Mac Security: Fact and Fiction

Page 4 of 6

The Mac’s default security settings are all you need to protect your computer from hacker attacks.

FALSE Hackers attempt to attack your computer over the Internet by finding open, unsecured ports and exploiting them. A port is nothing more than a door through which computer data can be passed. Every computer has thousands of them, and every open port is a potential entry point.

Mind you, open ports are a necessary part of your daily computer experience. Every time you open a Web page, you’re using port 80. Every e-mail you send goes through port 25. Sharing your iTunes music library? You’re using port 3689. Open isn’t necessarily bad—as long as your Mac’s operating system and the application using the port verify that only legitimate data is being passed through those ports.

Hackers attempt to find open ports by trolling the Net, sending out messages that your Mac understands as “Hey, anybody there?” When such messages hit your Mac (even if they hit a closed port), it behaves like a puppy dog, happily barking back, “Yep, I’m here!” That response lets hackers know there’s something out there they can attempt to exploit. They’ll then use port-scanning software to discover an open door they can get into.

To prevent this from happening, you need a firewall. A firewall is simply a piece of software or hardware that stands between your computer and the rest of the world, making sure that every piece of data coming or leaving through an open port on your Mac goes only where it’s supposed to.

OS X has a firewall that’s turned off by default. You can change that by going to System Preferences: Sharing: Firewall, and then clicking on the Start button. Frankly, there’s no reason not to turn the firewall on if you always have your Mac connected to the Internet. As soon as you start the firewall, all the ports on your Mac are stealthed. Stealthing a port makes your Mac behave like your high-school crush who ignored you no matter how many times you tried to make small talk in the halls. You made your presence known, but you weren’t even getting the time of day. Any legitimate ports that are open on your Mac will allow data to pass through and work normally, but to the rest of the world, your Mac becomes invisible.

However, for some people, the Mac’s built-in firewall isn’t the best option. To find out if you’re one of those users, see “Raise the Wall.” —JEFFERY BATTERSBY

Your personal information is in danger when you surf the Web.

TRUE But not, perhaps, in the way you think. Most people imagine some nondescript virtual basement, where slovenly hackers work in the dark, drinking Jolt cola and waiting for you to slip up so they can get at your bank statements, credit card numbers, and passwords.

But more often, your surfing will result in the smaller annoyance of spam. For instance, some sites require that you register, and then they sell your e-mail address to others. The best way to prevent this is to create disposable e-mail addresses that you can use when you register. If you have a .Mac subscription, for example, you can create aliases, which are different e-mail addresses that funnel mail into your account. These are linked to your main e-mail account, and you can delete them at any time.

Be John or Jane Doe Another option is to avoid registering by using a service such as BugMeNot.com. If you go to this Web site, you can find user names and passwords for all sorts of Web sites. These aren’t shopping sites—you won’t find someone’s user name and password for Amazon.com. But you’ll find the login information required to access newspapers and other information sites that use registration to track what you view.

Fooled by Phishing More-serious security breaches usually happen because you’ve inadvertently given your data to the wrong person. For instance, phishing is when malevolent people send e-mail messages pretending to be eBay, PayPal, your bank, and so on. The message asks you to “confirm” your account by entering your social security number, credit card number, or other sensitive information.

These messages try to trick you into giving your personal information away so hackers can exploit it. Don’t ever click on a link in an e-mail like this. Also, turn off HTML display in your e-mail program so you can check the validity of such links. For example, if you get a message from eBay or PayPal that asks you to enter your information, look at the actual link. Very often, you’ll see that it contains a domain name in another country, such as Korea or Russia ( .kr or .ru ), or you’ll see a numerical address, such as 192.168.123.456 instead of www.ebay.com. If you’re ever in doubt, go directly to the Web site in question and contact customer support to confirm the message you receive.—KIRK MCELHEARN

As long as you have separate user accounts, your personal information is safe when you share your Mac with others.

FALSE OS X uses file permissions to keep track of who can read, write, and execute each file on the Mac. This is essential because it ensures that one user can’t access another’s files. But the system depends on the computer’s administrator, who has total control over all the files and who must set up permissions correctly. You can’t completely protect your files unless you are the only administrator.

Even if you’re the only administrator, or if your administrator has set up user accounts very carefully, others can access your stuff unless you’re careful. For instance, anyone in your office, home, or dorm can saunter up to your desk, sit down, and start searching through your personal documents if you walk away without logging out. Anyone with an OS X installation CD can start up your Mac with that CD and use its utilities to reset the administrator password.

If you have any truly sensitive files on your Mac—from company financial plans to your top-secret spy stuff—the best way to protect them from prying eyes is to encrypt them (see “8 Ways to Protect Your Mac Right Now” ).—KIRK MCELHEARN

[ Mark H. Anbinder is a senior technical consultant at Cornell University and a contributing editor of TidBits. Jeffery Battersby is a network analyst at the law firm of Finkelstein & Partners in Newburgh, New York. Jeff Carlson is the managing editor of TidBits and the author of several books about the Mac, including iMovie 4 and iDVD 4 for Mac OS X: Visual QuickStart Guide (Peachpit Press, 2004). Glenn Fleishman wrote “Take Control of Your AirPort Network” and writes daily about Wi-Fi at Wi-Fi Networking News. Kirk McElhearn is the author of several books, including iPod and iTunes Garage (Prentice Hill 2004). His blog, Kirkville, talks about Macs, iPods, and much more. ]

Many users who have an always-on connection to the Internet need to turn on OS X’s built-in firewall to protect against hackers. Go to the Firewall tab under OS X’s Sharing preference pane, and click on Start.If you’d rather not register at Web sites—and risk a boatload of spam—try a service such as Bugmenot.com. It provides you with dummy user names and passwords for common sites. Bugmenot has a handy bookmarklet that you can use in Safari.
| 1 2 3 4 5 6 Page 4
Shop Tech Products at Amazon