Making my Mac more secure

njdevil

macrumors member
Original poster
Aug 5, 2009
41
0
What steps can you take to make OSX as secure as possible? I mean both secure as in safe from malware and secure in the event of it being stolen or lost?

For a while I just had a password prompt set when it returned from screensaver, only the other day did I notice the glaring back door that meant if you simply rebooted you could get in without a password (as this is a separate setting). I'm starting to wonder what other backdoors I'm missing.

Right now, my security measures are thus: password required on login/wake, Keychain and all other important settings password protected, all online passwords are handled by Lastpass (Not sure if this makes it much more secure or not), and firewall is on. I also have a Kensington lock to physically lock it to the desk when I'm using it in a library etc. I have ClamAVX as my only real Antivirus/malware protection that I can think of.

There are certain things that I don't know how to guard against- such as running a live Linux CD to access data. I've looked into Filevault but heard a lot of stories about it bricking hard drives, and since I'm about to spend about $250 upgrading my macbook with an SSD and new HDD, I'm not sure how I want to risk that. Is there any other way to prevent someone accessing my drives by live CD or simply physically removing the HDD and plugging in a SATA cable?


Basically I wan't to Fort Knox-ify my macbook as much as possible. Any advice welcome. Cheers!
 

benthewraith

macrumors 68040
May 27, 2006
3,081
80
Miami, FL
What steps can you take to make OSX as secure as possible? I mean both secure as in safe from malware and secure in the event of it being stolen or lost?

For a while I just had a password prompt set when it returned from screensaver, only the other day did I notice the glaring back door that meant if you simply rebooted you could get in without a password (as this is a separate setting). I'm starting to wonder what other backdoors I'm missing.

Right now, my security measures are thus: password required on login/wake, Keychain and all other important settings password protected, all online passwords are handled by Lastpass (Not sure if this makes it much more secure or not), and firewall is on. I also have a Kensington lock to physically lock it to the desk when I'm using it in a library etc. I have ClamAVX as my only real Antivirus/malware protection that I can think of.

There are certain things that I don't know how to guard against- such as running a live Linux CD to access data. I've looked into Filevault but heard a lot of stories about it bricking hard drives, and since I'm about to spend about $250 upgrading my macbook with an SSD and new HDD, I'm not sure how I want to risk that. Is there any other way to prevent someone accessing my drives by live CD or simply physically removing the HDD and plugging in a SATA cable?


Basically I wan't to Fort Knox-ify my macbook as much as possible. Any advice welcome. Cheers!
In case of being lost, I strongly suggest you use Prey. Also, if you're worried about file security, you could always keep a disk image (.dmg) for private files. I would suggest you use a firmware password, however, if you do, you will be unable to use Prey in case your laptop is stolen. You also would be unable to use Find My Mac.
 

njdevil

macrumors member
Original poster
Aug 5, 2009
41
0
I've heard of Prey but it seems like the idea of it is to deliberately give a thief some access to your computer in order to figure out who and where they are. I'm not sure I'm comfortable with that, I think I'd rather keep people out as much as I can. For example, it seems like Prey requires you to leave password protection off for it to really be useful, but I need to have a password since I leave my laptop unattended (but locked to desk) in college occasionally, and I don't want people to be able to mess around with my computer.

That said, I just went and installed Prey anyway. Couldn't hurt, right?
 
Last edited:

Bear

macrumors G3
Jul 23, 2002
8,089
4
Sol III - Terra
What steps can you take to make OSX as secure as possible? I mean both secure as in safe from malware and secure in the event of it being stolen or lost?...
FileVault 2 does full disk encryption and works quite well and will do pretty much what you want for securing your data if your Mac is stolen. I am using FV2 on an iMac and I have not noticed any performance impact.

Remember there are differences between the original FileVault and FileVault 2 that comes with Lion.

FileVault 1 has all sorts of issues that do not exist in FV2, and a lot of the information on the web doesn't identify which version they're talking about when they complain about the issues.

The differences in FV also makes some security documents from before Lion outdated, you need to be careful that what they say still applies to Lion.
 

njdevil

macrumors member
Original poster
Aug 5, 2009
41
0
FileVault 2 does full disk encryption and works quite well and will do pretty much what you want for securing your data if your Mac is stolen. I am using FV2 on an iMac and I have not noticed any performance impact.

Remember there are differences between the original FileVault and FileVault 2 that comes with Lion.

FileVault 1 has all sorts of issues that do not exist in FV2, and a lot of the information on the web doesn't identify which version they're talking about when they complain about the issues.

The differences in FV also makes some security documents from before Lion outdated, you need to be careful that what they say still applies to Lion.
I didn't know about FV2, thanks. Am I correct in saying Filevault will only secure the OSX partition if Bootcamp is set up? And can Filevault secure multiple drives? (I plan on upgrading my MBP to a small SSD + large HDD setup when Mountain Lion is released)

Thanks for those links gumblecosby, extremely helpful!
 

Bear

macrumors G3
Jul 23, 2002
8,089
4
Sol III - Terra
I didn't know about FV2, thanks. Am I correct in saying Filevault will only secure the OSX partition if Bootcamp is set up? And can Filevault secure multiple drives?
...
To copy what I said in another thread:
  • For the system disk, you enable FileVault from Security & Privacy (System Preferences).
  • For a Time Machine disk, you enable the encryption from Time Machine preferences.
  • For an existing disk other than system or time machine disk, there are command line commands to enable encryption without losing data. Read all popups to make sure you don't have an odd case that might cause it to wipe the disk.
  • For a new disk with no data, you can select "Mac OS Extended (Journaled, Encrypted)" as the partition format(file system) to use.
  • **Encrypting the disks takes a while, but has minimal impact during the encryption process. You can safely shutdown and sleep the computer or even unmount the drive and the encryption process will resume correctly. I recommend only encrypting one disk at a time.
As for Bootcamp, I'm fairly sure that it would need to manage its own encryption, but you would need to check that.