Basic beginner's security for a new mac owner
davem...@dontreg.com
My name's Dave, I don't know too much about computers, but I recently
ordered a MacBook Pro for editing some music and video I have. I have
a question, thanks for reading this dudes, just what are the basic
fundamentle things I need to do to keep the bad stuff away, like
viruses and hackers and stuff like that? I don't need to be paranoid
or anything, but basically if something goes wrong I'll have a hell of
a time fixing it, so I need to take basic precausions, you know what I
mean? Anywa, if you could give me the down low on what to do to
protect myself, it would be really cool. Thanks dudes, also, if I
need to shell out a little extra bucks for extra software or hardware
I guess I'm down with that, so if you got any recomnmendations that
would be cool too. If you want a link to my music, I'm working real
hard on it but my friend Steve is writing his disertation so I can't
use this computer too much if you know what I mean.
rock on!
Dave M.
Mamamia
davem...@dontreg.com wrote:
Buy yourself a router. Set it up with the firewall included. Forget all
the other stuff.
--
"You can't fix stupid." -- Ron White
"If the rich could hire other people to die for them,
the poor could make a wonderful living."ハ
Yiddish Proverb
Bill
Some general recommendations:
Keep your brain engaged when using the computer. Don't do stupid things,
such as respond to phishing (criminals posing as legitimate businesses or web sites trying to get
your personal information such as credit card numbers, security codes,
Social Security number, etc.) (Of course this applies equally to
telephone calls, paper mail, and face-to face contact with swindlers.)
Attend to physical security. Use a computer security cable to lock your
computer to the desk or other solid object. Carry it in a sturdy bag,
that is not easy for a thief to grab and run off with. Keep it with you
or securely locked up.
Make your main user account a Standard account, without Administrator
privileges. The computer has to have an Administrator account, but that
does not have to be your main user account. Use the Standard account for
all your routine work. Both accounts should be password-protected.
Whenever you try to install an application program the computer will ask
for the account name and password of the Administrator account before it
will install the application program. To set up different accounts and
privileges, go to System Preferences >> Accounts.
Turn on the Firewall that is built into Mac OS X, unless you are
connected to the internet by way of a router with a firewall, in which
case you may not need to have the OS X firewall turned on. To set up the
OS X firewall and other sharing features, go to System Preferences >>
Sharing. For the Router firewall, see the instructions for your router.
Exercise good sense with regard to installing application programs. DO
NOT install any application program unless you are sure it is from a
trustworthy source. For this one, keep your brain engaged.
Require a password to wake from sleep or screen saver. Go to System
Preferences >> Security.
Keep the Keychain locked when not in use. Set the Keychain to require a
password, and make that password different from your account password.
Go to Applications >> Utilities >> Keychain Access.
Use strong passwords, that are not easy to crack. Apple has some
guidelines on strong passwords.
To protect sensitive files from unauthorized viewing, you can use FileVault to encrypt your entire home folder, or use an encrypted disk image to
hold the sensitive files. For FileVault, go to System Preferences >> Security. For encrypted disk images, go to
Applications >> Utilities >> Disk Utility. Be aware that if you forget
the password for either of these, nobody including you will be able to
get at those files, so your data is lost forever.
For all of the above, see the on-screen Help file for details. All these
features are built into your brain or into Mac OS X, with no need to buy
any other software (You do have to buy the computer security cable and
the sturdy bag).
Some people like the program Little Snitch, which alerts you when the
computer tries to send messages to the outside world. This is
inexpensive shareware.
If you use wireless networking, use password-protected encrypted
transmission. See the instructions for your wireless router on how to do
this.
Use SSL (Secure Socket Layer encryption) for email. This is not
available with all email services. Apple Mail, which is the built-in
email client on your Mac, can handle this.
There are no viruses for Mac OS X in the wild, mainly because OS X is a
secure operating system that always asks the user before it installs any
application program. The user can be stupid and install an untrustworthy
program, but nothing gets installed without the user knowing it. The
best anti-virus program you can possibly get for any personal computer
is Mac OS X combined with your brain being turned on.
If you plan to run the WIndows operating system on your Mac, by any of
the several methods available, and you plan to use Windows on the
Internet, you WILL need anti-virus software for the Windows side. The
best advice is do not install Windows on your Mac unless you really have
to.
--
For email, change <fake> to <earthlink>
Bill Collins
J.J. O'Shea
(in article <1192103667.6...@50g2000hsm.googlegroups.com>):
1 get a router
2 get Little Snitch
3 turn on the OS X software firewall
4 turn off file sharing
5 make sure that you keep current on updates
There are no current Mac viruses in the wild. The last serious Mac malware
outbreak was the autostart worm, from 1998, and that one won't work on OS X,
even if it were still in circulation, which I don't think it is. There is no
Mac spyware (other than Microsoft and Adobe software, and Little Snitch stops
them from calling home unless you want 'em to be able to call home) and even
MS Office macro viruses either don't work on Macs period or are stopped by
the built-in defences in newer versions of Office or both.
--
email to oshea dot j dot j at gmail dot com.
Bill
<bbcollins-CC1DB...@032-478-847.area7.spcsdns.net>,
Bill <bbco...@fake.net> wrote:
Very important:
Back up your data to external media. I recommend an external Firewire
hard drive. Do this faithfully. Ideally, you would store the backup
drive in some location other than the computer, so that a single
disaster (the house burning down, for example) will not destroy them
both.
Gregory Weston
> Hey Everyone:
>
> My name's Dave, I don't know too much about computers, but I recently
> ordered a MacBook Pro for editing some music and video I have. I have
> a question, thanks for reading this dudes, just what are the basic
> fundamentle things I need to do to keep the bad stuff away, like
> viruses and hackers and stuff like that?
Step 1: Use a Mac. And you've apparently got that covered.
Step 2: When the Mac shows up, assuming you've bought it new, it'll walk
you through initial setup and creation of the first user account. If
you're buying it used, make sure you get the installation media; wipe
the drive and reinstall the OS and you'll end up at the same starting
point. Pick a good password for the first user, because it's fairly
powerful.
Step 3: Once the setup is finished, the first thing you should do is
create a new user that does not have the right to administer the
machine. Then log out of the first (admin) account and log in using that
new one. Use the new account for day-to-day stuff. When necessary, such
as for software installation, authenticate as the admin user. Only log
in as the admin user when necessary; those situations should be rare.
Step 4: Don't double-click any documents you get in e-mail unless you
expected to get them. If you click a link in e-mail and it takes you to
a form, don't enter any passwords or personal information.
Step 5: Back up. At the very least get yourself an external HD that's at
least as large as the internal (preferably larger) and a copy of Carbon
Copy Cloner or Super Duper. Then use them. Do a test restore
periodically, because an untested backup is by definition unreliable.
<http://www.bombich.com/software/ccc.html>
<http://www.shirtpocket.com/SuperDuper/SuperDuperDescription.html>
G
dorayme
> Exercise good sense with regard to installing application programs. DO
> NOT install any application program unless you are sure it is from a
> trustworthy source. For this one, keep your brain engaged.
Is there some procedure that you follow to do these things? How
do you know when your brain is engaged or not?
--
dorayme
dorayme
> The
> best advice is do not install Windows on your Mac unless you really have
> to.
You can get very cheap separate winboxes and crt screens if you
must use Windows...
--
dorayme
Robert Haar
> In article <1192103667.6...@50g2000hsm.googlegroups.com>,
> davem...@dontreg.com wrote:
>
>> Hey Everyone:
>>
>> My name's Dave, I don't know too much about computers, but I recently
>> ordered a MacBook Pro for editing some music and video I have. I have
>> a question, thanks for reading this dudes, just what are the basic
>> fundamentle things I need to do to keep the bad stuff away, like
>> viruses and hackers and stuff like that?
>
> Buy yourself a router. Set it up with the firewall included. Forget all
> the other stuff.
Don't forget the all other stuff.
You may not need anti-virus software but that doesn't mean you shouldn't
practice safe computing.
Set up both an admin account and at least one user account (more if you
share the computer). Use the admin account only for system administration
activities. Log in under the user account for normal activities.
If you are using wireless networking, turn on WPA at a minimum.
You might also look at a recent MacWorld article on this topic
http://www.macworld.com/2007/10/features/lockup_main/index.php .
Jolly Roger
> Exercise good sense with regard to installing application programs. DO
> NOT install any application program unless you are sure it is from a
> trustworthy source.
TIP: A lot of software authors provide checksums that you can use to
verify that the file you downloaded to your computer is the exact same
file the author published. For example, Apple typically provides
checksums for the software you can download from their web site:
<http://docs.info.apple.com/article.html?artnum=75304#checksum>
--
Note: Please send all responses to the relevant news group. If you
absolutely must contact me through e-mail, let me know when you send
email to this address so that I can be sure your email doesn't get eaten
by pobox.com's ultra-aggressive SPAM filter.
Help improve Usenet:
* Learn proper Usenet etiquette:
http://www.dtcc.edu/cs/rfc1855.html
* Kill-file Google Groups:
http://improve-usenet.org/
JR
Bill
<doraymeRidThis-41F...@news-vip.optusnet.com.au>,
dorayme <dorayme...@optusnet.com.au> wrote:
1. Be aware of these considerations.
2. Stay awake. Don't do potentially dangerous things on your computer
when you are half asleep or otherwise incapacitated.
3. Back up your home folder (at least your home folder) regularly, so
that if you do something stupid (or you hard drive fails) you have a
chance of recovery.
Daniel Cohen
> There is no Mac spyware
True for all practical purposes, but not totally correct.
Because keyloggers can have a legitimate purpose, there are Mac
keyloggers freely available for sale.
But, short of your downloading something without checking what it is, or
letting an untrusted person have access to your machine, there is no way
currently of a keylogger being installed maliciously.
--
http://www.decohen.com
Send e-mail to the Reply-To address;
mail to the From address is never read
J.J. O'Shea
(in article <1i5v41t.1hi8yujf1ovuzN%dan...@f2s.com>):
> J.J. O'Shea <try.n...@but.see.sig> wrote:
>
>> There is no Mac spyware
>
> True for all practical purposes, but not totally correct.
>
> Because keyloggers can have a legitimate purpose, there are Mac
> keyloggers freely available for sale.
>
> But, short of your downloading something without checking what it is, or
> letting an untrusted person have access to your machine, there is no way
> currently of a keylogger being installed maliciously.
>
>
Point.
And Little Snitch will still pick 'em up when they try to phone home, so the
only way a keylogger could work undetected on a Mac would be if it generated
a file on the Mac for someone which physical access to pick up. If I have
physical access to your Mac (or WinBox, or Linux box, or whatever) and a few
minutes to work, it's over.
Tim Streater
J.J. O'Shea <try.n...@but.see.sig> wrote:
> On Fri, 12 Oct 2007 06:25:48 -0400, Daniel Cohen wrote
> (in article <1i5v41t.1hi8yujf1ovuzN%dan...@f2s.com>):
>
> > J.J. O'Shea <try.n...@but.see.sig> wrote:
> >
> >> There is no Mac spyware
> >
> > True for all practical purposes, but not totally correct.
> >
> > Because keyloggers can have a legitimate purpose, there are Mac
> > keyloggers freely available for sale.
> >
> > But, short of your downloading something without checking what it is, or
> > letting an untrusted person have access to your machine, there is no way
> > currently of a keylogger being installed maliciously.
> >
> >
>
> Point.
>
> And Little Snitch will still pick 'em up when they try to phone home, so the
> only way a keylogger could work undetected on a Mac would be if it generated
> a file on the Mac for someone which physical access to pick up. If I have
> physical access to your Mac (or WinBox, or Linux box, or whatever) and a few
> minutes to work, it's over.
So, apart from order, viniculture, roads, public health, and peace, what
have the Romans ever done for us?
J.J. O'Shea
(in article <tim.streater-9C95...@news.individual.net>):
They introduced garlic, stinky fish oil, and crosses...
And the right and proper way to retire irritating politicians. 'Tis a pity
that in these decadent times their example is not followed. Oh, tempora! Oh,
mores!
Richard Maine
> And Little Snitch will still pick 'em up when they try to phone home, so the
> only way a keylogger could work undetected on a Mac...
Well... you did leave out a rather hugely important part in saying that
"the *ONLY* way...". You implied it, for those who already know, but
then those who already know wouldn't need to ask.
In particular,another way is for the system to not have Little Snitch
installed. Yes, it is a nice utility. I happen to have it installed on
this system. But it is not a given that just because someone has a
Mac,it is installed. In fact, I'm quite confident that the large
majority of Macs don't have it.
Other ways would include managing to subvert Little Snitch, which is
certainly possible if one finds the right system holes (or fools the
user into typing an admin password for you, in which case all bets are
off).
I'm not saying that there is a big problem here that people should worry
about a lot. There isn't. But the "only way" part is just plain bogus.
--
Richard Maine | Good judgement comes from experience;
email: last name at domain . net | experience comes from bad judgement.
domain: summertriangle | -- Mark Twain
Fred Moore
J.J. O'Shea <try.n...@but.see.sig> wrote:
> On Fri, 12 Oct 2007 11:06:02 -0400, Tim Streater wrote
> (in article <tim.streater-9C95...@news.individual.net>):
> >
> > have the Romans ever done for us?
>
> They introduced garlic, stinky fish oil, and crosses...
>
> And the right and proper way to retire irritating politicians. 'Tis a pity
> that in these decadent times their example is not followed. Oh, tempora! Oh,
> mores!
And they also provided advice for persevering through those:
Non illegitimi carborundum.
Not to be confused with:
Veni, vidi, victus sum.
Or if all else fails:
Felicitas est parvus canus calidas. [Thanks you, Charles Schulz]
--Fred