security@mac revisited

Christmas time is here and many folks find time to use their macs at home to get in touch with relatives and friends around the world. They chat and use facebook or organize their photographs including the loads of new ones taken at one of the family gatherings. In my experience this is equally high time for spammers and scammers and all the unpleasant company the digital planet has in hold for us. So let me quickly outline the necessary preparations for mac users to make it hard for intruders and cons to take control over your identity or bank account. Be aware however, that for your mac in your office additional precautions or a separation from your home activities might be indicated.

First, if proper attention is given to the computer administration and rules of good conduct (apply updates!) are followed with respect to “sanitation”, the mac is still a safe computer system. Computer attacks directed at macs might still be less frequent, but in recent times their abundance has grown to an extent that might make it increasingly interesting to design such a specific intrusion.

What needs to be done to stay in control of your digital life?

First, use a strong password. 15 digits are no exaggeration. Do take the recommendation serious that your password should not contain any syllables that can be found in a dictionary. Not to mention that one should avoid the use of any personal information that can be gathered by browsing through social networks or directories. The birthday of your children is no real secret for instance; mine have their own facebook account to mention just the things I know …

A good password is derived from a sentence that you can remember for some reason. Excellent is an unsuspicious line that you can find again to reproduce your password in case you forgot it. The lyrics from a song maybe or a warning in the elevator you use every day. Use just the first letters, capitalized if they are, in your sample, include punctuation, replace some letters with numbers and add a special character that makes sense. For the choice of the latter you might stick to one that doesn’t change its position with different keyboard layouts and is available on devices with reduced or less handy input capabilities like the iPhone (e. g. .,;:).

Next let me remind you of another few security settings that make sense in everyday work space: Don’t work as an administrator. The mac makes it easy for you to provide the administrators credentials only when you are asked to and hence pay attention to what you are doing at that moment. You might even use the same password as long as your admin account is just stored locally. www.safeit.ethz.ch will soon have an educational and fun cartoon ready to advertise this simple but effective measure.

Only turn on services (functions) that you really use and restrict access to as few users as possible. You can do this in the sharing pane of the system preferences.  Don’t allow remote login unless you know what that is, and if you do, establish a user for just this purpose. Turn off computers that you don’t use (holidays). Shut down they cannot be attacked and they don’t waste electrical power.

If you have done all of the above, then it is unattractive to hack your user account. There is no better insurance than having easier targets available next to your own in the network.

I recommend the use of a malware scanner (Antivirus) on every mac. Sophos is a good choice, which is available at no charge from IDES and also as a free home edition that is functionally identical, but comes with less support. This software doesn’ t slow down your mac nor does it interfere with the installation process (anymore), which is why it is a good Idea to have it running permanently in order to allow for automatic updates of the virus-database.  It is a better protection against (future) threats on the mac, but particularly it prevents your in this respect ignorant mac from spreading windows malware.

A special blog will have to be devoted to the increasingly abundant virtual windows installations on macs. They require the same attention as any physical Windows computer. If you cannot provide that care and do not have your virtual machine connected and updated as frequently as every two weeks minimum, then you should consider other ways to satisfy your need for windows software. This blog on virtual machines should perhaps be written by someone else, however, because right now I am not sure if I would stand the test.

Posted on
in Mail, Web, Passwort, Applikationen, Software, Arbeitsplätze, Support