About MacOS X’s Security

MacOS X has several security features, and in fact the whole OS is based on security, since it’s built around a UNIX core. The following outline it’s main security features, useful against internet hackers, spyware and theft. Here’s what you can do within these areas to protect yourself...

Viruses

MacOS X Viruses
Although there appears to be no viruses for MacOS X, there are some, it’s a fact now. However there’s only 2 or 3 of them, and they mustly take the form of trojan viruses, which means that it disguises itself as a genuine program, but it isn’t.
If you want to be completely safe from viruses, then you need an anti-virus program, and then have a yearly subscription to their virus update file(s). Three of the must popular commercial applications out at the moment are: Symantec’s Norton AntiVirus, Intego’s Personal AntiVirus X4, and Sophos AntiVirus.

Windows Viruses
Microsoft Windows (any version) viruses cannot infect MacOS X, period. There is no way to natively infect a MacOS environment, it is designed to only infect and launch itself on a Windows OS, so if you come accross one in MacOS X, don’t panic, it’ll be completely impotent and do nothing. Which means you can safely expand and delete files that have either .pif or .exe file extensions on them.

Security Against Theft

System Preferences: Security - Use these features to complete lock down your Mac, which are especially useful for laptop Macs. Most of the features centre round accessibility of your Mac. See picture for details for all of the features listed here.

FileVault - will secure your entire User folder, so if you have data you do not wish to share with anyone else, use this feature when setting up a User account.

Screen Saver Password - When you have this setup, and the Mac goes into screen saver mode, you will need a password to regain access to the Finder. This is great for laptop Macs.

Bootup Login - The simplest restriction to MacOS X, your user password is required upon bootup.

Bootup Login: Shutdown & Reboot Restricted - In the Security window of the System Prefs pane, you can remove the shutdown and reboot commands, so that a theft cannot boot it into a System CD/DVD disk, and change your user password, therefore gaining access to the whole OS.

Data Security

File, Folder & Disk Permissions - With file and folder permissions you can severely restrict what is available to other users and ‘everyone else’ on your Mac. This is perfect for sensitive documents and general file access. A folder or file set to No Access will not allow anyone but the main user (with Admin) access to it.

FileVault - This is Apple’s answer to complete file security. So long as the files are contained in your User folder, then everything in it is protected by encryption. Remember, your password is all important to gain access to the User folder, without it, no one can get in it, not even you, if you forget it! See picture for details.

Secure Delete - This is one standard feature in the Finder that’s not given much publicity, it’s in the Finder menu, but is only active when you have something in the trash. Select this, and the file is overwritten many times, and therefore near-on impossible to retrieve intact again.

Network Security

File, Folder & Disk Permissions - As with Data Security, permissions can deny someone from looking into certain folders or files, especially when a folder or disk is shared over a network. Useful for specific restrictions. See the Get Info pictures for more details.

Sharing over a network or internet - Again, sharing your folders, disks can be restricted by permissions, but it can also be restricted by login access from other computers on your network. A login that requires a password is often the case when you’ve set the permissions to disks or folders to a certain group of individuals, eg. admin access, and your firewall is active.

Firewalls - If you have a firewall activated, then you will have to go through a login window to access the Mac’s folders, depending on how yours is setup.

Internet Security

Email - As you may know by now, some spam are confidence scams or con-jobs, which are based on you trusting whatever they say. Two of these classic types of scam emails are the Nigerian letter wanting you to bank millions of dollars into your account - as if! Second one; an email that is supposedly from your bank, asking to check your details via their web link - don’t, both are wanting your money, either by pure deception or by obtaining your passwords, that you supply. Ignore all these types of emails, and get yourself an anti-spam program, as listed below.

Web Browsing - If you want to shop safely on the internet, pay close attention to the padlock icon that should appear on the top right of Safari’s window, this indicates that this site has now gone into a secure encrypted mode. This allows you to enter and send sensitive information about your card details which cannot be read by someone intercepting this information, basically it means your safe. You can also check the kind of security encryption certificate the website is using by clicking on the black padlock icon, this will bring down a window detailing the certificate in use - see these pictures for more info.

Hardware Firewall - A hardware firewall is normally found in a DSL modem, however they vary in degrees of strength, some just hide their IP address and others have more advanced firewalls. Best thing to do is get a software app and one built into the modem - double protection!

Apple’s Firewall - There are a number of different types of firewalls in the Sharing prefs window, varying from internet, network and Apple’s Remote Desktop feature. It’s highly recommended that you turn on these when sharing something on the internet.

Other Firewall Applications - There are a number of separate Firewall programs for the Mac, eg. from Symantec and Intego, have good applications for very strong Firewalls.

Anti-Spyware - It’s also a good idea to have some kind of protection against Spyware, where hackers attempt to gain your passwords and ID codes for online mailer companies and banks. This usually is included with the Firewall application.

Getting Rid of Spam

There are three main methods to filter, block or remove spam:
1) Subscribe to a Hosted Email Protection Service, where your mailboxes are hosted at their site and not on an ISP’s server. This allows for accurate elimination of spam, and better recognition of good emails. Three sites do this type of spam catching: www.mxsweep.com, www.mailfoundry.com and www.barracudanetworks.com. However, you will have to pay for this service, but its not much, best to shop arround.
2) Use an anti-spam application, however these types of anti-spam still download the junk emails, but it filters them into a special spam folder or whatever for you to look at and delete. Since these applications often learn from scratch what it’s downloading from the word go, they’re not entirely accurate in the first month or two, but they get better the more you teach it.
3) Setup your own default spam collection mailbox via your ISP. This will only work if your ISP allows you to have more than 1 mailbox, and it’s independent to the first one. All you have to do is have your current mailbox collect the normal email that comes in, usually spam, but filter off all correctly spelt email addresses to the other mailbox. It’s a kind of redirect mailbox, that way you can delete everything in the default mailbox and just download the contents of the second mailbox to your email program.

Internet Safety

Emails
1) Never, and I repeat never, try out any web URL or link from an unknown sender, it’s usually spam, and/or it’s a fraud or con. You can nearly always tell a con-artist's web link is false, because there is some difference in the spelling of the web page, or it uses a string of numbers as the web address. On certain false web addresses it doesn't use 'https:' which the real web site does use, eg. ‘https://www.paypal.com’.
2) Never believe what an email from an unknown sender is telling you, it’s often a too good to be true type of lie, or even if it sounds perfectly realistic proposition, there is usually a catch, and that is nearly always that you have to send them money first. Don’t trust them, they’re just trying to con you out of your money.
3) Setup Firewall and Anti-Spam programs, these will protect you from hackers and unwanted emails.
4) Never click on a spam’s “if you want to unsubscribe...” URL link, that is a con in itself. You will only get even more emails from these spammers, because now they have your correct email address!

Web Surfing
1) When shopping online, make sure you use well known online shops, eg. Amazon, or even better, trusted stores that you’ve used before, and have not swindled you.
2) Make sure an online store uses encryption (the padlock on top right - see picture) when sending your info.
3) If you’re free to view any type of web page, be aware of confidence tricksters/scamming web sites. As explained in the Email Rules no.2 above, all they want is your money. So ignore them.
4) If you have kids, make use of a Parental Control application, or use Apple’s parental controls in the Accounts window of the System Prefs, to prohibit surfing onto certain types of web pages. See software below for guidance.

Security Software

Firewall, Anti-Virus & Anti-Spyware Applications
Norton AntiVirus by Symantec (www.symantex,com), is obviously an anti-virus program.

Norton Internet Security by Symantec, is a suite of programs: anti-virus, privacy control, firewall and parental controls.

Norton Personal Firewall by Symantec, an all round firewall application.

Norton Confidential by Symantec, guards against identity theft, namely anti-spyware and other types of fraud prevention.

Internet Security Barrier by Intego (www.intego.com), features a suite of programs: Anti-Spam or Backup, NetBarrier (firewall & anti-spyware), and VirusBarrier (anti-virus).

The DoorStop X by Open Door Networks (www.opendoor.com), is a dedicated firewall app.

WaterRoof by Hanynet (www.hanynet.com) is a freeware open source firewall application, and pretty advanced too.

Anti-Spam Applications
Personal Antispam X4 by Intego (www.intego.com) is a commercial app - I use it, it's good, but you have to subscribe to make full use of it's spam catching capabilities, after first year of purchase. You can use it with Apple Mail or MS Entourage.

Spam Sweep by Bains Software (www.bainsware.com/products/), is a email & spam filter which downloads all emails and sorts them into good or spam folders.