Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Basics

That article seemed to cover the main points pretty well. It's up to you whether to use your admin account for daily use or not. (If you do, I would STRONGLY recommend having your computer lock when coming back from sleep/screen saver and having System Prefs auto-lock. These are good ideas anyway, but it's doubly important if you have admin privs on your day-to-day account.) Oh, and if you are on Leopard or earlier, display sleep DOES NOT count as a "sleep/screen saver". So if you don't have a screen saver set, it won't lock until it goes to sleep. So set a screen saver (the "computer name" one doesn't really use any extra power, unlike some of the others.) Or just upgrade to Snow Leopard, which does lock on display sleep. It can also delay locking the screen, which is kind of handy.
 
I can recommend to run you computer from a 'Non-Admin' account. I have not yet found this to be problematic in any way. Yes, you have to type the Admin password in order to install new software, but I actually see this as a feature...

To control what applications are allowed to 'phone-home' over the Internet you can use Little Snitch.

And if you are using a mobile Computer on the road, I also recommend to disable 'Sharing' in the Network Preferences. It reduces your attack surface and hides the fact that you have joined a network with your shiny new Macbook.
 
Macbethica said:
I found this article:
http://www.freerepublic.com/focus/f-chat/1979043/posts
Click to expand...

I have to disagree with this article on three points. The idea of creating a second administrator account, then turning your existing administrator account into a standard user account is incorrect. The second account you create should be a standard user account. Then if necessary, transfer your data from your administrator account, to the standard user account.

I do however agree with using a standard user account for everyday use. Apple has made it quite easy to administer your system from a standard user account. The two major differences you will see are, one, you will need to supply a administrator name and password to make system wide changes. Two, if you need to use the sudo command, you will need to su into your administrator account first, that or modify your sudoers file.

FileVault encrypts your entire user directory, this will use system resources, and if you forget your Master Password, you loose access to your data. I can think of better ways to secure data.

What about the built in Firewall on my Mac?

Oh, you can turn on the Mac's own firewall if you want. I have been running my Mac for over a year with out the system firewall, just to see what might happen. So far? Nothing's impacted my Mac.
Click to expand...

Go through all the trouble of securing your Mac, and then leave the firewall turned off, just to see what might happen? Makes no sense. If your behind a router with a built in firewall, your already protected and can leave the firewall in OS X set to allow all incoming connections. But if your using OS X in another fashion, lets say in a public wifi setting for example, I would recommend selecting a more secure setting.
 
Like others have said Little Snitch will point out any outbound traffic going out on your Mac.

Then consider using a DNS system like OpenDNS and consider opening a free account. This way if you decided to use their service you can block any none Trojan baring site and any other site you want (like sex sites, etc.). This will help you avoid the very few Mac Trojans that are hosted on some porn video sites and it Mac file sharing software sites. So if you don't pirate Mac software then you will be 100% Trojan free.

Lastly there are no viruses for a Mac and just a handful of short lived Mac Trojans that bit some pirated Mac software. They were DNS Trojans that were found quickly on a Mac and could not replicate themselves.


One more thing. If you have a Mac Book Pro then don't rely on the built OS X firewall because IMHO it is weak. Luckily a clever programmer that knew about the FreeBSD in OS X and wrote a GUI application to take advantage for the FSB IPFW in the BSD Core of OS X and called it WaterRoof. For beginners he also made NoobProof for us mere mortals could use the IPFW easily. It is much more strong than the Apple supplied GUI in the Security tab.
 
Steve-M said:
I have to disagree with this article on three points. The idea of creating a second administrator account, then turning your existing administrator account into a standard user account is incorrect. The second account you create should be a standard user account. Then if necessary, transfer your data from your administrator account, to the standard user account.
Click to expand...

I'm curious why you think it is an issue to create the second admin account and change the original to a standard one? It's easier for those who have been using their account for a while to use what they already have, than to start from a fresh account.
 
angelwatt said:
I'm curious why you think it is an issue to create the second admin account and change the original to a standard one? It's easier for those who have been using their account for a while to use what they already have, than to start from a fresh account.
Click to expand...

I have read that not all administrator privileges are turned off when degrading to a standard user account.
 
Thank you all for your suggestions.

If indeed not all admin privileges are turned off, would it be a good idea to delete original admin account once admin privileges are assigned to another account and then create a new standard account? Are the steps in the article for creating new admin account accurate?

Also is it possible to change the shortname once an account is created?

Thanks again!
 
Macbethica said:
Thank you all for your suggestions.

If indeed not all admin privileges are turned off, would it be a good idea to delete original admin account once admin privileges are assigned to another account and then create a new standard account?
Click to expand...

I would use the original administrator account, as the administrator account, and create one standard user account for daily use.

Macbethica said:
Are the steps in the article for creating new admin account accurate?
Click to expand...

Yes

Macbethica said:
Also is it possible to change the shortname once an account is created?
Click to expand...

Yes
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back