This is the final part of my series on my transition from a Windows environment to a Mac. This week I talk about security issues.
Here are the first four installments in the series:
- The saga of me and my new Mac: Conception and delivery
- Me and my new Mac- The terrible twos
- Me and my Mac- Learning to talk
- Me and my Mac- What does it take to get out of the box?
As an experiment, I decided to see how long a "naked" Mac would last on the Internet. What I have discovered is that I haven't got an answer yet.I will preface this by saying that any time you're on the open Net, you should be using AV and a firewall at a base minimum. In other words, DO NOT TRY THIS AT HOME!
When I set the Mac up, I created two accounts. An Administrator that can do anything and a User that can do almost nothing. When I am on the Net, I am most commonly in the User account. If I need to do something that requires an elevation of privilege, I can go to the Terminal and sudo to Admin for the task I want to do. This is similar to the way that Vista works, I believe.
On a Windows box, I would never dream of taking a limited User account to the Web and surfing without both a hardware and software firewall and anti-malware protection. I would be infected pretty quickly if I did. But I wanted to find out what would happen if I did exactly that on a Mac. My reasoning was simple. I had nothing on the box, not even my mail. I had disks for anything that I installed, and I had my OS disks. If (thinking when) anything happened, the machine was under warranty and I could just wipe and reload.
I have been on this machine since 11/5/07. My 90 days are up on 2/5/08. So far, so good. No virus attacks, no malware. I don't even get spam anymore.
As a side note, I will be putting up additional defenses before this goes to post. I'm intrepid, not stupid!
The point is this, securing machine has been dead easy. I just turned on the built-in firewall and let her go. This tells me that I am either not a target, or I'm reasonably safe.
Security through obscurity is not a guarantee of safety. It shouldn't be. I believe that it is very important to know what your risks are and to mitigate them properly. Please see capitalized warning above. That said, the point of the experiment was to try to gauge just how vulnerable a Mac in the wild is.
In listening to Mac forums, I discovered people who got their first taste of a virus after Boot Camping their machines to run an XP partition. While the Mac side of the machine might have been safe, the XP side had to be protected. This is not a bad thing as it is teaching Mac users to be more secure in their habits.
I recently posted about a report released from Sophos warning Mac users to be aware that as marketshare grows, the threat from crackers grows too. Late last year saw a Trojan for the Mac and there are doubtless others to follow. If you're using a limited account, getting through your defenses should be more difficult since it would require an action on your part.
There are a number of security features that are native to the Mac that help to keep you safe. My favorite of these is the Secure Empty Trash. As in Windows, merely tossing something in the Trash and emptying the trash doesn't mean that the item is gone forever. It CAN be recovered if one is diligent. But Secure Empty Trash will overwrite the files several times. Is this a guarantee? Nope. But it is one step closer.
Another tool on the Mac is the ability to create a secured area of your hard disk that is a password protected "image." You see it on your desktop as a hard drive icon that, when clicked, will require the password you've set to access. This means that I can create an area that I can put sensitive data into and access as I need to, knowing that if someone else accesses my Mac, that data will remain secure.
Another thing that I find I use more and more is the Keychain. This is a password repository that is tied to the User account. If I am in the Admin account, I can access only those passwords associated with that account. If I am in the User account, I access only those passwords associated with the User account. While I can use any password I need to, having Keychain tap me on the shoulder and tell me that the password hasn't been set for that user is a good reminder of who I am and what I am doing. Theoretically, looking at my Airport status or at my network cable would do the same thing but I'm managing to the senility challenge too. Keychain doesn't let me make mistakes. Like going out to the Internet in the Admin account.
As I mentioned, this is the last in the series on my Mac. But not the last of the blogs. Last week I asked people to tell me what they would like to see moving forward. One reader said that he was interested in the difference between command line in the Terminal and UNIX or Linux command line. Next week I will be looking at those differences and hope to provide you with some reference material so you know what to do when you find yourself with a blinking cursor in a place that looks nothing like DOS.