間眅埶AV

MENU

Desktop Security

When it comes to desktop security, computer users and owners are the first line of defense. Listed below are best practices you can use to keep your PC and Mac safe.

Be a parrot not an ostrich. Macs have vulnerabilities.

A prevailing attitude with regard to Macs is that they are impossible to hack and impervious to viruses and other computer malware. This is a myth.

Although there are no known viruses that affect Macs, there are a multitude of other attacks that Macs are vulnerable to. Moreover, while Macs may presently be immune to many viruses that target Windows machines, this does not preclude Macs from being carriers of viruses. So, even if you are unaffected by a virus or Trojan sent to you in email or downloaded from the web, it does not mean that you cant pass it along to another computer.

The incidence of Mac exploits will grow as the popularity of the Apple platform increases.

Recommendation:

Dont believe the hype. Stay on top of issues that pertain to your chosen platform, and do not fall victim to the belief that just because you have a Mac, you have nothing to worry about.

Do not perpetuate the fallacy of the impenetrable Mac.

Use anti-virus or anti-spyware software.

Presently, there are no versions of Mac OS X that has native anti-virus protection.

Although it is unlikely that your Mac will become infected with a virus (in the Windows sense of the word), there are other types of exploits that anti-virus software can protect you from:

  • Trojans
  • Malware
  • Adware
  • Keyloggers
  • Java exploits
  • Flash exploits
  • DNS spoofing

There are many levels to an operating system, and some are more secure than others. Recent attacks on Mac OS X have targeted subsystems like Java and Flash with resounding success.

Moreover, anti-virus and anti-spyware software can help to protect other computers on your network from attack vectors.

Recommendation:

Purchase or download a well-recognized free anti-virus or anti-spyware solution.

Upgrade your system and/or hardware regularly.

Currently, Apple only supports and releases security patches for two generations of its Mac OS X operating system:

  • Snow Leopard (10.6)
  • Lion (10.7)

All other versions of the Mac OS X operating systems are considered deprecated and will not receive further support from Apple. All non-Intel PPC Macs are considered legacy hardware and should be retired. PPC hardware cannot be upgraded to a secure version of Mac OS X.

Operating a computer that is not receiving regular security updates is a threat not only to your own security, but in a networked environment, it can be harmful to machines you share the network with.

Recommendation:

Consider upgrading your operating system or hardware to meet minimum standards. A good rule of thumb is to upgrade if the following situation applies:

  • You are not using a Snow Leopard (10.6), Lion (10.7).
  • Your Mac is capable of hosting Snow Leopard (10.6), Lion (10.7).

Disable Mac's auto login.

By default, all versions of Mac OS X enable what is known as auto login. This feature does not require that you enter a valid username and password to access your Mac.  Consequently, anyone with physical access to your computer will have access to the data stored on it.

Moreover, the process used by Mac OS X to store the password for the designated auto login user is inherently insecure (unencrypted).

The auto login feature is enabled only for the sake of convenience.

Recommendation:

Disable the Mac OS X auto login feature to prevent unknown persons from easily accessing your computer and its data.

To disable the Mac OS X auto login feature, do the following:

  1. On your Mac, double-click the System Preferences icon.
  2. In the Personal group, select Security & Privacy.
  3. On the General tab, check Disable automatic login.

Enable screen saver and sleep lock.

All versions of the Mac OS, except Mac OS X, include a feature that demands a valid password in the following situations:

  • Waking from sleep 
  • Dismissing the screen saver. 

In Mac OS X, however, after the screen saver or sleep mode is enabled, you are not required to type a password to disable it. As a result, you are at high risk of data theft if their devices are stolen. 

Also note that if you are operating an Apple desktop in a high-traffic area you are susceptible to spying and data theft.

Recommendation:

Enable the Mac OS X security feature, by doing the following:

  1. On your Mac, double-click the System Preferences icon.
  2. In the Personal group, select Security & Privacy.
  3. On the General tab, check Require password for sleep and screen saver.
  4. Then select Immediately from the drop-down menu.

Use Filevault.

By default, Filevault disk encryption is not enabled. As a result, anyone with physical access to your computers disk, will be able to read its contents without any form of authentication. This means that if a computer is stolen, the contents of the computers disk can be accessed by the perpetrator without sophisticated equipment.

All versions of Mac OS X since version 10.4 (mid-2005) support a form of partial or full disk encryption named Filevault. Each version of the operating system since 10.4 has made significant improvements to this feature.

Recommendation:

Enable Filevault (or some other form of disk encryption) to prevent unwanted data exposure.

Important: Not all versions of Filevault are created equal. It is strongly recommended that anyone wishing to use the native Mac OS X disk encryption, upgrade their operating system to Mac OS X Lion which utilizes FDE (Full Disk Encryption) via Filevault version 2. FDE is a more rigorous and friendly form of encryption, and does not suffer from many of the drawbacks of Filevault version 1.