[APPLE in Title Bar][BRMUG in Title Bar][Links in Title Bar][Recent in Title Bar][Next Meeting of Title Bar]

[BRMUG Logo]

   About Us
   Mac OS X
   Next Meeting
   Helpful Sites
   Meeting Notes
 Mailing Lists


Meeting Notes

January 2010 - Security/Best Practices

Regardless of the reason, the Macintosh seems to have a security advantage over Windows and Linux. Unfortunately, it seems that each day brings along more new worries about security. Even a huge advantage may not be enough. In fact, threats come from many different avenues:

  • Hardware failure/loss
  • Malicious or buggy software
  • User error
  • External attack

Hardware (your computer) is a definite weak point. Parts can fail. The computer can be damaged by accident or elements. It can be stolen.

Software can sometimes damage hardware. Software can corrupt or destroy data. These things can happen through malicious software or simply through software that has bugs.

We probably do not need ot point out how effective a user can be at destroying their own data.

Finally, there is the possibility of an external attack (cracker, thief, enemy, child, ...) causing loss of data.

The goal of this meeting is to discuss some of the things you can do to make your life less dangerous. Some of these things are easy and painless. Some will be annoying. Some will be sufficiently disruptive that you may choose to gamble and not do them.

This discussion will be broken into the following categories:


Having a backup is essential if the worst happens. Most things that can go wrong result in loss of information. The operating system and the various software programs on your computer can be re-installed (or purchased again if necessary). Your documents cannot. Your pictures cannot. Having a solid backup to rely on is critical (Time Machine, online backups). Having a backup that is not at your normal use location is very wise. If a physical disaster takes out your computer, it will probably destroy the backup sitting on the desk beside it.

Return to Top of Page

Physical Security

Most people do not think much about physical security. Desktops are as safe as anything else in your house. Of course, a Macintosh desktop might be an appealing target for a burgular.

If you have important information on your computer, making sure that only "trusted" folks have physical access is critical (important might be business secrets, financial data, ...). With physical access to a computer, all the data on it can be copied (regardless of passwords).

Return to Top of Page


Encryption of information can limit usefulness of stolen data. If you encrypt the user home directories (FileVault for example) the folks who steal your data still need the password to decode it and make it useful. The drawbacks to encryption include: loss of password makes recovery of data impossible, practically eliminates any hope of recovering data from a failing drive and can complicate backups. Also remember that if your backups are not encrypted, they must be protected just as seriously as your computer.

Return to Top of Page


Vendors are always releasing updates (new versions of their code). Most of the time these updates include bug fixes. Often security fixes are included. You might be inclined to believe that you have used a particular version of software for a year without issue, why bother upgrading? Afterall, the code has not changed since yesterday -- it can't be any less secure.

While the code is no less secure today than it was yesterday, the problem is more public. One drawback to fixing a security problem with software is that it draws attention to that problem for folks that have not upgraded.

Staying current is one of the best security steps you can take.

Return to Top of Page

Account Management/Use

The way you set up your Mac and use its account system has a lot of impact on security. Best Practices suggest that you have at least 4 accounts on your Macintosh:

  • Primary administrator account
  • Emergency administrator account
  • Primary user account
  • Testing user account

You should use the primary administrator account only when you need to do privileged things (install software, update software, change settings, ...).

The emergency administrator account is to provide you privileged access to the computer should you forget your password or the primary admin account becomes corrupt.

It is suggested that all normal use be in a user account that does not have administrator privilege. This prevents the user from being able to damage anything other than the files in his account (external attacks that rely on admin access will fail). Actually, each user of the system should have a separate account.

At least one other normal account should exist. This account should be used for guests and to confirm that an odd behavior is system wide or restricted to a specific user.

Systems should not have autologin enabled. Machines should automatically lock after some reasonable period of inactivity (5 minutes is an accepted rule of thumb).

Return to Top of Page

Internet Access

Accessing web sites and running downloaded software is risky. For most of us, ignoring the internet is impossible. Many of us often download and install software. What can you do?

As with many things, common sense pays. Heavily traveled web sites are less likely to have malware than random, low traffic sites. Download software from places you trust. Disabling features you do not need is a wise move. Do you need flash? How about Acrobat Reader?

Go a little further. Protect your wireless router at home (the more folks that use it, the more likely you are to have a problem). Be cautious when joining networks at public places.

Use encryption when possible. Use SSH instead of Telnet. Use SCP/SFTP instead of FTP. NEVER send important data over http -- https ONLY.

Return to Top of Page


Software is a mixed blessing. Without the computer would be useful only as a doorstop. With it, the computer becomes useful. Along with being useful comes the possibility of loss and worse.

Buggy software can break hardware, cause data loss, annoy the user and generally ruin your day. Avoiding "just released" programs and software that is not used by lots of other folks are good steps.

Get updates from trusted places like Apple, VersionTracker or MacUpdate. Apply updates.

Return to Top of Page

Password Management Passwords are a real problem. Anything 8 characters or less is considered unsafe. Longer passwords are genreally better. Passwords should not include words from a dictionary ("thebrowncowjumpsoverthemoon" is a poor choice for a password in spite of the length). And, of course, your password should not relate to you (not the name of your kid or dog, ...). Remember that Facebook alone can expose many of the things that you might think an external attacker might not know.

Passwords must be unique. The more places you use the same password, the worse the impact when that password is discovered (see keychain below for a way to ease this pain).

Passwords must change. The more a password is used, the more often it should be used. A password for a web site you visit a few times a year can live with yearly changes. Anything financial should change every 30-90 days. Your account password should change often (at least each month).

Use keychain to catalog your various passords. This keeps you form haivng to type them in (requiring you to only type your account password). Someone looking over your should cannot get any password other than your accout password via this method.

With keychain to key you from having to type passwords (other than your account), the chance of shoulder surfing working on them is reduced. But it means you will type your password a lot more. This means it really should change a lot!

Return to Top of Page

[BRMUG Home] [About BRMUG] [Periodicals] [Search] [Next Meeting]

Please send any comments or suggestions to brmug@brmug.org.

[Made with Macintosh]
This page was written by, is maintained by, and is copyrighted by BRMUG (Baton Rouge Macintosh User Group). This page is provided as a service to the community and every effort is made to insure accuracy.
The statements and opinions included in BRMUG's pages are those of BRMUG only. Any statements and opinions included in these pages are not those of Louisiana State University or the LSU Board of Supervisors or Apple Computer, Inc.
Copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 BRMUG.