Blog Post

Mac 101: User Accounts and Basic Security

While there are no true viruses for OS X (s aapl), that doesn’t mean Macs are impenetrable. They’re vulnerable to malware, spyware, spam and trojans.  However, with just a few precautionary measures and the right configuration, your Mac can be more secure than most any other consumer technology out there.

Securing your Mac can be both simple and complicated, depending on your usage and expertise, but the best place to start is with the access privileges granted to each user account created.

Create a Separate Administrator Account

AccountsPreferences > System > Accounts. The first thing that should be done is to disable administrative privileges for all active users.  There really is no good reason that any regularly used user account should have administrator privileges.  That isn’t the to say that no one needs to do administrative work on Macs.  Create a special Administrator account and keep its password a secret.  Change the Administrator’s password frequently and don’t forget it. Apple allows you to create a reminder question, so that helps.

Now, whenever you need to do something like modify a preference, or install software, you’ll be prompted to enter an admin ID and password, but so will remote users trying to take control of your system to install malware.

Disable Automatic Login

Preferences > System > Accounts (Login Options): Turn off automatic login. About the only time that it makes sense to turn on automatic login is on a publicly accessible Mac where a locked down guest account has been created.  This will prevent people from accessing your information when they gain physical access to the Mac.

Require Password Lock when Sleeping

SecurityPreferences > Security > General. Require a password lock no more than five seconds after the computer goes to sleep or the screen saver is enabled.  This will lock things down when you leave your Mac unattended for an extended period.  I also like to set a hot corner to enable the screen saver for when I need to make a quick getaway.

I have mixed feelings on forcing a log out after so many minutes of inactivity.  I’ve found that if I leave applications running, and documents aren’t saved, this particular security setting is basically useless.  My Macs are running for weeks, if not months, and I like to leave applications running for just about as long. Depending on how you use your computer, you might want to enable automatic logout after a set amount of time.

Require Password to Modify Preferences

Preferences > Security > General. Here, you can opt to require a password to unlock each System Preference pane.  This will ensure that settings will not be changed by just anyone.  This setting only makes sense when you are also carefully managing access to your administrator ID and password.

Block All Incoming Connections

Preferences > Security > Firewall (Advanced). First, turn the firewall on if it isn’t already.  If possible, block all incoming connections as well.  This may not be possible if you’re sharing files, or using applications that require inbound connections like Dropbox, or even certain Mac apps that sync with their iOS counterparts.  I would also recommend enabling stealth mode.  This will help prevent unexpected requests, such as ICMP (ping), from getting a response from the system.

Do Allow Safari to Open Safe Files

SafariSafari > Preferences > General. By default, Safari will open all files that it decides are safe to open.  This is meant to be a convenience feature when downloading files from the Internet, or opening attachments using web-based email programs.  Be warned; there’s no such thing as a “safe” file.  Disable the open “safe” files after downloading feature in Safari.

Update Your Mac’s Software Daily

SoftwareUpdatePreferences > Software Update. Be good about applying updates, especially security updates. It is a good idea to have the Mac check for updates daily, and then download them automatically.  That way, the software will likely be ready to install the moment you realize an update has been issued.

Don’t be fooled; Macs can be just as insecure and vulnerable as any other technology out there.  Mastering the seven security related features outlined above will go a long way to help keep your Mac as safe and secure as possible.  Remember: You are the biggest security risk to your Mac, so watch where you click.

Related content from GigaOM Pro (sub req’d):

2 Responses to “Mac 101: User Accounts and Basic Security”

  1. Slight problem with admin accounts. On my current mac auto update will not run when I am in my standard non-user account. Geniuses never figured it out. It was decided that was a weakness of running in user mode rather than admin.

  2. Hatef Yamini

    Thanks! This was really helpful. I’m also traveling out of the country with my laptop, what additional security measures would you recommend? LoJack? Undercover?