PDA

View Full Version : Three tips to make OS X even more secure


MacBytes
Jul 28, 2005, 01:48 PM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Mac OS X
Link: Three tips to make OS X even more secure (http://www.macbytes.com/link.php?sid=20050728144859)

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

Mitthrawnuruodo
Jul 28, 2005, 02:59 PM
That was a really stupid article.
Create an additional non-administrative account for daily use: Remember: Admin or root accounts are for tasks—not browsing the network and reading e-mail.

Use the OS X screensaver with a password: This habit ensures that your machine remains inaccessible whenever you're away from the keyboard.

Turn on network time synchronization: If you plan to maintain and use log files (and Macs log a lot of information), this step makes sure the timestamp in the system logs is accurate.
Those were the best three tips they could come up with...? :rolleyes:

First: An admin account is NOT the same as a root account. Even from an admin account you have to enter admin password when making changes to the system.

Second: What's the point when even anybody with medium knowledge can just restart the machine and wipe the users password with a OS X CD/DVD and then gain access to most things on the machine.

Third: Network time is OK, but the logs will work even if you manually set the time to 1970.

Silly.

winmacguy
Jul 28, 2005, 06:16 PM
That was a really stupid article.

Those were the best three tips they could come up with...? :rolleyes:

First: An admin account is NOT the same as a root account. Even from an admin account you have to enter admin password when making changes to the system.

Second: What's the point when even anybody with medium knowledge can just restart the machine and wipe the users password with a OS X CD/DVD and then gain access to most things on the machine.

Third: Network time is OK, but the logs will work even if you manually set the time to 1970.

Silly.

Actually it is only obvious if you have a decent knowledge of OSX. There are a lot of IT guys who wouldnt know that and more than a few PC users who wouldn't know about the procedures.

PlaceofDis
Jul 28, 2005, 06:22 PM
still these are common knowledge too, nothing new here for most of us

Benjamin
Jul 28, 2005, 06:28 PM
Yeah they didn't even mention firmware pw which imo should be the first thing recommended.

mkrishnan
Jul 28, 2005, 06:36 PM
Haha, and if you really want to secure your data, a better step would be to get your colleagues who still use windows to switch to OS X or Linux. ;)

In Panther I actually did create a non-admin account, and it didn't seem to do too much and after a while, didn't seem that useful, so I stopped bothering with it. I'm on a private network, behind a hardware firewall and a stealth software firewall, with almost every port blocked... I don't run files from non-trusted sources and I don't use Windows. I think that's quite enough. :)

nagromme
Jul 28, 2005, 09:00 PM
I have a non-admin account for GUESTS to use. But day in day out, I use an admin (NOT root) account. Macs are meant to be used with a single account (admin) by default. Improving on that practice is possible, but I don't see it as vital. Unless, that is, you're feeling gullible and want to make it slightly harder to resist putting in your admin password when some random unknown download asks you for it :p But then again, it will ask that even if you're NOT logged in as admin... and you can DO so even if not logged in as admin. You must simply do the minor extra step of typing your username.

So extra accounts (for a single person) is needless complexity for most people--but good for guests or kids I think.

xsedrinam
Jul 28, 2005, 09:09 PM
Who are "they"? I was all pumped to find some nice, juicy tips.
ZZZzzz.
X

yellow
Jul 28, 2005, 09:27 PM
Here are my tips for security, they are almost as awesome and relevant:

1) Wash your hands after using the restroom

2) It's not a toy, you'll shoot your eye out.

3) Don't eat the yellow snow.

Enjoy your Mac! :rolleyes:

ham_man
Jul 28, 2005, 09:35 PM
-It has a secure default configuration: By default, OS X closes all of the communication ports, and it disables all native services, including personal file sharing, Windows file sharing, personal Web sharing, remote login, FTP access, remote Apple events, and printer sharing.
-It includes a personal firewall: Enabling OS X's personal firewall denies all inbound connections except for those you specifically allow. Unlike other personal firewalls, you must explicitly identify the traffic you want to allow the first time you turn on the firewall. In addition, the firewall includes a Stealth Mode setting, which won't acknowledge the system's existence to would-be hackers looking for machines to attack.
-It automatically updates the machine: This feature allows your Mac to download software updates and security patches automatically. In addition, Apple digitally signs its updates, so you can be sure they come from a trusted source.
It features FileVault encryption: FileVault protects the data on your machine using AES-128 encryption, rather than the weaker Data Encryption Standard X (DESX) algorithm used by the Windows Encrypting File System (EFS).
-It offers a secure Keychain: The Keychain automatically stores all password information to use encrypted disk images and to log onto file servers, FTP servers, and Web servers. This feature enables you to create and use complex passwords without writing them down or trying to remember them.
-It includes a permanent deletion feature: When you delete a file or folder, the Secure Erase Trash feature immediately overwrites the file with invalid information, making the file disappear completely and removing the possibility of recovering the data.
Now invision Microsoft's security tips...
Errrrmmm...diconnect it from the Internet?
:D

mkrishnan
Jul 28, 2005, 09:44 PM
Now invision Microsoft's security tips...

Where was that quote from an MS exec, along the lines of, if you want to be adware and spyware free now, and can't wait, perhaps you should look elsewhere? :D

Eric5h5
Jul 28, 2005, 11:44 PM
Where was that quote from an MS exec, along the lines of, if you want to be adware and spyware free now, and can't wait, perhaps you should look elsewhere? :D

That wasn't an MS exec, that was an Intel guy.

--Eric

mkrishnan
Jul 28, 2005, 11:46 PM
That wasn't an MS exec, that was an Intel guy.

Oh, yeah, oops. :D

GodBless
Jul 29, 2005, 01:25 AM
No tips are offered to make it more secure from hackers meaning that it is already secure enough from hackers by their standards. Their tips just make a better experience for the user. ;)