Mac Security - Is Your Mac Fully Protected?

Mac security is a fascinating topic to discuss. Why do I say that? Well, everyone who has ever used a Windows PC will understand the term 'Virus'. Many people have experienced the damage that can be wrought by them, and how difficult it can be to eradicate them.

To many people that is the only security threat to their computers! Things get worse when discussing security with Mac users. I often hear phrases like;

But why should I care? Apple state that my Mac can't get PC viruses so that's me sorted! No more worries! Right?
- A Mac User

Well, I'm sorry but things are not as straight forward as that! It is true that your Mac cannot 'get' a PC virus, and it's true that there is currently no Mac viruses. But the security of your Mac, and therefore your personal data is much more complicated. We should not be complacent.

In today's digital world we are all connected to the Internet more and more. We have desktop computers in our homes, and our businesses, notebooks under our arms, and internet connected phones in our pockets.

We receive emails in their hundreds with attachments which can contain literally anything!

We often have no idea who they are from or what we have just clicked on!

Our kids have computers in their bedrooms!

They use FaceBook, they browse all sorts of websites and download what they like over our wireless networks. But its cool!

You have probably heard the terms virus, malware, phishing and hacked? But what do they mean? Do you use a wireless network at home? If yes is your WEP or WPA set-up correctly? No idea!

OK, I will stop dramatising the situation!

Mac security is good. As this article will show Mac OS X has many security features built-in to it. You have a Mac computer, that means it can be protected.

Apple provide the following security advice on their Mac OS X security page, which I think captures the fact that security needs to be an important consideration;

“ The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat … ”
- Apple Mac OS X Security Website

The Apple website goes on to list the following methods to help you keep your system and data safe;

• Only download files from known and trusted websites
• Use FileVault 2 to encrypt everything on your Mac
• Lock your screen after a period of inactivity
• Delete outdated sensitive files with the Secure Empty Trash command

It's all good advice, but you need to decide on the level of security that you adopt, based on your own circumstances.

This page will take a look at the built-in technologies talked about by Apple. It will explain the jargon and provide practical examples of how to implement the techniques if not automatically actioned by Mac OS X. But we will start by looking at the bigger picture.

Your Internet Connection is a Weak Spot!

We will start our journey by ignoring our Macs for a minute. Most of us have an Internet connection that appears in our homes or businesses as a cable or fibre. Normally it will be fed into a convenient place and end at a wall socket.

It is then our problem to get a connection from this socket to where the Mac actually lives! With the convenience of networks and the relatively low costs, the easiest option is to use a wireless router/modem.

One example of this is the Cisco Linksys X2000 which is shown in the image below. All you need to do is plug one cable into the Internet wall socket, and then use the web interface to set it up to connect to your Internet provider. Finally, connect your Mac to the new wireless network.

Cisco Linksys X2000 Router/DSL Modem Image courtesy of Cisco Linksys

This is where many users go wrong. They ignore the security features in there hast to get the network up and running. This leaves their network open to abuse. What is the point of setting up the security features in Mac OS X when the front door is wide open, so to speak!

Instead take a few minutes to read the manual and set-up the WPA2 security through the web interface. According to the wi-fi.org website WPA2 provides what is called government grade security by using the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm.

A bit of a mouthful but it basically means that all of your network traffic is encrypted. No body can connect to your network without the correct key.

Mac OS X Basic Security Settings

Now that we have secured your Internet connection it is time to take our first look at your Mac computer. Can you remember when you first received your Mac? The high expectations, the impatient desire to see the Mac OS X desktop for the first time! We've all been there!

During the initial set-up process you were asked to enter the username and password for what is called an 'admin' account. The first user account set-up on a Mac is automatically one of these admin accounts.

I wonder how many of you are still using this account, everyday, as your normal account. It is even possible that this is a home computer, and as such has auto-login enabled.

Let's have a more detailed look these basic settings. The 'System Preferences' application is the place where all basic settings are made. You can find the application on your Dock, or in the Application folder. The window you initially see is shown below.

System Preferences Window

We are interested in three particular areas Users & Groups, Parental Controls, and Security & Privacy. Let's take a look at each in turn.

Users & Groups

This section is where user accounts are set-up and administered. If you click on the Users & Groups icon you will see the window shown below.

User and Group Settings

If you look at the window above again you will see that it has two user accounts listed. The first named 'Gary Jordan' and the second named 'Guest User' which we will ignore for this article because the 'Guest User' has no 'real' access to the computer.

So that leaves us with a single user account named 'Gary Jordan'. If you look closely you will see that it states 'Admin' below the name. So this is an example of the scenario above where the default user account is an admin account.

To make matters worse this user account is set-up for auto-login, as shown in the window below.

Auto Login Settings

The best move is to create a new user account that is a 'Standard' account. Auto-login is all right if the computer is in the home and daily Mac security is not an issue. But if it was a Mac laptop being used on the move then auto-login should be disabled.

Parental Controls

This section of the system preferences is for parents of young kids or teenagers where you want some control over their access to the computer.

For Parental Controls to work you need to create a Standard user account for the child. Once this is done click on the Parental Controls icon and you will see the screen below.

Parental Control Settings

As you can see the range of controls is impressive giving you the ability to limit what the child can do. The beauty of giving a child its own user account is that your own important files are safe from little hands.

Security & Privacy

This section is probably the most relevant in terms of Mac security. The window below shows the general settings, but there are three others to chose from, which are FileVault, Firewall and Privacy.

General Security Settings

The general security settings give you control over how the system behaves. You can disable auto-login completely, change the behaviour of the screen saver, etc.

FileVault 2 Settings

Clicking on the FileVault tab takes you to the FileVault settings window which is shown below. Apple upgraded to FileVault 2 in OS X Lion.

Filevault Settings

If you handle sensitive data and need some serious Mac security then you might like the idea of using FileVault 2. It allows you to encrypt your entire Mac hard disk, as well as any external drives that you use.

According to Apple the initial encryption has been improved so it is fast and unobtrusive, and uses XTS-AES 128 data encryption at the disk level. It is also possible to instantly wipe your data if the need arises!

Firewall Settings

The next tab to the right is labelled 'Firewall'. A firewall is kind of like a perimeter fence around your Mac. A computer, when connected to a network, can have many services running that can be misused by Trojans, for example, that can give the wrong people access to your computer. Often without you knowing!

The firewall blocks all but the most important services. If you need to allow some services to have access then you can set-up individual rules. A firewall is another powerful tool in the Mac security arsenal.

Firewall Settings

Privacy Settings

There is a growing trend for software to make use of your location. This can be used for many things, from changing language and content on websites, to tagging photos, to showing friends where you are. This setting allows you to control which applications can use the location information.

Privacy Settings

Mac OS X Security Features

We have said else where on this website that the Mac OS X operating system is based on Unix roots. This automatically builds in security features.

We have already looked at user accounts but individual files and directories have strict permissions that decide who can access them. But Mac OS X and Apple build on these roots to create even better Mac security.

Automatic Software Updates

It is a sad fact of life that no software is 100% bug free. As software gets more powerful this problem increases. Often bugs can be used to gain access to a system.

Bugs of this nature are being checked for continuously, and when they are discovered fixes are immediately released. But these fixes are only useful if they are installed on your Mac when available.

The 'Software Updates' setting in System Preferences allows you to enable automatic updates, and to decide how frequently you check for updates.

Application Sandboxing

Mac security is all about finding and protecting the weakest point in the system. We have already mentioned that applications can be used to gain access to your Mac.

So application sandboxing limits and controls the access that each application has to the root system.

Mac OS X is Always Checking and Monitoring

Have you ever noticed when you have downloaded a file or application and you try to open it for the first time that you get the following warning.

This is Mac OS X ensuring that you really did download it, and are expecting to be opening it. I know sometimes it's annoying but at least your being protected.

Viruses, Trojans and Other Malware

At the very beginning of this article I mentioned viruses as being most peoples biggest concern about security. I said at the time that the Mac cannot get a virus - at the moment!

This is true because a virus is defined as a program that can execute itself and also copy itself to another system. On a Mac, at the present time, this cannot happen due to the user accounts, access rights and permissions, etc.

But there are very real threats out there! For example, their has been examples of Trojans infecting Macs and these can be very harmful. But a Trojan has to be let in by us. It's true, a Trojan is often downloaded disguised as some other application and we install it.

Other Malware can get in through dodgy websites, again let in by us, things like key loggers. All very harmful and a good example of why we should take Mac security seriously.

Check out our dedicated Mac Virus section for more information about viruses, trojans and malware, and how to protect your Mac.