If you recently acquired an Apple Mac computer there are several simple steps you can take to protect your new machine, and all of the valuable information you will be storing on it. (The reference to Part 3 in the title comes the fact that this is the third in a series of platform-specific security guides, starting with protecting Windows computers, written by Aryeh Goretsky, and continuing with the security of new Android devices, by Cameron Camp.)
But what’s that you say? Macs are not like Android or Microsoft devices, Macs are built to be secure, so you don’t need to worry about security? I certainly agree that Apple has done a stellar job of protecting Macs from a wide variety of threats but 100% protection is widely acknowledged to be technically impossible. Furthermore, some of Mac’s protective measures are not as immediately obvious as you might think. In this article we present some security tips that can make your Mac even safer. Here’s the short version:
Now let’s look at each of these in more detail. (Note that the Mac in the picture, which is my personal Mac, is red because I put a protective shell on it, there is no deeper meaning implied.)
What’s the worst thing that can happen to your Mac? You might think physical damage, like the destruction of the whole machine, including hard drive. But someone stealing your Mac might be worse. Why? Well that’s the difference between:
1. Destruction impacting access to your data (loss of availability) which can be costly in terms of lost productivity but does not expose your data to prying eyes, and
2. Theft impacting control of your data (loss of confidentiality and integrity) which can lead to a wide range of abuses of that data, for example, someone with access to your computer can probably take over some of your accounts (banking, shopping, email, social media, and so on).
However, if you can restore your software and data from backup copies onto a replacement machine, then you can recover from the physical loss of your Mac, whether it was stolen or destroyed. Apple provides several restoration and recovery options for Macs, but you need to understand them to make the most of them, and there are a couple of extra steps you might want to take.
If your new Mac comes with OS X 10.7, also known as Mountain Lion, then it also comes with OS X Recovery, technology that will enable you to restore the operating system without using repair disks. However, there are some limitations. As the name suggests, OS X Recovery restores the operating system. It does not restore the apps and data that you have added to your Mac since you first turned it on. Furthermore, you may need an Internet connection to make OS X Recovery work, and by that I mean either a very high bandwidth Internet connection or a more normal connection + a lot of time to spare. Here’s how you get around these limitations:
A. Create and maintain a full backup of your Mac on an external hard drive: Fortunately this is very easy to do if you combine the Time Machine software that comes with your Mac with the first very accessory you should buy for your new Mac: an external USB hard drive of 500 gigabyte capacity or more, which you can get for under $100. As soon as you plug this drive into your Mac, the Time Machine software will lead you through the backup process. (Whenever my own MacBook Pro is sitting on my desk at home, I plug in my Time Machine drive and enjoy knowing that it is automatically updating its archive of all my files.)
B. Make a recovery optical disc or USB flash drive: Gone are the days when Macs came with a set of optical discs that you could use to restore the operating system or revert the machine to its original state (something you might want to do if you decide to sell your Mac). Now you must rely on the restoration data that comes installed on your Mac’s internal drive, or download the system files via an Internet connection to Apple. Unless of course you make your own recovery media. This is my preference because I have seen too many internal drives die, and I often find myself in places with less than stellar Internet connectivity.
The instructions for making a bootable DVD to restore OS X, or a bootable USB flash drive, are widely available at sites like Ars Technica. The lack of an optical drive on many newer Macs makes the USB drive option preferable. Of course, it is also possible to use an external hard drive for recovery (Apple has this approach covered byRecovery Disk Assistant).
Firewalls are one of the basic ingredients in network security and your new Mac is almost certain to be part of a network (hint: the Internet is a network). A firewall exercises control over the traffic between the network and your computer and helps to keep the bad stuff out. Apple includes a firewall in OS X but it might not be turned on by default. Here is the setting in System Preferences; be sure you change yours so that the firewall is On,
One of the biggest risks to any computer system is bad guys exploiting holes in software to steal your data or install their malicious code on your machine. These holes are usually patched by the software maker but the process for getting those patches or updates onto your computer has yet be perfected, although Apple has been doing some good work in this area.
Making sure you have the latest versions of approved software is something you should do when you first set up your Mac, and then frequently thereafter. Get to know the menu item called Software Update on the Apple menu. Selecting this will simultaneously load the App Store and initiate a scan of your current software to see if any of it needs updating.
Malware is malicious software, which includes computer viruses, worms and Trojan code. While there is not a ton of malware written to target Macs, there is enough for many experts, myself included, to argue that operating your Mac without anti-malware software has simply become too risky. If you are skeptical, I suggest you read about theFlashback outbreak last year.
Unfortunately, the habit of referring to anti-malware software as anti-virus seems to confuse some Mac owners, possibly because so many people used to repeat the erroneous statement that Macs can’t catch viruses. A variation of that phrase, “Macs can’t catch PC viruses” is true, but even that obscures the fact that Macs can spread PC viruses, a matter that should concern any organization using a mix of Macs and PCs.
One simple security feature that a surprising number of Mac enthusiasts overlook is password protection. Nobody should be able to use your Mac without entering the correct password. This precaution gives you an added layer of protection for your data should your Mac fall into the wrong hands. Apple has a very good page about how topassword protect your Mac.
When it comes to Mac security, some “helper apps” are a sore point because they may introduce vulnerabilities that arguably are not Apple’s fault. For example, unless you were on vacation in Tibet for most of 2012 you will have heard of the Flashback Trojan (actually, even if you were in Tibet you probably heard about it because there is an interesting Tibet-Mac-malware connection). The Flashback Trojan made its way onto some Macs through a fake Adobe Flash Player installer. Other attacks have exploited unpatched vulnerabilities in another helper app: Oracle Java.
At the time of writing, Apple does not ship new Macs with Flash or Java installed. I suggest you avoid installing them unless you absolutely must use them (some online services require Java and some websites require Flash to work as designed). If you find Java or Flash plugins are on your Mac and you are not aware of putting them there, remove them. Michael Horowitz at ComputerWorld has a good article on the status of Java.
You can learn even more about protecting your Mac by staying tuned to this blog (there is a handy email subscription box in the top right corner of this page). Also, you can visit ESET at MacWorld in San Francisco later this week (Booth #423) and at the parallel event for IT professionals who work with Macs, the MacIT Conference (one of ESET’s experts will be speaking there). In a few days we will be blogging more about Mac malware and we have a short podcast on security for your new Mac that we recorded for the holidays. (There are also Malware Report podcasts on Android and Windows security.)
If you have Mac security tips or suggestions, please reply with a comment and let us know, we’d love to hear from you.
Author Stephen Cobb, ESET