If you recently acquired an Apple Mac computer there are several simple steps you can take to protect your new machine, and all of the valuable information you will be storing on it. (The reference to Part 3 in the title reflects the fact that this is the third in a series of platform-specific security guides, starting with protecting Windows computers, written by Aryeh Goretsky, and continuing with the security of new Android devices, by Cameron Camp.)
But what's that you say? Macs are not like Android or Microsoft devices, Macs are built to be secure, so you don't need to worry about security? I certainly agree that Apple has done a stellar job of protecting Macs from a wide variety of threats but 100% protection is widely acknowledged to be technically impossible. Furthermore, some of Mac's protective measures are not as immediately obvious as you might think. In this article we present some security tips that can make your Mac even safer. Here's the short version:
- Backup your Mac with Time Machine
- Create a restore disc or flash drive
- Make sure you are firewalled
- Update your software
- Install anti-malware software
- Password protect on startup and wakeup
- Unplug risky plugins like Java and Flash
Now let's look at each of these in more detail. (Note that the Mac in the picture, which is my personal Mac, is red because I put a protective shell on it, there is no deeper meaning implied.)
Avoiding restoration drama and backup downers
What's the worst thing that can happen to your Mac? You might think physical damage, like the destruction of the whole machine, including hard drive. But someone stealing your Mac might be worse. Why? Well that's the difference between:
1. Destruction impacting access to your data (loss of availability) which can be costly in terms of lost productivity but does not expose your data to prying eyes, and
2. Theft impacting control of your data (loss of confidentiality and integrity) which can lead to a wide range of abuses of that data, for example, someone with access to your computer can probably take over some of your accounts (banking, shopping, email, social media, and so on).
However, if you can restore your software and data from backup copies onto a replacement machine, then you can recover from the physical loss of your Mac, whether it was stolen or destroyed. Apple provides several restoration and recovery options for Macs, but you need to understand them to make the most of them, and there are a couple of extra steps you might want to take.
If your new Mac comes with OS X 10.7, also known as Mountain Lion, then it also comes with OS X Recovery, technology that will enable you to restore the operating system without using repair disks. However, there are some limitations. As the name suggests, OS X Recovery restores the operating system. It does not restore the apps and data that you have added to your Mac since you first turned it on. Furthermore, you may need an Internet connection to make OS X Recovery work, and by that I mean either a very high bandwidth Internet connection or a more normal connection + a lot of time to spare. Here's how you get around these limitations:
A. Create and maintain a full backup of your Mac on an external hard drive: Fortunately this is very easy to do if you combine the Time Machine software that comes with your Mac with the first very accessory you should buy for your new Mac: an external USB hard drive of 500 gigabyte capacity or more, which you can get for under $100. As soon as you plug this drive into your Mac, the Time Machine software will lead you through the backup process. (Whenever my own MacBook Pro is sitting on my desk at home, I plug in my Time Machine drive and enjoy knowing that it is automatically updating its archive of all my files.)
B. Make a recovery optical disc or USB flash drive: Gone are the days when Macs came with a set of optical discs that you could use to restore the operating system or revert the machine to its original state (something you might want to do if you decide to sell your Mac). Now you must rely on the restoration data that comes installed on your Mac's internal drive, or download the system files via an Internet connection to Apple. Unless of course you make your own recovery media. This is my preference because I have seen too many internal drives die, and I often find myself in places with less than stellar Internet connectivity.
The instructions for making a bootable DVD to restore OS X, or a bootable USB flash drive, are widely available at sites like Ars Technica. The lack of an optical drive on many newer Macs makes the USB drive option preferable. Of course, it is also possible to use an external hard drive for recovery (Apple has this approach covered by Recovery Disk Assistant).
Make sure you are firewalled
Firewalls are one of the basic ingredients in network security and your new Mac is almost certain to be part of a network (hint: the Internet is a network). A firewall exercises control over the traffic between the network and your computer and helps to keep the bad stuff out. Apple includes a firewall in OS X but it might not be turned on by default. Here is the setting in System Preferences; be sure you change yours so that the firewall is On,
by Stephen Cobb ESET Security Evangelist