The switcher's backpacker: security

I hesitated to publish this ticket. In fact, I started to write it now three weeks ago. It turns out that since many articles have come to feed the information about the security of the MAC but also of the iPhone. Especially to explain the important holes present in MacOS and Iphoneos. In the end, I decided to publish it as is, knowing that I do not think I said any nonsense in relation to the latest data. At the end of the article you will find links to the latest articles available in order to get a better idea.

Let's be clear, a Mac is safer than a Windows PC! But let's be honest too, this finding is not necessarily related to the quality of the system but more to the fact that Mac OS being less common than Windows, the Pirates are much less interested. These findings will of course be likely to change if Apple continues to take market share.

So, what about security on the Internet, what particularism compared to Windows?

Risks related to the Internet

The Antivirus

First of all, if you've just bought your Mac, you're obviously using the latest version of the Snow Leopard system. It is important to know that the system has an integrated antivirus software made by Apple even if it is anecdotal and only offers protection against a handful of Trojans (two currently). There are basically four other antivirus solutions on Mac OS: Intego virus Barrier, Norton Antivirus, Kaspersky Antivirus, and the latest ClamXAV (free solution). Personally, and I say well personally, I do not use on my Mac any antivirus despite that I work in a heterogeneous environment with Windows PC. Between maintaining performance and the risk of viral infection, I chose (at least for now). It's up to you to see what you want to do. Kaspersky has just arrived in the Mac world with as main argument the desire to clean the Mac of Windows viruses, the latter acting as a healthy carrier infecting the rest of the computers in case of heterogeneous networks.

The firewall

If you have also looked at my tutorial introducing system preferences, you have therefore seen that Mac OS has a built-in way of a software firewall. The latter provides basic protection but does not allow for fine tuning. As I also said in my tutorial, I have at home a hardware firewall on my network, so I disabled this feature. On Mac, we find these firewalls: VirusBarrier, Little Snitch, DoorStop X Firewall, IPNetSentryX, Norton Internet Security and WaterRoof (as well as NoobProof for not taking the lead) free and which to the advantage of using the Firewall built in MacOS in Simply adding a more powerful tuning interface. It's up to you to see which solution and what protection you want for your Mac, knowing that any firewalls installed on your computer will slow down the machine. Personally, I activate the firewall of Mac OS using NoobProof when I am forced to connect to a public network in WiFi. That is enough for my peace of mind. The other solutions are reminiscent of the gas factories of the Windows world outside perhaps of LittleSnitch which is I find the best integrated but that will slow down anyway your machine.

Parental control

Securing access to the Internet for children is ensured by parental controls built into system preferences. I refer you to my video tutorial to discover this feature. Apart from the integrated solution, you will find Intego's commercial software "ContentBarrier" or the solution proposed by XOOLOO with an annual subscription. Personally, I have not yet needed to activate these solutions but it seems that to start, the solution integrated to the system is sufficient. Otherwise Xooloo seems the most accomplished and the easiest but expensive.

Other risks

Regarding other risks on the Internet (phishing, spam…), you are as much subject to these risks on your Mac as on Windows or even Linux. It is up to you to pay attention to your use of the network without forgetting that the biggest Bug or the most serious fault is always between the keyboard and the back of the chair.

Passwords

A last word on horse software between this chapter and the following on securing the data: passwords. MacOS X contains a password manager, keychain Access, which holds your valuable data and unlocks it at will with your session password (still need to have one, see below). Simple Solution But in my opinion a little risky, because if attack there must be it would rather be on this software. Plus, it's a bit limited in its features. I prefer him so 1Password, paying but that was really worth the investment as it simplifies my life. 1Password integrates perfectly with Firefox and Safari, it allows an automatic capture of your IDs by acknowledging the address of the site visited, it generates complicated passwords to wish, manages the licenses of your software, the credit cards ( Honestly, I didn't pass it) all encoded by an AES key of 128 bits. Final refinement, it exists for IPhone and syncs with my MacBook. In short, thanks to him, I only use complex and different passwords for each site without being obliged to retain them. Other software of this type exists as the very good KeePassX that exists on many platforms but whose integration and functionality are far below 1Password.

Data security is important too!

The Internet is not the only source of theft or loss of your data. So obviously, your MAC is installed at home, that you are alone, without children able to put all of your data to the trash and empty it (lucky va!), with a system of redundant backups of your disks, no worries. If not…

User Sessions

First, if you are several to use a MAC, set up a per-user session without necessarily protecting it with a password but at least you won't risk seeing Sonny or grandma throwing away your last job that was carelessly dragging on The office. Mac Os perfectly manages multiple users by easily allowing exchanges between everyone while locking perfectly (well not really but will see further) your personal data. So with or without password but at each its session. Of course, access can be protected by a password if you want to protect your data from a user you don't trust. This strategy will have to be put in place with your children if you want to use the parental controls built into the system. This is because the control is activated by the administrator (you) on a given account (your child). It is quite obvious that if your account is accessible without a password, your monsters will soon make to choose which session to open….

As I said a little higher, this strategy is not foolproof. Indeed, there is a simple procedure to reset/change the administrator password without knowing it. This procedure, set up by security to find a forgotten password and described here, seems to me a bit light, because the one that changes the administrator password can secondarily modify the user passwords and therefore access All the data. So be careful who accesses your computer.

Data backup

Each one's session is fine, but still need you to properly store your files. For several reasons, including maintaining your computer's performance, it is best to avoid leaving documents on the desktop even if they remain protected and linked to your session. On the other hand, we have seen it in the description of the Finder, it is imperative to save your files in your personal folder (the one that looks like a house) and never elsewhere. The advantage: by selecting a single folder in a backup utility, you will back up all of your data.

I will not describe here all the backup solutions offered on Mac OSX (from "Time Machine" all integrated with the excellent "Carbon Copy Cloner" free and efficient or the complete but paying "TRI Backup" and many others). I'll just say a word of the material. The Time Capsule solution proposed by Apple is in my opinion too limited and still unsecured (only one hard drive). Personally, I invested in a small NAS with two mirrored hard disks (allows if a disk crashes to recover the data on the second) and performs my backups directly through my internal network. Most NAS offers a feature using "Time Machine" that greatly avoids head shots even if I personally use Carbon Copy Cloner.

In conclusion

This is a safety overview on your MAC. Honestly, no big worries to have from the Internet provided you are careful in its use. Of course, this is only my opinion, each one according to what he controls or the risk he accepts to run will put in place the appropriate solutions. Be careful to protect your personal data from others but also system incidents. The majority of Macs are mono hard drive machines. Properly back up your data, a disk crash that can occur at any time, leaving you, from experience, completely destitute.

Promised thing, here's a little update about security on Mac, I refer you to these links here and here (thanks to macgeneration.com). It's up to us to put pressure on Apple to change things!


Leave a Comment

libero diam dolor Praesent dolor. mattis Curabitur amet, mi,