yeah, Just An Idea. Mac OS

Mac users need to think about security, too

Yeah Just An Idea. Mac Os 11

Apple's approach to security can be a little bewildering at times. It's a well-trumpeted aspect of the OS, marketed in detail on the website. Mac OS X has integrated smartcard support and Apple has certified the OS under the Common Criteria guidelines; a section of Apple's developer site is devoted to the subject of security.

I like the idea that the app is at least partly human journalist-curated. News is a good example of an iOS app that would be just as useful on the desktop, and should be available there with the. Mac OS 9.2.2 Mac OS 9.2.2 is the update for Mac OS 9.2.1 users. It updates the Classic Environment application compatibility in Mac OS X and updates most enhancements. Custom Variants of Mac OS 9.2.2 Bootable Image for PowerMac MDD This is a copy of Mac OS 9.2.2 for the PowerMac G4 MDD, by oakbog. The 'classic' Mac OS is the original Macintosh operating system that was introduced in 1984 alongside the first Macintosh and remained in primary use on Macs until the introduction of Mac OS X in 2001. Apple released the original Macintosh on January 24, 1984; its early system software was partially based on the Lisa OS and the Xerox PARC Alto computer, which former Apple CEO Steve Jobs.

At the same time, Apple didn't offer cryptographically signed software updates until its hand was forced in July 2002. The company is notorious for boiling down release notes for software updates to 'provides bug fixes and security updates' (although the separate mailings posted to the security-announce list do tend to offer a little more detail). While other Unix distributions tend to patch holes in open-source code relatively quickly, Apple sometimes delays rolling out a security fix in the open-source components of Mac OS X for months or even years.

The phrase 'security through obscurity' gets tossed around from time to time when discussing Mac OS X. The theory is that since Macs still represent a fraction of the available computers on the internet, there's less of an incentive for virus writers, malware authors, spambot harvesters, Comcast sales reps, and other purveyors of electronic evil to harass and attack the platform. Why target 5 percent of the population when you can get much better results by going after Windows?

But the truth is that security through obscurity is a flawed idea. Yes, there are fewer recorded attacks on the Mac platform, but by no means does that make it secure. So what's a Mac user to do? Like the book says, don't panic. In this article we'll take a look at some basic ways you can improve your Mac's security right out of the box.

Control physical access

If someone can get to your computer, the chances of them acquiring your data just skyrocketed. Physical security is the critical first step in keeping your Mac safe.

Every Mac shipped since 2000 has the ability to set a password in Open Firmware, the code built into PowerPC-based Macs that controls the startup process. (For Intel Macs, Open Firmware is replaced by EFI, which also supports password protection.) A firmware password prevents a user with physical access to the computer from starting up from an optical disk, a network boot volume, a separate drive connected in Target Disk Mode, or into single-user mode. It also requires a password to be entered before the system will start up from its regular boot drive. If you're in an environment where you need a little extra physical security, this is a simple add-on to your security toolkit.

Don't make this your only add-on, though. For one thing, it doesn't prevent anyone from restarting or powering off the computer in question. Far more importantly, it does absolutely nothing to prevent someone from simply lifting the drive and putting it into another Mac, at which point all bets are off.

Fortunately, most desktop Macs offer some means of securing the case itself with a pass-through lock, and every Mac except the MacBook Air* has a slot for a Kensington security lock to help keep the machine itself from wandering. Think of this as the computational equivalent of the Club. It's not meant to stop the hard-core thieves, just to make them move on to the next target.

* I actually confronted someone about this at a recent Apple Enterprise event. The response was that Apple intended for the Air to be toted around due to its small footprint, so the lock slot was abandoned. Yeah, I had about the same reaction you just did.

Lock your screen

I tend to be in one of three places at work: at my desk, in the server room, or attending a meeting. (As a Mac user, I have evolved beyond the need for restrooms.)

For the times when I'm not sitting right in front of my computer, I need some way to keep prying eyes and grubby fingers out of my system. The ability to require a password to unlock the screensaver comes in handy here. It's a checkbox setting in the Security pane in System Preferences (we'll look at this pane in more detail below). Set the screensaver to activate when you move the mouse to one of the 'hot corners' of the screen and you're good to go.

Better yet, launch Keychain Access in the /Applications/Utilities folder and, in Preferences, check the box for 'Show Status in Menu Bar.' You'll now have a Keychain menu item with a handy 'Lock Screen' command.

Consider using ACLs

The traditional Unix file permission model is pretty simple. There are three classes of user: you, people in the same group as you, and everybody else. You can restrict the ability to read from, write to, or execute files in a given directory based on those three ownership roles.

This arrangement works great for relatively simple sharing and control scenarios, but it quickly breaks down when you try to get clever about who has access to what and at what level. Access control lists, or ACLs, are one solution to the problem, and Mac OS X has supported them since 10.4's release. ACLs let you do creative things like share a folder between multiple users while allowing only specific users to delete files from said folder, or you can enable anyone using your computer to read (but not write to) a file in your home directory that only you can update.

The average user probably doesn't need to fiddle around with ACLs, although they're now enabled by default in Leopard (Mac OS X 10.5). Plus, the interplay between multiple levels of permissions can leave even the brightest system administrator scratching his head trying to figure out what they represent.