[Hidden-tech] MAC Security

[Chris Hoogendyk]

Cynthia Roderick wrote:
>  Not long ago, someone indicated that the belief that Macs are secure
>    may not be true...
>    Although I've had no problems that I know of, I'll soon be ordering a
>    new Mac and am wondering what is the best approach to security?
>    Thanks much in advance,

The *vast* majority of the security problems and serious intrusions that 
we see (and hear about across campus) are windows machines. Macs give us 
almost no trouble at all. However, that does not mean you are home free. 
Security has become a very complex issue and has become more dependent 
on the behavior of computer users. This is because firewalls and other 
blocking behaviors have become more standard, and so those who want to 
intrude try to get the computer user to do something that overrides 
those protections -- clicking on a link, allowing a script to run, 
opening an attachment, etc.

I use Firefox for browsing and reserve Safari for sites I need to access 
that just won't work with script blocking. Then I use a couple of 
add-ons for Firefox -- noscripts and web of trust. NoScripts blocks 
absolutely everything and then gives you a menu at the bottom where you 
can allow particular sites either temporarily or permanently. It's a 
pain sometimes, but it means that you are secure from clicking on links 
that try to run scripts that try to download or install stuff on your 
computer, and that can happen with supposedly reputable sites if their 
web site has been hacked.

I have been wanting to get Rosetta Stone for my daughter. It's very 
expensive. I got an email that looked legitimate that was offering it at 
about 10% of the normal price. Since it was an unsolicited email, I did 
a web search. I found the same site. When I clicked on it, web of trust 
popped up a window saying that this was a site known for scams and 
malware and gave me the option of backing out or going ahead. That's 
nice to know. If I had gone ahead, I would have had a second line of 
protection in noscripts.

I don't run any Microsoft software. Period. That can be a problem for 
some people, but I've found that OpenOffice can open almost everything I 
ever get that I need to open.

Make sure your firewall is on and your sharing is off. That's pretty 
much the default, but check it anyway.

If you are getting a laptop and using it in public settings, then there 
is more to worry about. I don't have that situation, but I saw recently 
an addon for Firefox that was something like https by default. What it 
did was use a database of major web sites that have secure connections. 
When you enter a non-secure connection, it would automatically use the 
secure connection instead. I would be inclined not to do anything that 
involves the exchange of passwords or any kind of sensitive information 
from a public wireless connection.

I don't think any of the Mac virus protection software is worthwhile or 
necessary.

Lots more, and I'm sure others will have things to add.

If you want to do some browsing and additional reading, check through 
some of the tips here: http://www.us-cert.gov/cas/tips/.


-- 
---------------

Chris Hoogendyk

-
   O__  ---- Systems Administrator
  c/ /'_ --- Biology & Geology Departments
 (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst 

<hoogendyk at bio.umass.edu>

--------------- 

Erdös 4