When you say “computer security,” most people think viruses, worms, and other forms of malware. They also think that Mac users don’t really have to worry about it. And they’re correct. But that may be changing. Not only is the Mac becoming more popular, and therefore more worthy of criminal attention, there are many other ways Mac users can be targeted that are not platform dependent. It’s time to reassess the threats and decide whether Apple’s built-in security measures are sufficient to keep Mac users safe.
Use Keychains wisely
The Mac OS X Keychain is a feature that securely collects passwords for email, instant messaging accounts, web services, WiFi networks, file servers and more. The Keychain stores this information in encrypted format and is decrypted only if you provide the master password when you log on to the computer. You can improve security by using multiple Keychains with different passwords or by simply changing your account’s Keychain password. This ensures that even if your user account password is compromised, the data in your Keychain will remain securely encrypted. As with a firmware password, if you forget a Keychain’s password, its contents will be irretrievable.
Log on to keep your passwords secure
Get more from the firewall
Mac OS X has included an optional firewall for some time. Unfortunately, the firewall is disabled by default. Turning Snow Leopard’s firewall on, however, takes only a couple of steps. In System Preferences click the Security Preference Pane. Then click Firewall > Start to turn your firewall on. If the button says Stop, your firewall is already running. You can choose to block all incoming traffic, which prevents your Mac from accepting any data that it didn’t explicitly request, such as a web page.
One reason to use the firewall is the common use of public WiFi networks. Such networks are often unprotected, meaning that any data you exchange over the network can easily be snooped on. Also, any malicious user connected to the same network has the capacity to port-scan your Mac and attempt to determine vulnerabilities. Working with the firewall and enabling stealth mode are good ways to protect your Mac in these situations.
Turn the firewall on for added protection
Don’t share anything
From general file and printer sharing to remote login and control of your Mac using screen sharing or Apple Remote Desktop, Macs offer users lots of ways to share information. The simple advice is: don’t enable any type of sharing you’re not actively using. Every time you enable sharing, it opens up an avenue for someone to remotely access and/or manipulate your Mac. This could mean accessing shared files or taking complete control of the computer.
One danger is the Back to My Mac service offered by Apple’s MobileMe, which lets your MobileMe account automatically connect you to your Mac over the internet. This is a highly convenient feature, but not only does it rely on leaving sharing services running and open; it also relies on making those services accessible from the internet at large. If your MobileMe account is compromised, so is your entire Mac.
If your MobileMe account is compromised, then your Mac is too
Bonjour is Apple’s zero-configuration networking system that allows Macs to automatically broadcast resources they are sharing over a network and to discover resources shared by other devices. Since Bonjour works by your Mac broadcasting its presence and its available shared resources, it can alert malicious users not only to its location, but also to vectors that can be used to target it for attack. If you don’t need Bonjour turn it off. Most programs that support it also allow you to disable Bonjour broadcasting, although you may need to dig around in their Preferences to find the option.
Change your passwords
Change passwords twice a year and never reuse them. With most internet users wary of spam messages, fraudsters are focusing on popular web services such as Gmail and Facebook. They break into accounts and then send messages to the victim’s contacts, hoping the spam will be more effective because it comes from a friend. “People are more likely to respond to a message from someone they know,” said Andrew Brandt, threat researcher with Webroot.
Don’t trust emails
Apparently 96.2 per cent of all email traffic in May 2010 was spam. Among those from pharmaceutical companies and lonely women, are emails claiming to be from your bank, HM Revenue and Customs, courier firms, and even iTunes, the Apple Store and Mobile Me, requesting that you visit a site and enter your details. Keeping yourself safe from such web-based phishing schemes requires a bit of common sense: don’t give out personal information on a website unless you are 100 per cent sure it’s legitimate. Bear in mind that banks, credit card companies, auction sites such as eBay, online services, internet service providers or any reputable outfit that holds personal information never demands this kind of information in the form of an email.
A typical spam email
Keep your software up to date
The most important security option is keeping software up to date. Maintaining an up-to-date operating system and application set means that known vulnerabilities are more likely to have been patched in the software on your system. The Mac’s Software Update feature checks for updates to OS X and Apple applications on a weekly basis by default, and it notifies you when updates are available. Most third-party programs include an option to check for updates each time they are launched. This should be left enabled because updates improve stability, performance and security.