Apple Matters recently posted some security tips for us OS X users, which I will now annotate these for your quick reading pleasure. I’ve added a for and against for each tip that Apple Matters gave.

Caveat: Although I’m an employed ’security expert’ I am not an OS X security expert. I’m more on the advice and management side these days rather than technical. Apple Matters is not a technical security site and the author Aaron Wright, while I’m sure a nice guy, is not a security expert.

1. Get some Anti-Virus software
For: Um. Nothing. This does not protect you for any future virus threats.
Against: No need yet, slows downs file access, takes resources from other applications. Until the Mac attracts viruses or worms that can exploit OS X don’t worry. A virus that asks you to permission to attack your system does not count, see 5.
How: Do nothing. Keep an eye on Clam antivirus though and read a couple of the big Mac websites so you know the current news on viruses.

2.Turn that Firewall on
For: Basic protection, it is the lock on your front door. This is off by default on OS X, not clue why, turn this on as your first move.
Against: What, you leave your front door wide open at nights?
How:Enable your firewall: System Preferences, Sharing, Firewall

After you have turned on your firewall click the Advanced button, tick all three of the options and hit OK. This enables firewall logging, blocks all UDP traffic and turns on OS X stealth mode. No, your laptop will still appear on radar, OK. It just won’t respond to probes.

3. Services
For: Allows you to host an internet site from your Mac, plus much more like connection sharing.
Against: Open ports are ways into your system, if you don’t *really* need these service running then don’t start them.
How: Check your services: System Preferences, Sharing

4. FileVault
For: AES 128 Home folder encryption, protect your data from theft and snooping. AES encryption protects against any casual or corporate information theft of your encrypted data but not the NSA or military. Some recovery protection as you can set up a master password for encrypted data on your Mac.
Against: Don’t forget your password! It becomes much slower to shut your Mac down.
How: System Preferences, Security

5. Keychain pop ups
For: Ease of use, you can OK authentication with one click
Against: Be aware of what you are authenticating, read those dialog boxes and think why you are getting asked a question. Never click a box without knowing why it is asking you for authentication.
How: N/A

6. What else you can do
For: Self education is the biggest protection against scamming or social hacking but it won’t help too much against a worm. Worm prevention can be helped by not running downloaded files automatically.
Against: Hey, why should I read security sites, I run a Mac! Conveniance of files opening.
How: Have a few of the big Mac sites in your browser and check them out at least once a week, it should be enough. Prevent downloaded files opening automatically by: Safari, Preferences, General tab, untick Open safe files after downloading.

7. Keep cookies restricted
For: Common sense says you don’t want sneaks passing round your browsing habits. Restrict cookies to the site you are viewing. Switching them off leads to nag screens and lost ease of use.
Against: None.
How: Safari, Preferences, Security tab, in Accept Cookies: pick Only from sites you navigate to.

Another Safari tip, disable AutoFill in Safari. This way if anyone else uses or steals your machine they can’t easily see where you’ve been browsing.

8. Be smart
Really a replay of 6.

Missing from the article is something vital that so few people do; Backups. Doing a backup should be a part of your standard security routine. Pick a day of the week, or a date in the month, and do your backups. I use the first of every month and do a full backup to an external USB harddisk – these are so cheap now I really suggest you get one. I keep the previous months backup, but remove the backup of two months ago. Every three months or so I archive a backup off onto DVDs.

A quick note for Windows users, the old ‘logged on as admin’ issue is not addressed because in OS X you are not logged on as root.

Link

Related Posts: