Section 12.9. Six Mac OS X Security Shields | Switching to the Mac[c] The Missing Manual

12.9. Six Mac OS X Security Shields

Mac OS X has always had a spectacular reputation for stability and security. Not a single Mac OS X virus had emerged as of 2005a spectacular feature that is, in itself, a compelling reason to switch from Windows. (The Mac doesn't have any Windowsesque plague of spyware, either.)

The usual rap is, "Well, that's because Windows is a much bigger target. What virus writer is going to waste his time on a computer with five percent market share?"

That may be part of the reason. But Mac OS X has always been built more intelligently from the ground up. Thoughtful features abound, like the Finder's File Secure Empty Trash command, which erase deleted files so thoroughly from your hard drive that theyre irrecoverable.

But that's just one example. Here are the big-ticket defenses.

12.9.1. The Firewall

If you have a broadband, always-on connection (cable modem or DSL, for example), you're connected to the Internet 24 hours a day. It's theoretically possible for some cretin to use automated hacking software to flood you with files or take control of your machine. Fortunately, Mac OS X's firewall feature puts up a barrier to such mischief. It's described on Section 9.3.

Tip: For extra protection, click the Advanced button and enable Stealth Mode. That shuts your Mac's backdoor to the Internet, so that hackers who check to see if your Mac exists get no response at all.

12.9.2. FileVault

The Security pane of System Preferences is one of Tiger's most powerful security features. Understanding what it does, however, may take a little slogging.

As you know, the Mac OS X accounts system is designed to keep people out of each other's files. Ordinarily, for example, Chris isn't allowed to go rooting through Robin's stuff.

Until FileVault came along, though, there were all kinds of ways to circumvent this protection system. For one thing, someone could just remove the hard drive from your Mac and attach it to a Mac OS 9 based computer, where all the advanced user settings would be moot. For people with sensitive or private files, the result was a security hole bigger than Steve Jobs' bank account.

FileVault is an extra line of defense. When you turn it on, your Mac automatically encrypts (scrambles) everything in your Home folder, using something called AES128 encryption. (How secure is that? It would take a password-guessing computer 149 trillion years before hitting paydirt.)

This means that unless someone knows your password, FileVault renders your files unreadable for anyone but you and your computer's administratorno matter what sneaky tricks they try to pull.

You won't notice much difference when FileVault is turned on. You log in as usual, clicking your name and typing your password. Only a slight pause indicates that Mac OS X is decoding your entire Home folder.

Here are some things you should know about FileVault's protection:

It's useful only if you've logged out . Once you've logged in, your files are not encrypted. If you want the protection, log out before you wander away from your Mac.
It covers only your Home folder . Anything in your Applications, System, or Library folders is exempt from protection.
An administrator can access your files, too . According to Mac OS X's caste system, anyone with an Administrator account can have virtually unhindered access to his peasants' fileseven with FileVault onbecause the administrator has the master password described below.
It doesn't let you access your files from anything other than Mac OS X . In exchange for protection against evildoers , Mac OS X doesn't let you get to the stuff in your Home folder when the Mac starts up in Mac OS 9, or when you access it via FireWire disk mode (Section 5.8.1). (That, after all, is the whole point.)
It keeps other people from opening your files, not from deleting them . It's still possible for someone to trash all your files, without ever seeing what they are. There's not much you can do about this with FileVault on or off.
Any shared folders in your Home folder will no longer be available on the network . That is, any folders you've shared won't be available to your co-workers except when you're at your Mac and logged in.
Backup programs may throw a tizzy . FileVault's job is to "stuff" and "unstuff" your Home folder as you log in and out. Backup programs that work by backing up files and folders that have changed may therefore get very confused .
If you forget your password and your administrator forgets the master password, you're toast . If this happens, your data is permanently lost . You'll have no choice but to erase your hard drive and start from scratch.

To turn FileVault on, proceed like this:

In System Preferences, click Security. Click Set Master Password .

If you're the first person to try to turn on FileVault, you need to create a master password first. The master password is an override password that gives an administrator full power to access any account, even without knowing the account holder's password, or to turn off FileVault for any account.

UP TO SPEED
Password Hell

With the introduction of the master password, you now have quite a few different passwords to keep straight. Each one, however, has a specific purpose:

Account password . You type this password in at the normal login screen. You can't get into anyone else's account with itonly yours. Entering this password unlocks FileVault, too.

Administrator password . You're asked to enter this password whenever you try to install new software or modify certain system settings. If you're the only one who uses your computer (or you're the one who controls it), your administrator password is your account password. Otherwise, you're supposed to go find an administrator, and ask him to type in his name and password once he's assessed what you're trying to do.

Master password . Think of this password as a master key. If anyone with FileVault forgets her account password, the administrator who knows the master password can unlock the account. The master password also lets an administrator change an account's password right at the sign-in screen, whether FileVault is turned on or not.

Root password . This password is rarely necessary for anything other than programmery system modifying, and you turn it on as described earlier in this chapter.

When you click Set Master Password, the dialog box shown at top in Figure 12-14 appears.

Figure 12-14. Top: The Security pane is the gateway to Mac OS X's beefedup security features.
Bottom: Type in your master password twice, and give yourself a hint. (In the event of an emergency, the hint appears with the third unsuccessful attempt to type in the master password.) When you click OK, you see that the Security pane now says, "A master password is set for the computer."

Click Turn On FileVault .

Some time passes as Mac OS X tries to figure out whether or not you have enough free disk space to encrypt your Home folder. If you do have enough space, an explanatory dialog box appears.
Click Turn on FileVault in the dialog box .

Now Mac OS X logs you out of your own account. (It can't encrypt a folder that's in use.) Some time will pass while it converts your Home folder into a protected state, during which you can't do anything but wait.

After a few minutes, you arrive at the standard login window, where you can see that your account picture is now adorned by the FileVault logo. Sign in as usual, confident that your stuff is securely locked away from anyone who tries to get at it when you're not logged in.

Note: To turn off FileVault, open System Preferences, click Security, and click Turn Off FileVault. Enter your password and click OK. (The master password sticks around, though, in case you ever want to turn FileVault on again.)

12.9.3. Logout Options

As you read earlier in this chapter, the usual procedure for finishing up a work session is for each person to choose Log Out. But sometimes people forget.

The next thing you know, you've left your Mac unattended but logged in, with all your life's secrets accessible to anyone who walks by your desk.

You can prevent this situation using either of two checkboxes in the Security pane of System Preferences:

Require password to wake this computer from sleep or screen saver . This option gives you a password-protected screen saver that locks your Mac after a few minutes of inactivity. Now, whenever somebody tries to wake up your Mac after the screen saver has appeared (or when the Mac has simply gone to sleep according to your settings in the Energy Saver pane of System Preferences), the "Enter your password" dialog box appears. No password? No access.
Log out after __ minutes of inactivity . If you prefer, you can make the Mac sign out of your account completely if it figures out that you've wandered off (and it's been, say, 15 minutes since the last time you touched the mouse or keyboard). Instead, it presents the standard Login screen.

Note: If there are open, unsaved documents at the moment of truth, the Mac won't auto-log out.

12.9.4. The Password Assistant

Plenty of software features require you to make up a password: Web sites, accounts, networked disks, and so on. No wonder most people wind up trying to use the same password in as many situations as possible. Worse, they use something easily guessable, like their kids ' names . Even regular English words aren't very secure, because hackers routinely use dictionary attacks software that tries to guess your password by running through every word in the dictionaryto break in.

To prevent evildoers from guessing your passwords, Mac OS X comes with a good-password suggestion feature called the Password Assistant. It cheerfully generates one suggestion after another for impossible -to-guess passwords. (" recharges8@exchangeability ," anyone?)

Fortunately, you won't have to remember most of them, thanks to the Keychain pass-word- memorizing feature described at the end of this chapter. (The only password you have to memorize is your account password.)

See Figure 12-15 for details on the Password Assistant.

Figure 12-15. Any place you're supposed to make up a password, including here in the Accounts pane of System Preferences, a key icon appears. When you click it, the Password Assistant opens. Use the pop-up menu and the Length slider to specify how long and unguessable the password should be. (FIPS-181, by the way, stands for Federal Information-Processing Standards Publication 181, which sets forth the U.S. government's standard for password-generating algorithms.) The Quality graph shows you just how tough it is to crack this password.

12.9.5. The Keychain

The information explosion of the computer age has one colossal annoyance: the proliferation of passwords we have to memorize. Shared folders on the network, Web sites, your iDisk, FTP siteseach requires another password.

Apple has done the world a mighty favor with its Keychain feature. The concept is brilliant : Whenever you log into Mac OS X and type in your password, you've typed the master code that tells the computer,"It's really me. I'm at my computer now." From that moment on, the Mac automatically fills in every password blank you encounter, whether it's a Web site in Safari, a shared disk on your network, a wireless network, an encrypted disk image, or an FTP program like Fetch. With only a few exceptions, you can safely forget all of your passwords except your login password.

These days, all kinds of programs and services know about the Keychain and offer to store your passwords there. Figure 12-16 shows two prime examples.

Figure 12-16. Top: Safari is one of several Internet-based programs that offer to store your passwords in the Keychain; just click Yes. The next time you visit this Web page, you'll find your name and password already typed in.
Middle: At any time, you can see a complete list of the memorized Web passwords by choosing Safari Preferences, clicking AutoFill, and clicking the Edit button next to "User names and passwords." This is also where you can delete a password, thus making Safari forget it.
Bottom: When you connect to a server (a shared disk or folder on the network), just turn on "Remember password in Keychain."

12.9.5.1. Locking and unlocking the Keychain

If you work alone, the Keychain is automatic, invisible, and generally wonderful. Logging in is the only time you have to type a password. After that, the Mac figures: "Hey, I know it's you; you proved it by entering your account password. That ID is good enough for me. I'll fill in all your other passwords automatically." In Apple parlance, you've unlocked your keychain just by logging in.

If you want to lock the keychain, so that passwords aren't autofilled anymore, open Applications Utilities Keychain Access. Choose Keychain Access Preferences General. Now choose File Lock Keychain.

Tip: You can make the Keychain lock itself (after a period of inactivity) by choosing Edit

Change Settings for Keychain [your name].

But the "Use secure virtual memory" checkbox (on the Security pane of System Preferences) takes away all their fun; it encrypts your virtual memory like FileVault does for your personal files. (You may find that it slows down your Mac, though, especially when you switch from one program to another.)