Friday, August 17, 2007

Protect your Mac

Macs need to be used properly to be safe

Mac OS X is built on a Unix foundation which means that it benefits from that operating system’s security strengths but it still requires effort to make totally secure. It is a myth that there are no risks if you use a Mac.

This article covers Mac OS X Tiger specifically and Mac OS X in general but not earlier Mac operating systems. For maximum security, we recommend upgrading if possible.

This article provides a Mac-specific version of the advice in the “Protect your PC” section. However the advice in “Protect Yourself” and “Protect your Business” is (for the most part) not operating system-specific. Please visit these other sections.

Apply security updates

You should apply new security updates and system software upgrades as soon as they become available.

  • Check for updates by going to the System Preferences application and selecting Software Update and clicking Check Now.
  • Make sure Check for updates is ticked and Daily is selected in the drop-down menu. This will ensure that your computer automatically checks every day for new updates. However, this only works if you are logged in as an administrator.
  • To check manually for updates, go to the Apple menu and select Software Update. This check should be performed regularly.
  • You can download additional upgrades and patches from Apple.
  • Check third-party software manufacturers’ websites regularly for application updates. Microsoft updates can be downloaded from

Switch on firewall

A firewall can prevent outsiders gaining access to your Mac.

Open the System Preferences application and click on Sharing; click on Firewall and click Start.

As a general rule, the fewer inward network connections you allow, the safer you will be, so make sure that any connections that you allow are strictly necessary. The same guidelines apply to Services like personal file sharing.

You may also consider getting a commercial firewall, such as Little Snitch, to monitor and filter outgoing connections. This will prevent unauthorised software sending data to third parties over the internet.

Get anti-virus software

Because Mac OS X is based on the Unix operating system it is much less susceptible to viruses and other forms of malware than other operating systems. However, there is always a risk that someone might develop some kind of insidious software that targets Macs so anti-virus software may be a worthwhile addition to your defences.

Commercial Mac anti-virus developers include:

In addition, ClamXav, is a free virus checker for Macs.

Run regular backups

It’s important to make backup copies of important files on a regular basis as an insurance against security problems, theft and physical damage to your computer.

See the backup article for PC users for more information about different backup methods.

Most Macs include a CD burner or DVD burner and these are likely to be your preferred backup system. However, a .Mac account with iDisk can be used to make online backups.

You can backup files by simply dragging them to the iDisk or CD. However, a .Mac subscription includes access to Mac Backup software. More information from Apple.

Further advice and tips

  • There is no method of enforcing a strong password policy so you need to remember to use a strong password and update it regularly. However, you can use the Password Assistant in OS X Tiger to generate strong passwords. For more information on strong passwords see: Use strong passwords.
  • By default Mac OS X disables the root user. It should never be enabled.
  • For content filtering: Dan’s Guardian.
  • Microsoft Internet Explorer for Mac is no longer being maintained and updated by Microsoft. Unless you need it for compatibility reasons (some websites only work with Internet Explorer) we suggest that you use Apple’s Safari or Mozilla Firefox.
  • For extra security (but a little extra hassle), go to the System Preferences application, select Security and tick each of the options on the bottom half of the screen: Require password to wake this computer from sleep or screen saver; Disable automatic login; Require password to unlock each secure system preference; Log out after 10 minutes of inactivity; and Use secure virtual memory. Most of these options relate to the controlling access to the computer by unauthorized users who have physical access to the computer. If someone needs a password to use the computer, they are less likely to access your files.
  • It is worth encrypting your files, especially if you are using an iBook, in case your computer is stolen. It will prevent the thief reading your files. To do this, go to the System Preferences application, select Security and Turn on FileVault.
  • Use Secure Empty Trash from the Finder menu to shred deleted files.
  • Unless you absolutely need it, don’t install support for Mac OS 9.
  • If you use VirtualPC, you should make sure that it is secured as if it were a regular PC, following the advice in the main Protect your PC section.
  • If your Mac is being shared by different users, set them up with their own user accounts and passwords so that their private files are kept separate and to restrict their ability to reconfigure security settings on the computer. To do this go to the System Preferences application and select Accounts. Follow the instructions there to add new users and set up parental controls and restrictions on what they can do.

Relevant articles in Protect your PC

More information

No comments: