Securing Your Mac

by Aaron Wright Mar 01, 2006

In light of the recent so-called ‘virus outbreak’, as some people are calling it, I’m going to try and lower a few heart beats by showing you a few security features available in Mac OS X ‘Tiger’. I would like to point out first, that no one should be worried about the two viruses known at the minute. Neither are particularly dangerous, and with a bit of common sense, you shouldn’t need to worry about catching them.

It was only a matter of time before a virus was coded for the Mac OS platform, and I’m sure more will come in time, especially as Apple’s products become more and more popular. Of course, comparing to Windows, OS X is still God’s gift to computer users who want a blissful time using their machine, without the need to constantly worry about what they are downloading - although you should always be cautious of what you download.

Some new Mac users don’t even realize that there is a Firewall present within the OS X ‘Tiger’ system. Unfortunately, Apple has hidden it all too well within the ‘Sharing’ section of System Preferences, and deserves a slap on the wrist for doing so.

Services


image



Along with the Firewall, there are a number of ways to make your system a lot safer, such as turning off Services you don’t use. As you can see from the image above, I’ve already got ‘Personal File Sharing’ switched on as I have people accessing files from my computer.

It’s fairly straight forward as to how to turn on and off the services by simply ticking the box next to the Service you want active.

First of all, how do you put your computer at the highest possible risk from hackers, viruses etc? You turn all of the services on. By having each service turned on, you’re literally opening all the available doors to your computer, putting up a notice that says ‘Welcome’ and then closing your eyes for half an hour. But even with all these services turned on, the OS X system is still more secure than an up-to-date Windows PC with similar services open. This is more due to the fact there are less people out there trying to hack into an OS X system, and even more who wouldn’t know what to do once they’ve hacked in. Of course, it still doesn’t mean you shouldn’t be vigilant.

The services that are most commonly going to be used by a home network setup are:

  • Personal File Sharing - To share files between two or more computers

  • Windows Sharing - Allows you to share files between Windows users & your Mac

  • Personal Web Sharing - Giving you the option of hosting a website on your home Mac

  • FTP Access - FTP Access is a way of transferring data from your Mac to a web server

  • Printer Sharing - Allows the option of sharing printers on a home network

    The other options I won’t go over today as I’m assuming new Mac users will be reading this article and therefor probably wouldn’t be using any of the other services available. Again, I must stress that you only turn on those services you need. If you aren’t using them, or don’t know what they’re about, leave them turned off.

    The Firewall


    image

    The Firewall available in OS X isn’t the best I’ve seen, but again, it’s much better than its Windows counterpart and it’s much better than having no Firewall at all. First step? Turn it on. The Firewall allows you to enable or disable port blocking, which basically keeps things from coming in and out of your computer. The Services that you have switched on will automatically be set ‘On’ in the Firewall tab and cannot be turned off unless done so through the Services tab. The reason for this is that the Firewall has to disable port blocking for that particular service in order for it to work. The same can be said for all the other services except (if you scroll down):
  • iChat Bonjour
  • iTunes Music Sharing
  • iPhoto Bonjour Sharing
  • Network Time The 4 services above aren’t available in the ‘Services’ tab, and can be blocked or unblocked at any time. By default, all are currently being blocked on their selected ports. I suggest you keep these turned off unless you are going to use them, something which the applications in question will notify you about should you ever need to use them. Mac OS X ‘Tiger’ is shipped already secure, unlike some other operating systems. It means you don’t have to worry too much about your computer’s safety if you’re on the Internet or part of a network with access to the Internet. However, as I’ve already said, having a Firewall turned on, and disabling any services you aren’t going to be using will protect you even further.

    Internet Sharing

    The last feature available on OS X Tiger’s ‘Sharing’ section is the ‘Internet’ tab, or ‘Internet Sharing’. I realize this doesn’t cover security as such, but as it’s in this section, I thought it might be an idea to quickly go over it.

    This feature enables you to let other users share your internet connection. This can be a cost effective way of getting two computers on the Internet, through a network, without the need for a Router/Switch and any extra software.

     

    Summary

    I hope that’s helped lower your pulse rate. Know that your Mac is safe as it is, but could be safer with a Firewall turned on, any Services you aren’t using turned off, an Anti-Virus program running and, of course, some common sense. Don’t open files unless you know exactly what they are. Don’t open an e-mail unless you know exactly who it’s from, and above all else, don’t download files from the Internet unless you trust that websites 100% and you know exactly what the file is.

    Digg this Story

     

    • Share this article

    Comments

    • Also, to secure yourself from the Safari vulnerability that was mentioned recently, go to your Safari Preferences->General and uncheck ‘Open “safe” files after downloading’ and you will be fine.

      Devanshu Mehta had this to say on Mar 01, 2006 Posts: 108

    • “I would like to point out first, that no one should be worried about the two viruses known at the minute. “

      These weren’t viruses. I am surprised you didn’t know that. Especially for a major Apple site.

      milklover had this to say on Mar 01, 2006 Posts: 22

    • Milklover, without the need to confuse new Mac users further, I used the term ‘Virus’ to cover all manner of malicious programs, such as Trojans and Worms.  Thanks for your criticism though, much appreciated, especially from a lover of milk.

      Devanshu, thanks for your contribution to that, something I should have probably mentioned at the start of the article.

      Aaron Wright had this to say on Mar 01, 2006 Posts: 104

    • I understand Aaron not wanting “to confuse new Mac users further”, yet I think it’s even worse to mislead new Mac users by using the term “virus” in an article like this.

      So, instead of stating that “no one should be worried about the two viruses known at the minute” it could have been even better to reassure new Mac users that they should not be worried since what they heard about are not even viruses.

      (Finally, it’s quite sad to see the writer of the article trying to embarrass a user by commenting on the user’s nickname…)

      Panagiotis Karageorgakis had this to say on Mar 01, 2006 Posts: 2

    • The reality is that for both platforms, it comes down to the end user.  While Mac fanatics are quick to point out that a user must consciously decide to install a virus-laden program (and like Aaron, I’m using the term “virus” as a catch-all for malware, like Mac users do when they’re talking about Windows), and the same is true for Windows.

      Am I more cautious of what I download on my Windows machine than my Mac?  Yes.  But only because I know that whatever malware is there was almost certainly coded for Windows.  And I’m still the one consciously doing the downloading and the running of the software.  If there’s something in it, then I’m the one who let it get there.

      Do I run anti-virus software on my Mac?  No, for the same reason.  But as Macs become more popular, that won’t always be the case.

      And you guys can “that wasn’t a virus” yourselves until your blue in the face, but if Macs become a serious contender in the OS market, then burying your head in the sand is only going to piss off the potential users who aren’t going to be quite as willing to ignore the problem.  They’re going to ask themselves why they bothered to switch.

      Beeblebrox had this to say on Mar 01, 2006 Posts: 2220

    • Actually, the firewall in OS X is one of the best in the industry, let alone for an out-of-the-box solution. Its just IPFireWall from the underlying BSD subsystem, and by default is far more locked down and responsive than any other firewall I’ve used.

      Not to mention the custom bandwidth filtering it offers, via custom rulesets created via the Terminal. Sure, the interface for it may not look like much from the Sharing prefpane, but underneath its rock solid. Even more so if you turn on the ‘Stealth Mode’ in the Advanced pull-sheet.

      Surprised you didn’t cover this, or the temporary solutions to the current two ‘threats’:

      Saft Lite: http://haoli.dnsalias.com
      Unsanity’s Paranoid Android: http://www.unsanity.com/haxies/pa/

      I know this is aimed at beginners, but a little more research wouldn’t go amiss. You know you just have to ask on MSN dude wink

      Kyle Marriott had this to say on Mar 01, 2006 Posts: 4

    • Did you know about our free QuickTime videos we produced last Summer (before the Podcast craze)?

      http://www.maccompanion.com/videocasts/MacSafetySecurity.htm

      Robert Pritchett had this to say on Mar 01, 2006 Posts: 25

    • Panagiotis, I still stand by what I originally wrote.  At the end of the day, the article wasn’t about the difference between a Virus, Trojan and a Worm, it was about the benefit of OS X’s Firewall and Services.  I didn’t feel it was necessary to go in depth of what each of those different malicious programs were about.

      Also, with respect to Milklover and yourself, have you ever heard of the word “kind humor”?

      Kyle, unfortunately MSN must have caught me on an off day.  I wouldn’t say the Firewall was poor, more that there just aren’t enough options within, although I suppose OS X being a brilliantly simple interface, that’s perhaps what Apple were going after.  Shame on them still, though, for not making the Firewall more noticable within the system.

      Beeblebrox, thanks for your comments, I completely agree with you.

      Robert, I wasn’t aware of your Quicktime video, but I’ll take a look over them now.  Cheers

      Aaron Wright had this to say on Mar 02, 2006 Posts: 104
    • Page 1 of 1 pages
    You need log in, or register, in order to comment