Well… STOP! The truth is no computer system, including your shiny new Mac, is immune from attack. While there are no true viruses for OS X, that doesn’t mean Macs are impenetrable. They’re still vulnerable to malware, spyware, spam, trojans and user error.
Security threats are becoming more relevant as Macs continue to grow in the marketplace. In the week of August 1st to August 6th, 2012, security software firm Sophos found 4,900 different pieces of OS X malware floating around Mac computers. It’s worth noting that some pieces of OS X malware are cross-platform threats as the programs infect computers via Java and Adobe Flash.
However, with just a few easy steps, your new (or old) Mac can be more secure.
These tips are based on OS X ( the X is Roman numeral for 10 ) 10.8 Mountain Lion. If you are running an earlier version of OS the tips are still useful but you may have to look in different applications and system settings.
The internet is where most of the bad stuff is located, so connecting to the internet can expose the Mac to attacks and malware. When setting up a Mac it is a good idea not to connect to the internet until the Mac is secure.
By default the OS X Setup Assistant configures the first account on the Mac as an administrator account. This account can do anything to the computer and I’s a bad idea to use this regularly for day to day tasks. Apple recommends that Administrator accounts should only be used for administration. Users should use standard user accounts for day-to-day computer use. Simple names like “Administrator” or “Admin” are easy to guess, and give an attacker some information needed to break into a system. Use a difficult-to-guess name for accounts with administration privileges to the Mac. If you are a fan of the Lord of the Rings then a name like “Gandalf” might be appropriate.
For daily usage create a standard account. A standard account can run apps, save documents etc. but can’t make system changes or install software. A non-administrator should not need administrator privileges on the Mac, so create a standard (or managed, if using Mac OS X Server or Parental Controls) account for these users. Standard users have reduced rights which may affect their ability to alter things on the computer. Standard users cannot install software in the /Applications folder and cannot change various System Preferences, including creation and modification of network settings
Parental Controls are great for managing how your kids use the Mac. This account can be made more restrictive that the Standard account. Parents can allow use of specific apps, printers, web sites etc.
The account allows access to the computer and the applications but does not allow the user to install software or change system settings. All the information about the account, including any saved files, is deleted when the guest user logs out. This account is the one Apple uses in it’s stores to allow customers to try the Macs.
I generally don’t allow other people to use my personal computers or other devices. I recommend disabling the account.
The Guest account allows a guest to log in to a Mac and use all of its services. When the guest logs out, the Mac clears most of whatever the guest did on the Mac. This allows one person to let another borrow the computer for a short period, and still protect information in other accounts on the Mac.The usage of a Guest account may give the Mac owner a false sense of security. If the guest has physical access to the Mac and the owner is not present, the guest could gain full access to the Mac. That said, use of the Guest account allows for quick and moderately safe computer sharing.
Passwords are the primary protection against unauthorized access. Accounts with administrative privileges are the most important to protect. Therefore, using a complex password for these accounts is very important.
Apple provides a Password Assistant in the dialogs used to set password. When setting a password, click on the key icon to the right of the New Password field to display the assistant. Make sure the password for the administrator account shows a quality of green. Make sure the quality meter is about halfway across or more.
Disable automatic login
Having a computer automatically log in bypasses a major security feature (the login) and can allow a casual user access to sensitive data in that user’s home directory and keychain.
- Staying Safe Online
- Staying Updated
Bluetooth is a very useful technology, but it also can expose a Mac to certain risks, if Bluetooth is not allowed in your environment use these settings. Bluetooth can be disabled via System Settings.