do need it. The point is to keep the firearms put away and locked up so they aren't available for use. If you have been using an Administrator account, don't switch your account to a non-admin account as suggested at the Mac Geekery article. Just make a new account and start using that. Copy your files as you find you need them and you'll also accomplish a nice house-cleaning. Lock the doors While you are logged in as an Administrator, visit the Security Pane in System Preferences and tell it to lock everything - check off "Require password to unlock each secure system preference". That's important and should be automatic. You might also consider disabling automatic login and requiring passwords to wake up from sleep, but those things are more for protecting against unauthorized use than virus and worm attacks. While you are in there, check Sharing and make sure you aren't running services you don't need to run and that the firewall is enabled. You DO have a hardware firewall also, right? "t00r" is not a password Your passwords need to be really tough and you should not be using the same password all over the internet. Yeah, I know that means a lot of passwords, but it doesn't have to be that hard. For example, for the dozens of sites that I need passwords for but that aren't particularly critical if hacked (meaning that you could pretend to be me for a comment or whatever but can't steal money), I use two basic passwords and add in part of the site name. For example, I might use "fru%78hfg" as one password. When I visit xyz.com, my password is "fru%xyz78hfg" but if I visit abcsoftware.com, it's "fruabc%hfg". The positioning of the "%" is determined by the alphabet position of the "a" in "abc"; under "m" means position before the %, "n" on up means insert three characters after the %. This gives me unique passwords for each site, but I know what they are. No automatic passwords, thanks anyway In Applications, Utilities is the "Keychain Access.app". If you opened that up on my machine, you'll find that it doesn't know a single password. That's partially a security measure, but it's more of a convenience: I remember my own passwords because I want to be able to use them anywhere, anytime. I was working with someone the other day who wanted to check their Gmail and had to go back to their office to do it - they had no idea what their password might be! I know my passwwords and can access whatever I want from wherever I am. Macs are basically secure, and Mac users don't have the constant problems that plague Windows. But Macs are not immune to security threats, and you shouldn't be lazy and complacent about protecting yourself. *Originally published at