Making my Mac more secure

Discussion in 'Mac OS X Lion (10.7)' started by njdevil, Mar 24, 2012.

  1. njdevil macrumors member

    Joined:
    Aug 5, 2009
    #1
    What steps can you take to make OSX as secure as possible? I mean both secure as in safe from malware and secure in the event of it being stolen or lost?

    For a while I just had a password prompt set when it returned from screensaver, only the other day did I notice the glaring back door that meant if you simply rebooted you could get in without a password (as this is a separate setting). I'm starting to wonder what other backdoors I'm missing.

    Right now, my security measures are thus: password required on login/wake, Keychain and all other important settings password protected, all online passwords are handled by Lastpass (Not sure if this makes it much more secure or not), and firewall is on. I also have a Kensington lock to physically lock it to the desk when I'm using it in a library etc. I have ClamAVX as my only real Antivirus/malware protection that I can think of.

    There are certain things that I don't know how to guard against- such as running a live Linux CD to access data. I've looked into Filevault but heard a lot of stories about it bricking hard drives, and since I'm about to spend about $250 upgrading my macbook with an SSD and new HDD, I'm not sure how I want to risk that. Is there any other way to prevent someone accessing my drives by live CD or simply physically removing the HDD and plugging in a SATA cable?


    Basically I wan't to Fort Knox-ify my macbook as much as possible. Any advice welcome. Cheers!
     
  2. benthewraith macrumors 68040

    benthewraith

    Joined:
    May 27, 2006
    Location:
    Miami, FL
    #2
    In case of being lost, I strongly suggest you use Prey. Also, if you're worried about file security, you could always keep a disk image (.dmg) for private files. I would suggest you use a firmware password, however, if you do, you will be unable to use Prey in case your laptop is stolen. You also would be unable to use Find My Mac.
     
  3. njdevil, Mar 24, 2012
    Last edited: Mar 24, 2012

    njdevil thread starter macrumors member

    Joined:
    Aug 5, 2009
    #3
    I've heard of Prey but it seems like the idea of it is to deliberately give a thief some access to your computer in order to figure out who and where they are. I'm not sure I'm comfortable with that, I think I'd rather keep people out as much as I can. For example, it seems like Prey requires you to leave password protection off for it to really be useful, but I need to have a password since I leave my laptop unattended (but locked to desk) in college occasionally, and I don't want people to be able to mess around with my computer.

    That said, I just went and installed Prey anyway. Couldn't hurt, right?
     
  4. gumblecosby, Mar 24, 2012
    Last edited: Mar 24, 2012
  5. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #5
    FileVault 2 does full disk encryption and works quite well and will do pretty much what you want for securing your data if your Mac is stolen. I am using FV2 on an iMac and I have not noticed any performance impact.

    Remember there are differences between the original FileVault and FileVault 2 that comes with Lion.

    FileVault 1 has all sorts of issues that do not exist in FV2, and a lot of the information on the web doesn't identify which version they're talking about when they complain about the issues.

    The differences in FV also makes some security documents from before Lion outdated, you need to be careful that what they say still applies to Lion.
     
  6. njdevil thread starter macrumors member

    Joined:
    Aug 5, 2009
    #6
    I didn't know about FV2, thanks. Am I correct in saying Filevault will only secure the OSX partition if Bootcamp is set up? And can Filevault secure multiple drives? (I plan on upgrading my MBP to a small SSD + large HDD setup when Mountain Lion is released)

    Thanks for those links gumblecosby, extremely helpful!
     
  7. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #7
    To copy what I said in another thread:
    • For the system disk, you enable FileVault from Security & Privacy (System Preferences).
    • For a Time Machine disk, you enable the encryption from Time Machine preferences.
    • For an existing disk other than system or time machine disk, there are command line commands to enable encryption without losing data. Read all popups to make sure you don't have an odd case that might cause it to wipe the disk.
    • For a new disk with no data, you can select "Mac OS Extended (Journaled, Encrypted)" as the partition format(file system) to use.
    • **Encrypting the disks takes a while, but has minimal impact during the encryption process. You can safely shutdown and sleep the computer or even unmount the drive and the encryption process will resume correctly. I recommend only encrypting one disk at a time.
    As for Bootcamp, I'm fairly sure that it would need to manage its own encryption, but you would need to check that.
     

Share This Page