Security Basics

Discussion in 'macOS' started by Macbethica, Mar 7, 2010.

  1. Macbethica macrumors newbie

    Joined:
    Mar 7, 2010
    #1
    What do you recommend for making one's Mac secure?

    I found this article:
    http://www.freerepublic.com/focus/f-chat/1979043/posts

    Is this all most people do? Is there something the experts here disagree with or would add to the steps outlined in the article or should it be followed as is.

    Thanks!
     
  2. J the Ninja macrumors 68000

    Joined:
    Jul 14, 2008
    #2
    That article seemed to cover the main points pretty well. It's up to you whether to use your admin account for daily use or not. (If you do, I would STRONGLY recommend having your computer lock when coming back from sleep/screen saver and having System Prefs auto-lock. These are good ideas anyway, but it's doubly important if you have admin privs on your day-to-day account.) Oh, and if you are on Leopard or earlier, display sleep DOES NOT count as a "sleep/screen saver". So if you don't have a screen saver set, it won't lock until it goes to sleep. So set a screen saver (the "computer name" one doesn't really use any extra power, unlike some of the others.) Or just upgrade to Snow Leopard, which does lock on display sleep. It can also delay locking the screen, which is kind of handy.
     
  3. Detektiv-Pinky macrumors 6502a

    Detektiv-Pinky

    Joined:
    Feb 25, 2006
    Location:
    Berlin, Germany
    #3
    I can recommend to run you computer from a 'Non-Admin' account. I have not yet found this to be problematic in any way. Yes, you have to type the Admin password in order to install new software, but I actually see this as a feature...

    To control what applications are allowed to 'phone-home' over the Internet you can use Little Snitch.

    And if you are using a mobile Computer on the road, I also recommend to disable 'Sharing' in the Network Preferences. It reduces your attack surface and hides the fact that you have joined a network with your shiny new Macbook.
     
  4. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #4
  5. Steve-M macrumors regular

    Joined:
    Jun 12, 2009
    #5
    I have to disagree with this article on three points. The idea of creating a second administrator account, then turning your existing administrator account into a standard user account is incorrect. The second account you create should be a standard user account. Then if necessary, transfer your data from your administrator account, to the standard user account.

    I do however agree with using a standard user account for everyday use. Apple has made it quite easy to administer your system from a standard user account. The two major differences you will see are, one, you will need to supply a administrator name and password to make system wide changes. Two, if you need to use the sudo command, you will need to su into your administrator account first, that or modify your sudoers file.

    FileVault encrypts your entire user directory, this will use system resources, and if you forget your Master Password, you loose access to your data. I can think of better ways to secure data.

    Go through all the trouble of securing your Mac, and then leave the firewall turned off, just to see what might happen? Makes no sense. If your behind a router with a built in firewall, your already protected and can leave the firewall in OS X set to allow all incoming connections. But if your using OS X in another fashion, lets say in a public wifi setting for example, I would recommend selecting a more secure setting.
     
  6. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #6
    Like others have said Little Snitch will point out any outbound traffic going out on your Mac.

    Then consider using a DNS system like OpenDNS and consider opening a free account. This way if you decided to use their service you can block any none Trojan baring site and any other site you want (like sex sites, etc.). This will help you avoid the very few Mac Trojans that are hosted on some porn video sites and it Mac file sharing software sites. So if you don't pirate Mac software then you will be 100% Trojan free.

    Lastly there are no viruses for a Mac and just a handful of short lived Mac Trojans that bit some pirated Mac software. They were DNS Trojans that were found quickly on a Mac and could not replicate themselves.


    One more thing. If you have a Mac Book Pro then don't rely on the built OS X firewall because IMHO it is weak. Luckily a clever programmer that knew about the FreeBSD in OS X and wrote a GUI application to take advantage for the FSB IPFW in the BSD Core of OS X and called it WaterRoof. For beginners he also made NoobProof for us mere mortals could use the IPFW easily. It is much more strong than the Apple supplied GUI in the Security tab.
     
  7. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #7
    I'm curious why you think it is an issue to create the second admin account and change the original to a standard one? It's easier for those who have been using their account for a while to use what they already have, than to start from a fresh account.
     
  8. Steve-M macrumors regular

    Joined:
    Jun 12, 2009
    #8
    I have read that not all administrator privileges are turned off when degrading to a standard user account.
     
  9. Macbethica thread starter macrumors newbie

    Joined:
    Mar 7, 2010
    #9
    Thank you all for your suggestions.

    If indeed not all admin privileges are turned off, would it be a good idea to delete original admin account once admin privileges are assigned to another account and then create a new standard account? Are the steps in the article for creating new admin account accurate?

    Also is it possible to change the shortname once an account is created?

    Thanks again!
     
  10. Steve-M macrumors regular

    Joined:
    Jun 12, 2009
    #10
    I would use the original administrator account, as the administrator account, and create one standard user account for daily use.

    Yes

    Yes
     

Share This Page