- 12.9. Six Mac OS X Security Shields
Mac OS X has a spectacular reputation for stability and security. At this writing, not a
single Mac OS X virus has emerged—a spectacular feature that makes Windows look
like a waste of time. There's no Windows-esque plague of spyware, either (downloaded
programs that do something sneaky behind your back). In fact, there isn't any Mac
The usual rap is, "Well, that's because Windows is a much bigger target. What virus
writer is going to waste his time on a computer with eight percent market share?"
That may be part of the reason Mac OS X is virus-free. But Mac OS X has also been built
more intelligently from the ground up. Listed below are a few of the many drafty corners
of a typical operating system that Apple has solidly plugged:
• The original Windows XP came with five of its ports open. Mac OS X has always
come from the factory with all of them shut and locked.
Ports are channels that remote computers use to connect to services on your
computer: one for instant messaging, one for Windows XP's remote-control
feature, and so on. It's fine to have them open if you're expecting visitors. But if
you've got an open port that exposes the soft underbelly of your computer without
your knowledge, you're in for a world of hurt. Open ports are precisely what
permitted viruses like Blaster to infiltrate millions of PCs. Microsoft didn't close
those ports until the Windows XP Service Pack 2.
• Whenever a program tried to install itself in the original Windows XP, the
operating system went ahead and installed it, potentially without your awareness.
In Mac OS X, that never happens. You're notified at every juncture when anything
is trying to install itself on your Mac. In fact, you're even notified when you're
opening a disk image or .zip file that could contain an installable program (Figure
Figure 12-15. Mac OS X hovers like a stage mother, always informing you
when you're at a point where something virusy could be happening. It warns
you when you download a compressed file that could contain a runnable
program (top), and even when an installer has to run a tiny subprogram
before the installation (bottom).
- • Unlike certain other operating systems, Mac OS X doesn't even let an a
dministrator touch the files that drive the operating system itself without pestering
you to provide your password and grant it permission to do so. A Mac OS X virus
(if there were such a thing) could theoretically wipe out all of your files, but
wouldn't be able to access anyone else's stuff—and couldn't touch the operating
• You probably already know about the Finder's Secure Empty Trash option
(Section 2.6.2). But an option on the Erase tab of the Disk Utility program can do
the same super-erasing of all free space on your hard drive. We're talking not just
erasing, but recording gibberish over the spots where your files once were—once,
seven times, or thirty-five times—utterly shattering any hope any hard-disk
recovery firm (or spy) might have had of recovering passwords or files from your
• Safari's Private Browsing mode means that you can freely visit Web sites without
leaving any digital tracks—no history, no nothing (Section 20.1.5).
• Every time you try to download something, either in Safari or Mail, that contains
executable code (a program, in other words), a dialog box warns you that it could
conceivably harbor a virus—even if your download is compressed as a .zip or .sit
file (Figure 12-16).
Figure 12-16. And still more warnings. This operating system intends to make
darned sure no program ever runs without your knowledge (which is how Windows
PCs get viruses and spyware).
It tries to protect you, for example, when you double-click a document and the
required program opens for the first time (top). It also warns you the first time you
double-click any program that came from the Internet (bottom).
Those are only a few tiny examples. Here are a few of Mac OS X's big-ticket defenses.
12.9.1. The Firewall
If you have a broadband, always-on connection, you're open to the Internet 24 hours a
day. It's theoretically possible for some cretin to use automated hacking software to flood
you with files or take control of your machine. Mac OS X's firewall feature puts up a
barrier to such mischief.
Fortunately, it's not a complete barrier. One of the great joys of having a computer is its
ability to connect to other computers. Living in a cement crypt is one way to avoid
getting infected, but it's not much fun.
- So if you open the Security panel of System Preferences, and click the Firewall tab, you
see something like Figure 12-17 at top. It offers three settings:
• "Allow all incoming connections" is the same as having no firewall at all. Now,
most of the Internet's cretins are far more interested in tapping into Windows
machines than Macs, but you never know. Best to avoid this one.
• "Allow only essential services" is the closest thing Leopard has to "block
everything." It gives access only to a small, fixed set of deep-seated services that
Mac OS X needs to get by.
• "Set access for specific services and applications" is the best choice for most
people. It blocks all incoming pings except those addressed to programs and
features that you've approved.
And how do they get approved? Above the horizontalline (Figure 12-17,top), features of
Mac OS X itself are listed. They get added to this list automatically when you turn them
on in System Preference: File Sharing, Printer Sharing, and so on.
Non-Apple programs can request passage through your firewall, too (Figure 12-17,
bottom); if you click Always Allow, they appear below the line in this list.
Now, there are a few footnotes regarding the firewall:
Figure 12-17. Top: Apple's new firewall in Mac OS X 10.5 looks like this.
It lists the programs that have been given permission to receive communications
from the Internet. At any point, you can change a program's Block/ Allow setting, as
Bottom: From time to time, some program will ask for permission to communicate
with its mother ship. If it's a program you trust, click Always Allow.
You can also click the + button to navigate your Applications folder and manually
choose programs for inclusion.
For more power and flexibility, install a shareware program like Firewalk or
Brickhouse (available from www.missingmanuals.com, for example).
• If you're using Mac OS X's Internet connection sharing feature (Section 18.5.4),
then it's important to turn on the firewall only for the first Mac—the one that's the
gateway to the Internet. Leave the firewall turned off on all the Macs
"downstream" from it. You want to protect your Macs from the nasties of the
Internet; you don't need them giving each other the cold shoulder.
- • Similarly, ifyou've bought a router to distribute your Internet connection to
multiple computers, it probably has its own firewall circuitry built in. In that case,
you can turn off Mac OS X's own firewall.
• Two useful features are hiding behind the Advanced button(which is visible in
Enable Stealth Mode is designed to slam shut the Mac's back door to the Internet.
See, hackers often use automated hacker tools that send out "Are you there?"
messages. They're hoping to find computers that are turned on and connected full-
time to the Internet. If your machine responds, and they can figure out how to get
into it, they'll use it, without your knowledge, as a relay station for pumping out
spam or masking their hacking footsteps.
Enable Stealth Mode, then, makes your Mac even more invisible on the network;
it means that your Mac won't respond to the electronic signal called a ping. (On
the other hand, you won't be able to ping your machine, either, when you're on the
road and want to know if it's turned on and online.)
Enable Firewall Logging creates a little text file where Mac OS X records every
attempt that anyone from the outside makes to infiltrate your Mac. (To view the
log, click the Open Log button. The file opens in Console for your inspection.)
The Security pane of System Preferences is one of Leopard's most powerful security
features. Understanding what it does, however, may take a little slogging.
As you know, the Mac OS X accounts system is designed to keep people out of each
other's stuff. Ordinarily, for example, Chris isn't allowed to go rooting through Robin's
Until FileVault came along, though, there were all kinds of ways to circumvent this
protection system. A sneak or a showoff could:
• Start up your Mac (if it's a pre-2003 model) in Mac OS 9, which knows nothing
about Mac OS X permissions.
• Start up the Mac in FireWire disk mode (Section 6.2).
• Remove the hard drive and hook it up to a Linux machine or another Mac.
In each case, they'd then be able to run rampant through everybody's files, changing or
trashing them with abandon. For people with sensitive or private files, the result was a
security hole bigger than Steve Jobs' bank account.
- FileVault is an extra line of defense. When you turn on this feature, your Mac
automatically encrypts (scrambles) everything in your Home folder, using something
called AES-128 encryption. (How secure is that? It would take a password-guessing
computer 149 trillion years before hitting paydirt. Or, in more human terms, slightly
longer than two back-to-back Kevin Costner movies.)
This means that unless someone knows (or can figure out) your password, FileVault
renders your files unreadable for anyone but you and your computer's administrator—no
matter what sneaky tricks they try to pull.
You won't notice much difference when FileVault is turned on. You log in as usual,
clicking your name and typing your password. Only a slight pause as you log out
indicates that Mac OS X is doing some housekeeping on the encrypted files: freeing up
some space and/or backing up your home directory with Time Machine.
Tip: This feature is especially useful for laptop owners. If someone swipes or "borrows"
your laptop, they can't get into your stuff without the password.
Here are some things you should know about FileVault's protection:
• It's useful only if you've logged out. Once you're logged in, your files are
accessible. If you want the protection, log out before you wander away from the
Mac. (Or let the screen saver close your account for you; see Section 12.9.3.)
• It covers only your Home folder. Any thing in your Applications, System, or
Library folders is exempt from protection.
• An administratorcan access your files, too. According to Mac OS X's caste system,
anyone with an administrator's account can theoretically have unhindered access to
his peasants' files—even with FileVault on—if that administrator has the master
password described below.
• It keep so ther people from opening your files, not from deleting them. It's still
possible for someone to trash all your files, without ever seeing what they are.
There's not much you can do about this with FileVault on or off—all a malicious
person needs to do is start deleting the encrypted files, and your data is gone.
(FileVault works by encrypting your Home folder into eight-megabyte chunks.)
• Shared folders in your Home folder will no longer be available on the network.
That is, any folders you've shared won't be available to your co-workers except
when you're at your Mac and logged in.
• Backup programs may throw a tizzy. FileVault's job is to "stuff " and "unstuff "
your Home folder as you log in and out. Backup programs that work by backing
up files and folders that have changed since the last backup may therefore get very
- Even Time Machine (Chapter 6) doesn't always play well with FileVault. For one
thing, it can copy the encrypted Home folder only when it's closed—that is, when
you're logged off. So you don't get the continuous hourly backups that everyone
Second, in times of tragedy, Time Machine can restore only your entire Home
folder; you can't recover individual documents or folders in it.
• It's only as secure as your password. If someone can figure out your account's
password, they can bypass FileVault for your account. Even more seriously, if
someone can figure out the master password (see below), they can bypass
FileVault for every account on your computer.
• If you for get your password and your administrator forgets the master password,
you're toast. If this happens, your data is permanently lost. You'll have no choice
but to erase your hard drive and start from scratch.
To turn FileVault on, proceed like this:
1. In System Preferences, click Security, and then click FileVault. Click Set Master
If you're the first person to try to turn on FileVault, you need to create a master
The master password is an override password that gives an administrator full
power to access any account, even without knowing the account holder's
password, or to turn off FileVault for any account.
The thinking goes like this: Yeah, yeah, the peons with Standard accounts forget
their account passwords all the time. But with FileVault, a forgotten password
would mean the entire Home folder is locked forever—so Apple gave you, the
technically savvy administrator, a back door. (And you, the omniscient
administrator, would never forget the master password—right?)
When you click Set Master Password, the dialog box shown at top in Figure 12-18
2. Click "Turn On FileVault."
You'll see an error message if other account holders are simultaneously logged in
(using Fast User Switching). Otherwise, you're asked to type your account
password. An explanatory dialog box appears offering some options.
- If you select the "Use secure erase" option, Mac OS X works harder when it erases
files that you delete, and that makes it harder for the bad guys to obtain the
encrypted data even if they kidnap your computer.
If you select "Use secure virtual memory," Mac OS X also encrypts the contents of
virtual memory (Section 126.96.36.199). (All accounts share the same virtual-memory
files in Mac OS X, so an evil hacker with sophisticated tools could conceivably
analyze the virtual-memory files on your Mac to see what's in the documents you
have open on the screen.)
Note: You can also turn on FileVault for an account at the moment you create it in
System Preferences Accounts.
3. Click "Turn On FileVault" again.
Figure 12-18. Top: To turn on FileVault for an account, you must start by
making up a master password: a skeleton key that can get you into
somebody's account even if they forget their password. (You have no idea
how often this happens.)
Type in your master password twice, and give yourself a hint
Bottom: When you click OK, you see that the Security dialog box now says,
"A master password is set for this computer." In the event of an emergency,
you'll get the hint when you click an account name at the Login screen, and
then click Reset Password.
Now you can click Turn On FileVault to begin the encryption process.
Now Mac OS X logs you out of your own account. (It can't encrypt a folder that's
in use.) Some time passes while it converts your Home folder into a protected
state, during which you can't do anything but wait.
After a few minutes, you arrive at the standard login window, where you can sign
in as usual, confident that your stuff is securely locked away from anyone who
tries to get at it when you're not logged in.
- Note: To turn off FileVault, open System Preferences, click Security, and then click Turn
Off FileVault. Enter your password and click OK. (The master password sticks around
once you've created it, however, in case you ever want to turn FileVault on again.)
12.9.3. Logout Options
As you read earlier in this chapter, the usual procedure for finishing up a work session is
for each person to choose Log Out. After you confirm your intention to log out,
the Login screen appears, ready for the next victim.
But sometimes people forget. You might wander off to the bathroom for a minute, but
run into a colleague there who breathlessly begins describing last night's date and
proposes finishing the conversation over pizza. The next thing you know, you've left your
Mac unattended but logged in, with all your life's secrets accessible to anyone who walks
by your desk.
You can prevent that situation using either of two checkboxes, both in the Security panel
of System Preferences:
• Require password to wake this computer from sleep or screen saver. This option
gives you a password-protected screen saver that locks your Mac after a few
minutes of inactivity. Now, whenever somebody tries to wake up your Mac after
the screen saver has appeared (or when the Mac has simply gone to sleep
according to your settings in the Energy Saver panel of System Preferences), the
"Enter your password" dialog box appears. No password? No access.
UP TO SPEED
With the introduction of the master password, you now have quite a few
different passwords to keep straight. Each one, however, has a specific purpose:
Account password. You type this password in at the normal login screen. You
can't get into anyone else's account with it—only yours. Entering this password
unlocks FileVault, too.
Administrator password. You're asked to enter this password whenever you try
to install new software or modify certain system settings. If you're the only one
who uses your computer (or you're the one who controls it), your administrator
password is your account password. Otherwise, you're supposed to go find an
administrator (the parent, teacher, or guru who set up your account to begin
- with), and ask that person to type in his name and password once he's assessed
what you're trying to do.
Master password. Think of this password as a master key. If anyone with
FileVault forgets her account password, the administrator who knows the master
password can unlock the account. The master password also lets an
administrator change an account's password right at the Login screen, whether
FileVault is turned on or not.
Root password. This password is rarely useful for anything other than Unix
hackery, as described on Section 16.9.
• Log out after __ minutes of inactivity. If you prefer, you can make the Mac sign
out of your account completely if it figures out that you've wandered off (and it's
been, say, 15 minutes since the last time you touched the mouse or keyboard).
Instead, it presents the standard Login screen.
Note: Beware! If there are open, unsaved documents at the moment of truth, the Mac
can't log you out.
12.9.4. The Password Assistant
Plenty of software features require you to make up a password: Web sites, accounts,
networked disks, and so on. No wonder most people wind up trying to use the same
password in as many situations as possible. Worse, they use something easily guessable
like their names, kids' names, spouse's names, and so on. Even regular English words
aren't very secure, because hackers routinely use dictionary attacks—software that tries to
guess your password by running through every word in the dictionary—to break in.
To prevent evildoers from guessing your passwords, Leopard comes with a
goodpassword suggestion feature called the Password Assistant. It cheerfully generates
one suggestion after another for impossible-to-guess passwords.
Fortunately, you won't have to remember most ofthem, thanks to the Keychain
passwordmemorizing feature described at the end of this chapter. (The only password
you have to memorize is your account password.)
See Figure 12-19 for details on the Password Assistant.
- Figure 12-19. Any place you're supposed to make up a password, including in the
Accounts pane of System Preferences, a key icon appears. When you click it, the
Password Assistant opens. Use the pop-up menu and the Length slider to specify
how long and unguessable the password is. The Quality graph shows you just how
tough it is to crack this password.
(In the Type pop-up menu, you might wonder about FIPS-181. It stands for the
Federal Information Processing Standards Publication 181, which sets forth the U.S.
government's standard for password-generating algorithms.)
12.9.5. The Keychain
The information explosion of the computer age may translate into bargains, power, and
efficiency, but as noted above, it carries with it a colossal annoyance: the proliferation of
passwords we have to memorize. Shared folders on the network, Web sites, your iDisk,
FTP sites—each requires another password.
Apple has done the world a mighty favor with its Keychain feature. The concept is
brilliant. Whenever you log into Mac OS X and type in your password, you've typed the
master code that tells the computer, "It's really me. I'm at my computer now. "From that
moment on, the Mac automatically fills in every password blank you encounter, whether
it's a Web site in Safari or Opera, a shared disk on your network, a wireless network, an
encrypted disk image, or an FTP program like Transmit or RBrowser. With only a few
exceptions, you can safely forget all of your passwords except your login password.
These days, all kinds of programs and services know about the Keychain and offer to
store your passwords there. For example:
• In Safari, whenever you type your name and password for a certain Web page and
then click OK, a dialog box asks: "Would you like to save this password?" (See
Figure 12-20, top.)
Note: This offer is valid only if, in Safari Preferences, you've clicked the
AutoFill tab and turned on "User names and passwords." If not, the "Would you?"
message never appears.Note, too, that some Web sites use a nonstandard login
system that also doesn't produce the "Would you?" message. Unless the Web site
- provides its own "Remember me" or "Store my password" option, you're out of
luck; you'll have to type in this information with every visit.
• When you connect to a shared folder or disk on the network, the opportunity to
save the password in your Keychain is equally obvious (Figure 12-20, bottom).
• You also see a "Remember password (add to Keychain)" option when you create
an encrypted disk image using Disk Utility.
• Apple's Mail program stores your email account passwords in your Keychain.
Your .Mac account information is stored there, too (on the .Mac pane of System
• Microsoft's Entourage program offers to store your passwords. So do FTP
(filetransfer) programs like RBrowser and Fetch; check their Preferences dialog
• A "Remember password"option appears when you type in the password for a
wireless network or AirPort base station.
• The iTunes program memorizes your Apple Music Store password, too.
188.8.131.52. Locking and unlocking the Keychain
If you work alone, the Keychain is automatic, invisible, and generally wonderful.
Logging in is the only time you have to type a password. After that, the Mac
figures,"Hey, I know it's you; you proved it by entering your account password. That ID
is good enough for me. I'll fill in all your other passwords automatically." In Apple
parlance, you've unlocked your Keychain just by logging in.
Figure 12-20. Top: Safari is one of several Internet-based programs that offer to
store your passwords in the Keychain; just click Yes. The next time you visit this
Web page, you'll find your name and password already typed in.
Middle: At any time, you can see a complete list of the memorized Web passwords
by choosing Safari Preferences, clicking AutoFill, and then clicking the Edit
button next to "User names and passwords." This is also where you can delete a
password, thus making Safari forget it.
Bottom: When you connect to a server (a shared disk or folder on the network), just
turn on "Remember this password in my keychain."
- But there may be times when you want the Keychain to stop filling in all of your
passwords, perhaps only temporarily. Maybe you work in an office where someone else
might sit down at your Mac while you're getting a candy bar.
Of course, you can have Mac OS X lock your Mac—Keychain and all—after a specified
period of inactivity (Section 12.9.3).
If you want to lock the Keychain manually, so that no passwords are autofilled in until
you unlock it again, you can use any of these methods. Each requires the Keychain
Access program (in your Applications Utilities folder):
• Lock the Keychain manually. In the Keychain Access program, choose File
Lock Keychain [Your Name] ( -L), or just click the big padlock at upper left.
Click the Lock button in the toolbar of the Keychain Access window (Figure 12-
• Choose Lock Keychain [Your Name] from the Keychain menulet. To put the
Keychain menulet on your menu bar, open Keychain Access, choose Keychain
Access Preferences. In Preferences, click General, and then turn on Show
Status in Menu Bar.
• Lock the Keychain automatically. In the Keychain Access program, choose Edit
Change Settings for Keychain [your name]. The resulting dialog box lets you
set up the Keychain to lock itself, say, five minutes after the last time you used
your Mac, or whenever the Mac goes to sleep. When you return to the Mac, you're
asked to re-enter your account password in order to unlock the Keychain, restoring
your automatic-password feature.
Whenever the Keychain is locked, Mac OS X no longer fills in your passwords.
Note: As noted above, you unlock your Keychain using the same password you use to log
into Mac OS X, but that's just a convenience. If you're really worried about security, you
can choose Edit Change Password for Keychain [your name], thereby establishing a
different password for your Keychain, so that it no longer matches your login
password.Of course, doing so also turns off the automatic-Keychain-un locking-when-
184.108.40.206. Managing Keychain
- To take a look at your Keychain, open the Keychain Access program. By clicking one of
the password rows, you get to see its attributes—name, kind, account, and so on (Figure
Tip: The primary purpose of the Keychain is, of course, to type in passwords for you
automatically. However, it's also an excellent place to record all kinds of private
information just for your own reference: credit card numbers, ATM numbers, and so on.
Simply choose File New Password Item (if it's a name and password) or File
New Secure Note (if you just want to type a blob of very, very private text).No, the Mac
won't type them in for you automatically anywhere, but it does maintain them in one
central location that is, itself, password-protected.
Figure 12-21. In the main Keychain list, you can doubleclick a listing for more
details about a certain password—including the actual password it's storing.
To see the password, turn on "Show password." The first time you try this, you're
asked to prove your worthiness by entering your Keychain password (usually your
account password). If you then click Always Allow, you won't be bothered for a
220.127.116.11. Multiple Keychains
By choosing File New Keychain, you can create more than one Keychain, each with
its own master password. On one hand, this might defeat the simplicity goal of the
Keychain. On the other hand, it's conceivable that you might want to encrypt all of your
business documents with one master password, and all of your personal stuff with
another, for example.
If you do have more than one Keychain, you can view all of them by clicking the little
Show Keychains button at the lower-left corner of the Keychain Access window; now
you see a list of all your Keychains (including some maintained by Microsoft Office and
Mac OS X itself). Click their names to switch among them.
18.104.22.168. Keychain files
- Keychains are represented by separate files in your Home Library Keychains
folder. Knowing that can be handy when you want to delete a Keychain or copy it to
another Mac—your laptop, for example. (Then again, the File Export command may
be even more convenient.)
12.9.6. Secure Virtual Memory
Virtual memory is a trick that computers use to keep a lot of programs open at once—
more, in fact, than they technically have enough memory (RAM) for. How do they
manage keeping so many software balls in the air? Easy: They set some of them down on
the hard drive.
When you bring Photoshop to the front, Mac OS X frees up the necessary memory for it
by storing some of the background programs' code on the hard drive. When you switch
back to, say, Safari, Mac OS X swaps Photoshop for the Safari code it needs from the
hard drive, so that the frontmost program always has full command of your actual
Sophisticated software snoopers could, in theory, sneak up to the Mac while you're
logged in but away from your desk. Using a built-in Unix command called strings, the
no-goodniks could actually read what's stored on the hard drive in that virtualmemory
swap file—in particular, your passwords.
But the "Use secure virtual memory"checkbox (on theSecurity pane of System
Preferences) takes away all their fun; it encrypts your virtual memory swap file so
nobody can read it. (You may also find that it slows down your Mac, though, especially
when you switch from one program to another.)