Island in the Net by Khürt Williams

How To Setup System Security & Privacy Settings In OS X

The following information is based on OS X 10.10 Yosemite. If you are running an earlier version of OS the information might still useful but you may have to look in different system preferences.

My friends and family often ask me what they can do to make their Mac more secure. They are often concerned about viruses or people spying on their computer while they are online. No computer can be considered "secure" once it's connected to a network, but a few things you can do now to make using your Mac safer.

Security & Privacy

Select Security & Privacy from the System Preferences application.

Screen shot of OS X System Preferences — System Preferences (Faded)

General

From the General tab you can choose a few items to improve your Mac's security. Having a password on your Mac protects your privacy. But if you walk away and leave your Mac unattended while logged in, anyway with physical access to the Mac can get in and access your files, email etc. To protect my privacy I set my Mac to activate the screen save 5 minutes after the screen saver starts. I then set the screen save to start when my account has been inactive for 10 minutes. With these two settings I am assured that if I walk away from my Mac the account will be automatically locked after 15 minutes of inactivity.

Clicking the Advanced button bring up another set of options. I have set my Mac to require an administrator password to get access to any system preferences. This protect me from myself if for some bizarre reason the Mac gets hit with a virus (rare I know). It also prevents someone who may have access to my Mac from creating new account or changing system preferences to reduce the security of my Mac. If your Mac is a MacBook or in a very public area then you want to logout after a certain amount of account inactivity.

Malicious software can be found all over the net. Users looking for a bargain are often duped into downloading illegal copies of well-known applications such as Microsoft Office. Many times this software has been modified to install key loggers etc. on to you Mac or in the worst case, hold it for ransom. To help protect users Apple has built the App Store around the similar concept at the iTunes App Store. The App Store is more like shopping in a mall as opposed to a flea market. Apple has taken steps to reduce the chance of a malware making it on to your Mac. Apps in the App Store have had security checks, and the developers have been vetted by Apple. Apps in the App Store have also been assigned a security certificate. If Apple later discovers that a particular app or developer has abused security the application can be yanked from the store.

Of course users will want to run third-party apps that are not available in the App Store. You can still do this on your Mac with two level of lowered security expectations. Some developers have chosen to have their apps signed with an Apple certificate. This means that Apple didn't do a security review of the app but did verify that the application is a legitimate application from that particular developer. This is the setting I have chosen. I think it's a good balance between the limited set of apps from the App Store and the flea market of the Internet. The least secure is the Anywhere option that allows you to install whatever you want from anywhere on the Internet. Caveat emptor!

File Vault

Truthfully, I have yet to enable this on any Mac I've owned. OS X will encrypt the entire hard drive and make it unreadable. I think it might be useful for MacBook users who have very sensitive information to protect; things like patient health information or financial records. For the general consumer, they will have to weigh the risks of losing access to their files if they lose the decryption against the risk that someone gets access to their personal information.

Firewall

For the most paranoid or those wanting an extra layer of protecting when connected to Internet hotspots etc., I suggest blocking all incoming connections. You can turn this on an off as needed. For day to day use on a trusted network, I have enabled stealth mode and white listed the application that I want to have Internet access. To add an app or service, click Add, select the item in the list, then use the Up Arrow and Down Arrow keys to set the limits for the app. Stealth mode prevents your Mac from responding to probing requests that can be used to show its existence. The Mac still answers requests from authorized apps, but unauthorized requests such as ICMP (ping) get no response. I have also allowed signed applications to get access to the Internet. This allows apps and services that are signed by a valid certificate authority to be automatically added to the list of allowed apps, without your authorization. For example, iTunes is signed by Apple, so it is automatically allowed to receive incoming connections through the firewall.

Privacy

The privacy settings are used to limit what information about your Mac shares between the applications and services install on your Mac. When you turn on Location Services, you allow apps and websites to use your Mac’s current location to provide information, services, and features appropriate to where you are. For example, when using Facebook I may not want to let Facebook know the location of my computer. System Services allow the location of your Mac to be used by Spotlight or Spotlight Suggestions in Safari. This presence window shows the apps that want access to your contacts, calendars, or reminders. Deselect the app if you want to prevent it from accessing this information. I may want to limit which application have access to my calendar and contact list. I may want to restrict which applications can update Facebook or Twitter.

It's a good idea to spend some time thinking about what information you want to share and what apps have access to this information. Don't rush this one.

Screenshot of Privacy Tab in Security & Privacy Section of OS X System Preferences — Privacy Tab in Security & Privacy Section of OS X System Preferences

Conclusion

Like most computer, the Mac is only as secure as you want it to be. The Internet can be a dangerous place but if you configure a few security settings you can reduce your risk.

I Like Belts

Came across this article via the Desk.pm writing group. The author recounts a negative experience he had with his belt during a business presentation. He now hates belts.

I’ll pre-empt any comments by saying that yes, at their most basic, they hold up your pants. Personally, I’d rather walk around yanking my pants up every now and then. That’s what those loops are really good for.I Hate Belts by Dan

I do work in the professional business environment. I wear wool dress slacks, buttoned down shirts and yes, a belt. I find that outside of certain tech companies in Silicon Valley, most business environments require you to present a professional, dear I say, grown-up appearance. I think business managers and other executives just won't take you seriously when you are puling on your pants like a sloppy teenager.

Dan continues.

I did a little digging and found a few articles. Suspenders were a popular alternative, but this one in particular interested me. I was on the hunt for some fresh ideas when I stumbled onto Side Tabs. This is something new to me, something I’ll be looking into.

But ... using side tabs to hold your pants in place isn't any more secure a solution than the belt. Buttons easily pop-off. I've lost at least one button from the back pockets of my dress pants.

I imagine that a button popping on a side-tab means your pants become very loose -- very quickly. If your belt breaks you can run to the nearest store and get a replacement. If your side-tab button pops you are SOL. Women, generally speaking, have wide hips to hold their pants in place. Men, generally speaking, do not. Hence, the belt.

But based on what my wife tells me about the experiences she has with some workers at local offices, the current younger generation of younger workers are so coddled, they think it’s ok to dress and work like they are still in high-school.

Moeraki Boulders at Sunrise (Level 7 – Challenge)

I love the golden colour of the light and the way it seems to bring out the colour of the sand.

I think this is an HDR image. Perhaps Trey used luminosity masks on the sky since the sun seems so hot. I love the grouping of spherical boulders. They remind me of very large turtle eggs. Perhaps Godzilla laid eggs here millennia ago and these are the petrified remains. I like how the tree stump continues the golden theme started by the sun.

Based on the EXIF data, this image was taken at sunrise on the east coast of New Zealand on a wide-angle lens.

Image by Trey Ratcliff. One of the images I used for the Level 7 assignment in the Arcanum.

Apprentice is to find 10 photos from at least three different photographers they admire and share them with the community specifically in the “Level 7 – Challenge” category. Additionally, they should talk about why they find the photos interesting or inspirational.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.