No announcement yet.

General Security Tips for your Mac

This is a sticky topic.
  • Filter
  • Time
  • Show
Clear All
new posts

  • General Security Tips for your Mac

    Contrary to popular myth, OS X is not impenetrable nor is it without fault. For this reason, you are encouraged to remain vigilant and exercise caution when using your machine (without being paranoid of course). At the end of the day, your Mac is just a personal computer and like every other device on the planet, it requires you to interact with and keep it clean. With that, here are some tips to help keep your machine safe and clean, ensuring smooth and enjoyable operation.

    Before we dive into some tips for some best security practices, let’s look at what OS X provides you with already.

    Built into OS X, GateKeeper, enabled by default, will limit what software can be installed on your machine. In its default configuration state, GateKeeper will only let you install software from the Mac App Store and software that has been signed by developers who have registered with Apple (developers who have validated their applications with Apple). Although easily bypassed by users, this mechanism can help to ensure that software on your machine has undergone some semblance of quality control by trusted peoples. Although this is not a bulletproof method of ensuring “clean” code (Researchers outwit Apple, plant malware in the App Store - Computerworld), it works fairly well at mitigating the propagation and installation of malicious software.

    Who should use it?
    If you only install software from the Mac App Store, you might as well keep it enabled since it won’t affect software installation. If you install third party applications, you may also want to consider keeping it enabled since, if you can trust the developer of your third party app, it can be easily and temporarily bypassed.

    Who shouldn’t use it?
    People who have deep knowledge of OS X and/or install a lot of obscure software packages (ones that 90% of Mac users won’t install) will probably find that it might be a nuisance. Simply put, those who shouldn’t use it know who they are and can likely do so without concern because they know what to look for. If you don’t know whether or not you fall into this group, you probably don’t and should keep it enabled.

    More info here.

    Built into OS X as well is XProtect. This piece of software checks applications against a database of known malware. The files for this can be found in /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources. Don’t modify or tinker with these files – this is just here for reference.

    XProtect is non-interactive meaning that you are not meant to do anything with it since it does not expect user input. It runs silently in the background, only updating whenever Apple needs to do so.

    Who should use it?
    Everyone and you don’t really have a choice so embrace it.

    While some of the aforementioned services and practices can protect you and the software that you run, they are hardly sufficient in and of themselves. Many of the techniques that malware (and eventually viruses) will use exploit user mistakes and misinformation. Here are some tips to keep in mind while using your Mac (all computers).

    Random and Strong Passwords
    Passwords are the key to your machine – everything important requires one for one very simple reason: that which is password protected needs to be secure. Remembering this and crafting good passwords as a response to this very basic fact is an important step in securing your machine.

    Creating a password with unconventional combinations of all types of characters (letters, numbers and symbols) is the best type of password to create. Unfortunately, these can be unruly and hard to remember (if at all). However, here are some tips for creating passwords. First, let’s start with a really weak password and strengthen it: hello.
    - Use different cases throughout. So, let’s capitalize our password: HeLlo.
    - Be generous with characters. So, let’s do that: HeL1o@
    - The longer, the better. Many apps designed to crack passwords will take longer if there are longer words (not always the case but it doesn’t help these apps): HeL1o@%H1
    - Avoid dictionary based words. Many tools designed to crack passwords work through dictionary words first since they are the most obvious. If possible, remove dictionary based words: Hqr1@neq23#

    At this point, the password is rather illegible and, to be frank, hard to remember. The solution to this problem is not writing it down – this defeats the purpose. Storing them anywhere that isn’t encrypted or in your head is useless so you’ll need to use something that encrypts them (or start training your brain to remember these). A forum favourite for the app option is 1Password.

    If you’re looking to generate strong passwords, consider one of the following built in tools to help you generate them (and one website).
    - Keychain Access (/Applications/Utilities): go to File > New Password Item… > click the key icon and choose a type & change the length. The longer the green progress bar, the better the password.
    - Norton Identity Safe Password Generator:
    - OpenSSL (and other command line tools): Generate Random Passwords from the Command Line

    Wireless Networking
    Most of us use wireless networking at home, work or on the road. Here are some tips for the wireless networkers among us.

    Note – much of what is discussed is hardware dependent. Feel free to ask questions about how to do what is discussed below for your piece of hardware.

    Home Network
    Securing your home network is important and something that should be amongst the first things you do once you plug in your router. In the configuration screens for your router of choice, you’ll be given options for what type of security. If you’re confused, here’s a simple one word answer: WPA2. Avoid WEP as if it was the plague – it’s antiquated, weak and easily cracked. WPA2 is no more difficult from the users perspective while remaining a much better choice for the purposes of security.

    If your router has a firewall feature, use it. There’s no reason not to and any nuisances it might cause (likely not a concern for 95% of users) can be easily managed.

    Networking on the Go
    If you’re using a mobile Mac, you may not be able to enjoy the benefits of your secure network all the time. When you leave your home, you have to depend on the security functionality that the establishment/person has set up. Thus, the best you can do is secure your Mac. The first thing you’ll want to do is enable the firewall on your Mac. Go to System Preferences > Security & Privacy > Firewall > unlock the pane (click the lock in the bottom left hand corner) > enable it. While the router that you connect to in public might have a firewall on, you will likely be on the same network as many other people who may not be as nice as your family members/roommates.

    General Tips
    Vigilance – always be wary of software from websites that do the following:
    - claim to be better than others (if this is the case, they probably aren’t).
    - have a lot of advertising (an abundance of advertising is a likely sign that they just want ad revenue).
    - offer deeply discounted or free versions of software that they do not develop (the legality of that software is likely questionable).

    Don’t know what it is? Don’t run or open it. This seems like a simple tip but really, people are quicker to do this on their computer than they are in real life (if a stranger offered you something and didn’t tell you what it was, would you open/eat/use it?).

    If something says that you need to install something else so as to ensure proper functionality, look it up or ask us. Shady websites are notorious for this, commonly notifying users of the need to install third party codecs or something else so as to ensure proper website functionality. Many of these popups also mimic the look and feel of native browser popups so be cautious. A general tip – you will likely only ever need Java, Flash or Silverlight (if you even need these at all). If a website says you need something other than these three, it’s probably not a good idea to install it.

    The Anti-Virus Question
    This is a question commonly broached by people transitioning over from Windows where AV is a part of daily life. For Macs, the necessity of AV software is not quite as prominent. You can safely go without AV software if you remain aware of what you’re doing on your machine. In other words, if you use your machine thinking it’s Superman, you’re going to lose the game that is Russian Roulette online because your Mac isn’t Superman. There is malware and pernicious pieces of rogue software that exist and will continue to exist for the foreseeable future. While little of it necessitates AV software, the widespread claim that you don’t need AV software doesn’t mean that nothing malicious exists.

    In short, you probably don’t need it but that doesn’t mean that evil stuff doesn’t exist. Also be open to the idea that, at some point, AV software is likely going to be needed for Macs. Do not become complacent – that gets you nowhere productive quickly.

    Final Thought
    Mac users, of all types, are quick to defer to history as the reason for lax security practices. This is hardly a reason to shun responsibility for your machine. Not only is a Mac a PC (in the literal sense) like any other in form, it is far from perfect. Hubris gets us nowhere – it didn’t work for the captain of the Titanic and it backfired on the Soviets during WW2 when they invaded Finland (history moment for those history buffs on the forums). Practicing safe computing is important regardless of what operating system you’re using. And while anti-virus may or may not be needed as of right now, it doesn’t mean that it won’t in the future nor does it mean that you should use your machine without reservations. I’m not suggesting that you use your machine with fear or reticence but rather, you should use it intelligently which means remaining aware that, as with anything manmade, it has faults.
    I’m not trying to scare you – much of what I’ve said is common sense and should be followed regardless of what platform you’re using. Follow some of the tips above and any others from our knowledgeable members and you’ll likely have a secure and enjoyable experience with your Mac.

    If you've got any questions, tips, concerns or ideas, feel free to discuss below. I'll update this as/if necessary.

    Note: Document originally composed by vansmith.