Canada's Mac, iPhone, iPad, iPod, Apple TV & iTunes Community!
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read Advertise
Saturday, May 28th, 2011

How do I secure my Mac?

What? Secure my Mac? Why? Mac owners sometimes exist in a bubble of avoidance - believing that since Mac OS X is more resistant to viruses, they don't have to worry about a thing to do with security. Bubbles inevitably burst, unfortunately. There are many ways - other than viruses - to lose your data or privacy.

Your behaviour makes or breaks security efforts. Message #1 is that social engineering is still the most effective vector for malware. Anything that you explicitly permit as an Admin level user is going to bypass any security measures or good intentions. So do not click on that unknown link from an email, even if it seems to come from a friend. Don't OK the installation of a "video codec" that pops up when you want to watch an online video. Resist the temptation to install free search bars, widgets and other apps unless you know for sure what they do and that they do not have a hidden agenda. Don't download or install anything which you do not know where it came from or the reason it needs to be used.

Be vigilant for phishing and hijacking. Always log onto financial or shopping sites manually by typing into the Location bar, never from a link in an email, a search or a web page. Look at the URL in the Location bar to see if you arrive at the domain you expect for that institution (your search or link may have been hijacked to a lookalike page), and look for the HTTPS and the lock icon on any page you are entering personal data or passwords. Domain Redirect and DNSChanger Trojan info.

Don't log into public WiFi hotspots unless you are confident you are logging into a legitimate network. An easy hack is for someone to go into a cafe with a laptop and open a public hotspot called "RestaurantWiFi" or "CafeHotSpot". As the owner of the router, they can then capture and see all of the internet traffic from anyone who logs into their network.

Apple has an OS X security document:
In-depth PDF Security Guides for OS X 10.3 - 10.6

The NSA in the US has released a downloadable pamphlet (PDF) for security of Mac OS computers within the government. Some of the recommendations go beyond what is reasonable for a personal user, but they all bear considering.

Something the NSA document doesn't address - attend to the physical security of your data. All bets are off if a stranger has posession of your machine and can work on it. More laptops, phones and storage devices are lost and stolen than are ever hacked into. Opportunistic snooping by co-workers and acquaintances is more common than network snooping.

Use a cable lock on a laptop in a public place (including a university dorm), don't let a portable machine be unattended, whether in or out of its carrying case. Encrypt the data that you put on USB memory keychain drives (TrueCrypt), put a screen lock on smartphones and tablets, and don't walk away from a machine while your account is logged in - put it to sleep with a password required to wake up, or log out.

Use Apple's Software Update - keeping your OS X and related software including Web browsers, Microsoft Office and Adobe Flash and Reader software continuously up to date is the best defense against potential viruses or exploits. Just because there are no live Mac OSX viruses and just a handful of trojan horses doesn't mean there won't be more in the future.

Turn off automatic login: Open the Accounts pane in System Preferences.
Disable Automatic Login and User List: Click on "Login Options." Set "Automatic login" to "Off." Set "Display login window as" to "Name and password."

Disable guest account, remote access and sharing: Select the Guest Account and then disable it by unchecking "Allow Guest to log in to this computer." Uncheck "Allow guests to connect to shared folders." Unclick everything you don't absolutely need in System Preferences: Sharing.

Turn off Airport (WiFi) and Bluetooth if you don't need them. Not only will your machine be more secure, a notebook or smartphone battery will last longer. Go to System Preferences: Bluetooth and System Preferences: Network: Airport (or use the icons at the top right of the screen).

Create another non-Admin User account for day to day logging in when you are surfing or reading email or using the machine in public. Use your Admin User account with its ability to install software only when you need to install or update your computer.

Use Private Browsing in your Web browser Firefox: Tools: Start Private Browsing
This will delete history and cookies when you exit the browser session.

In the System Preferences Security pane
  • Require password "5 seconds" after sleep or after the screen saver begins
  • Disable automatic login - force yourself to re-enter your password each time
  • Use secure virtual memory - this encrypts the virtual memory file on the hard drive which otherwise may contain accounts and passwords
  • Disable Location Services (if present)
  • Disable remote control infrared receiver (if present)

Consider turning Location Services off on your iPhone or iPad as well. Think about how badly you really want Google Maps, Foursquare or Yelp to know where you are every minute. You'd be surprised the number of apps which request to know all about your location.

Encrypt your data - on a portable machine, consider using FileVault to encrypt your data. Keep in mind that this will cause trouble if you forget your password, and makes recovering a crashed hard drive harder. Or use TrueCrypt to create encrypted folders on hard drive and on USB storage devices.

Enable your firewall: In the System Preference: Security: Firewall tab, click "Start" to turn firewall on. Next, click on "Advanced..." and enable "Block all incoming connections." If you are using and AppleTV or file sharing with other Macs, you will have to modify these settings.

In Safari, turn off the "Open safe files after downloading" setting in the General tab. You do not want downloads to automatically open. Even better, switch to using FireFox as your browser and add the NoScript plug in which allows you to selectively permit or prevent Java and Javascript from executing.

There are some anti-malware programs available for Mac OS X, here is a backgrounder, and a review of 5 programs

PC Tools has a free antivirus
As does Sophos

Windows Viruses and Malware: Remember that if you install Windows in Bootcamp or a virtual machine environment, you will need to take anti-virus and anti-malware precautions like any other Windows user

Article written by longtime contributing ehMac member CanadaRAM. There are literally dozens and dozens of threads on with glowing referrals from fellow members. Anytime a discussion comes up with the question about RAM or where to buy, inevitably you'll hear many ehMac members chime in with referrals to CanadaRAM because of great service and great advice. If you need RAM or Hard Drives for your Mac in Canada, whole heartily recommends: CanadaRAM. ( 16 comments )

Content Relevant URLs by vBSEO 3.6.0 RC 2