Laptop security: The Big Picture

Discussion in 'MacBook Pro' started by Doctor Q, Jun 18, 2007.

  1. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #1
    Laptop security is an issue for everyone from a college student's MacBook to a traveling businessperson's MacBook Pro. Security has many aspects, both for physical security and for data security. No single method is foolproof, and people must weigh the trouble and expense of prevention against the risks of loss.

    When I'm asked for advice about laptop security, the two most important suggestions I make are to avoid leaving the laptop unattended, and to back it up regularly. Beyond that, I give people plenty of other suggestions too, and I tell them to pick which make sense for their situation.

    I've never tried to make one single list like this before. Now I've tried to put it all together. Rather than recommend WHICH product of a given type to use, I've tried to list the choices I've heard mentioned. I'd appreciate having some of you check my homework for me.
    1. Don't leave your MacBook unattended, not even briefly. Be aware of your laptop, as you would a purse, in airports, hotel rooms, restaurants, libraries, dorm rooms, etc.
      -
    2. Back up your data regularly. You should do this anyway, in case of hardware failure or software bugs, but it is also critical in case or loss of theft.
      -
    3. Use a security cable. When the laptop is in a semi-private place like a dorm room, it's smart to keep it locked to a piece of furniture. You won't be watching it every second, other people may sometimes be around, or a door might be left open. Any cable can be cut by a determined thief, but this will stop a MacBook from walking off with an opportunist.
      -
    4. Use motion sensors, either with hardware (Targus DEFCON, MicroSaver Alarmed Lock) or software (TheftSensor, iAlertU, MultiAlarm).
      -
    5. Be less conspicuous. You want to protect your MacBook, but if you carry your MacBook in a backpack, not a laptop case, it's less obvious that you have a laptop.
      -
    6. Store backups elsewhere. Back up the system but don't leave the backup with the laptop. If you use an external firewire drive, then between backups put it in another room, the closet, another house, etc., rather than leaving it next to the MacBook. That way, a thief won't take the computer AND the backup copy. Backing up to an online service, like .mac, also avoids this problem.
      -
    7. Choose appropriate passwords and make use of them. Don't use guessable passwords. Log out when not using your MacBook. For the sacrifice of convenience, you can avoid auto-fill features, not leave passwords in an open keychain, and use a screensaver with a password check.
      -
    8. Set a firmware password. Use EFI (Intel) or Open Firmware (PPC) to set a password that prevents booting from another disk.
      -
    9. Use encryption. Consider which data on your MacBook is most sensitive and take care to protect it. One choice is to use Apple's FileVault feature on your home directory. But there are risks if the encrypted data somehow gets corrupted, and it's harder to restore files from a backup. Another choice is to keep encrypted disk images for certain files. You can use Disk Utility to create them or DropDMG for convenience. You might also use a standalone encryption product to encrypt individual files or folders on demand (??? any examples ???).
      -
    10. Install anti-theft software. Use a software package that "phones home" on the Internet or over a phone line (Undercover, LoJack for Laptops, XTool). There was also MacLoJack -- see post below.
      -
    11. Have separate logins. You might have one login for your routine documents (schoolwork), while using FileVault on another login that you use for financial documents or other sensitive information. By having a third login, with no password, you invite a thief to log in that way, making it more likely that they will connect to the Internet and activate the anti-theft software.
      -
    12. Recordkeeping. Record your MacBook serial number and keep this information on paper somewhere. Register your purchase. Keep track of what personal information you have on your MacBook, so you know what you've lost, what passwords to change, etc. if you ever lose it. Plan, ahead of time, how to avoid identity theft and what to do if it occurs.
      -
    13. Insurance. Check if loss or theft of your MacBook is already covered under an insurance policy you have. If not, get renter's insurance, a rider on a homeowner's policy, or some other type of coverage.
      -
    14. Avoid viruses/adware/spyware. Install security updates to Mac OS X or other software. Although it's fine to watch for news of new and specific threats that arise, you don't need any special software for Macs.
      -
    15. Keep your personal computer personal. Don't lend anyone your MacBook. Don't let strangers look over your shoulder. If you share your MacBook, insist that other people use separate logins.
    My questions to all of you: What do I have wrong? What did I omit?
     
  2. ironic23 macrumors 6502

    Joined:
    Feb 8, 2006
    #2
    Don't know if this constitutes security, but how bout those 3M privacy guard filters for the screen? There are always eyes ready to peer (especially when people use Macs!) while people are working on their laptops and sometimes people are able to decipher one's login details just by peering.
     
  3. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #3
    That's a good addition. Here is the 3M "Notebook Privacy Computer Filter" product lineup.
     
  4. AbsenceOfTruth macrumors regular

    Joined:
    Jun 10, 2007
    #4
    What's the very best Anti theft alarm? iAlertU seems pretty cool. :)
     
  5. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #5
    Great list, and good advice, Doc.

    But what about us traveling businesspersons with a MacBook - not Pro? ;)

    Not that I'm suffering from aluminum envy, or anything!
     
  6. Spikeanator6982 macrumors 6502

    Joined:
    Jun 13, 2007
    #6
    whats the screen saver with password check? jsut to make a person think its password protected? or is it real? i havent heard of it before..would be nice tho..


    Brad
     
  7. Aea macrumors 6502a

    Aea

    Joined:
    May 23, 2007
    Location:
    Denver, Colorado
    #7
    Very useful thread and should probably be stickied.
     
  8. Edandlindz28 macrumors regular

    Joined:
    Apr 26, 2007
    Location:
    Colorado
    #8
    Set a firmware password. Use EFI (Intel) or Open Firmware (PPC) to set a password that prevents booting from another disk.

    Noob question, how do you do this on a MacBook?
     
  9. deadpixels macrumors 6502a

    deadpixels

    Joined:
    Oct 30, 2006
    #9
    oh, you have nothing wrong, you're just a PARANOID person.
     
  10. klb028 macrumors 6502

    Joined:
    Aug 10, 2006
    Location:
    Texas
    #10
    I absolutely loved reading this. It was very informative and very thoughtful of you to write up and share. Thanks so much!
     
  11. rendezvouscp macrumors 68000

    Joined:
    Aug 20, 2003
    Location:
    Long Beach, California
    #11
    System Preferences->Security->Require password...
    -Chasen
     
  12. quigleybc macrumors 68030

    quigleybc

    Joined:
    Jun 17, 2005
    Location:
    Beautiful Vancouver British Columbia, Canada
  13. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #13
    Perhaps we'll make this into a guide.

    I didn't invent all this myself. I collected notes on the topic, added everything I spotted in other threads on these topics, and tried to summarize coherently.
     
  14. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #14
    I've received more suggestions for the list of laptop security tips. They aren't limited to laptops.

    1. Don't routinely use your computer as an administrator. Keep a separate login name for tasks that requirement administrator access, so that you don't have to be an administrator the rest of the time. As a result, a rogue program that runs while you are logged in (e.g., if a security bug permits malware to be downloaded and executed automatically) can't do as much harm. Neither will somebody who finds your computer logged in while you are momentarily away. This also prevents you from making casual errors that delete an application or "mess with" the operating system.
    2. There are currently no viruses that specifically target Mac OS X, but Windows viruses or viruses that affect other Microsoft software can be passively spread via Macs. To avoid this, you can use ClamXav. It's a free virus checker that runs on Mac OS X and can prevent the spread of Windows, Unix, or Mac OS X viruses, should any appear. It gets frequent updates (important to catch new viruses) and can be applied to email or to specified files. ClamXav is based on the ClamAV anti-virus Unix toolkit.
    3. Keep your master software installation discs in a safe place, and keep track of the installation key codes (if any) for software you install. Don't keep the only records on your computer.
    If, despite your best efforts, your laptop (or other computer) is stolen, there are some actions you can take:
    1. Report it stolen: police, insurance company, school, apartment manager, homeowners group, neighborhood watch group, etc.
    2. Just because you lost the computer doesn't mean you have lost the licenses for your software, i.e., the right to use the software you paid for. If the software does not use installation keys, it's my personal opinion that you are within your rights to reinstall it on a replacement computer.
    3. If software uses installation keys, check with software vendors to see if you can report that software copy stolen (in case they track it). You should be able to reinstall on another computer, either with the same installation code or with another one given to you by the vendor.
    4. Watch eBay and craigslist, or local places or websites where people sell used equipment, to see if your computer shows up. You may not be able to tell it's yours for sure, but note any descriptions and contact information in case you do spot a thief trying to unload the computer quickly, so you can make the information available to authorities.
    If any of you know more about which vendors track stolen hardware or installation codes for stolen software, and the policies of specific software vendors for software on stolen computers, please post.
     
  15. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #15
    Loosely related to this, make sure you have documentation you can easily find concerning the serial numbers of your major hardware, and so on. If nothing else is convenient, take a photo of the serial number tag with your digital camera, and then put it in iPhoto so that it'll be in your iPhoto backups. If you don't have a good system for keeping receipts, do the same thing for the major receipts, like the one for your laptop.
     
  16. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #16
    Adding one more detail to the facts above:

    If you set an open firmware password (#8 in my first list above), that also prevents the computer from being accessed using FireWire target disk mode.
     
  17. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #17
    Wireless computing tips:
    • Set your router and computers for the most secure wireless protocol available.
    • Don't use the broadcast features that advertise your wireless network.
    • Limit router access by MAC address -- the unique hardware address of each computer you might use on the network.
    Most important of all:
    • Don't use the default factory passwords!
     
  18. acrafton macrumors 6502

    Joined:
    Jan 18, 2006
    #18
    MacLoJack has been "swindled by Apple"

    Go out to the site and you get this:

    MacLoJack
    Public Site Disabled

    Dear MacLojack Users: As of 7/10/2007, I have ceased all public operation of this free service and support for this software, after determining that I have been swindled by Apple, Inc., who employed what I believe to be false advertising in selling me a Macbook Pro under the pretense of supporting millions of colors, when in fact the LCD panel in my machine only displays 242K (e.g. 6-bit color). I am very saddened to find that Apple has evolved from making careless mistakes in their equipment to now making intentional price-cutting decisions and flat out lying to their customer base for the sake of profit. If you have purchased a Macbook or Macbook Pro, you may also be victim to this deception. Tools at the first link above can provide the tools necessary to determine this. I have decided to offer my technical expertise and assistance in the pending class action suit against Apple, Inc., and will no longer support Apple in any further fashion unless this matter becomes resolved to satisfaction."

    So he is now a 'technical expert' suing Apple so that he will make thousands as a 'witness', the lawyers will make millions and Macbook users will get a coupon for $20 off their next Mac. . . .quite sad the things some folks will do for a buck.

    What a d*ck.
     
  19. jawzzy macrumors regular

    Joined:
    May 13, 2007
    Location:
    New York
    #19
    Wait, so does that mean MacLoJack won't work anymore? There's still a software download link, but I guess it won't be able to send any stuff to you without a server?

    Could anyone clarify this?
     
  20. RichL macrumors 6502

    Joined:
    Jun 15, 2007
    Location:
    Chicago
    #20
    I like those motion sensor alarms.

    And the firmware password...that just prevents the computer from being used as a secondary hard disk? Really cool actually.

    Good post :p
     
  21. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #21
    Thanks for the news, acrafton. I updated the original post above to link to yours. But that's lousy news.

    It appears that people who already registered MacLoJack won't be able to use the service if their computer is stolen. It was a free product, and even included the code to run the server, so there was never any obligation for support or continued service, but it was certainly implied. Some people probably made the requested donation, but that apparently won't help them. The download links are now disabled.

    I'm surprised somebody would disable a useful service that benefits customers (not Apple) because of a complaint about Apple.
     
  22. jawzzy macrumors regular

    Joined:
    May 13, 2007
    Location:
    New York
    #22
    Oh no! Does this mean that there are no more freeware programs that do what MacLoJack does?
     
  23. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #23
    Maybe there's another one.

    Protection from iDeV Software is anti-theft software that can note IP addresses, do screen captures, make sound recordings, and take iSight photos. It can send the information to you via a tracking server. Apparently, the developer can even help you get at your files on the stolen computer.

    Note: The website is in French.

    Download link. Software price: free.
     
  24. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
  25. Nightkrawler macrumors regular

    Joined:
    Sep 4, 2006
    Location:
    Vienna, Austria
    #25
    "Only enable sharing services when you really need it, don't leave them on all the time and dont use them on insecure networks (public wlans whatever..)"

    "Enable Secure virtual memory" (if you have this off your passwords may be in your swapfile in plain text)

    "Disable SafeSleep, the sleepimage is encrypted (when you have Secure virtual memory on) but the password to decrypt it is not encrypted"

    "encrypt and double-check your backups"

    "disable auto logon"

    "Use open source software"

    ... too lazy to go on :p

    1. True
    2. Thats like closing your eyes and saying "Im not here!" *
    3. MAC spoofing is too easy those days...*

    * although i agree that it would prevent "i need to check my mails" surfer accessing the network, security through obscurity doesn't work.

    Nice list anyway! it always good to improve computing security :)
     

Share This Page