This article is a pre-release chapter in the upcoming “Take Control of Security for Mac Users,” by Joe Kissell, scheduled for public release later in 2015. Apart from, and , these chapters are available only to ; see  for details.
In the previous chapter we looked at some of the easiest changes you can make to improve your Mac’s security, several of which involved simple changes to settings. In this chapter we continue with some settings that require a bit more explanation and thought. That includes a discussion of OS X’s Gatekeeper and sandboxing security features, some basics for using user accounts more securely, and a couple of quick suggestions about sharing files, your screen, and other resources. Except as noted, this chapter applies to people at every risk level.
Since Apple released Mountain Lion in 2012, OS X has had an important security feature called Gatekeeper. (Apple later added Gatekeeper to OS X 10.7.5 Lion too.) Even though you won’t see the word “Gatekeeper” anywhere in OS X (Apple mentions it in marketing materials, on the page, and in developer documentation), Gatekeeper affects how you install and use software.
Gatekeeper examines downloaded apps either when they’re installed (if they use an installer) or when they’re run for the first time. If the app doesn’t meet the criteria you select, Gatekeeper blocks the app from running. The point is to prevent malicious software (including software that has been modified without your knowledge) from causing damage or stealing data. Gatekeeper can also protect you from apps that have been modified after the fact. It does all this thanks to the concept of signing an app.
Each developer who has joined Apple’s $99-per-year Mac Developer Program gets a special digital certificate that serves as a unique identifier. In the process of building an app, the developer can use that certificate to sign each app. A signed app doesn’t look any different from an unsigned app, but it contains extra data that enables OS X to determine:
Each of these attributes helps to protect your security.
Let’s start with integrity. If an attacker were to modify an app after it was signed—for example, by inserting malicious code while it sat on the developer’s Web server or even after you started using it on your Mac—Gatekeeper would notice the change and prevent the app from running.
Next, suppose someone signed up for the Mac Developer Program and started delivering malicious software, signed with their certificate. The identity feature kicks in—once Apple discovers that the developer is distributing dangerous software, Apple can revoke that certificate, telling Gatekeeper not to let any software signed with that certificate launch. (Your Mac checks for revocations once a day. An Internet connection is required.)
The third aspect, access, involves system resources such as Keychain. If you grant an app permission to store information in Keychain or access it afterward, you don’t want to have to keep doing so every time you update the app. But if you install a new version of an app that was signed with the same certificate, Gatekeeper considers it the “same” app for the purpose of allowing access to system resources—you won’t be prompted for Keychain access again. Conversely, if someone altered the app or gave you an unsigned and therefore unauthorized version, it wouldn’t be able to access your Keychain without your permission.
All of this reduces your risk of inadvertently running malicious software, but you can choose to use either of two security settings—to disable Gatekeeper globally, or to disable it for specific apps. We turn to these options next.
You configure Gatekeeper in System Preferences > Security & Privacy > General, in the bottom section labeled “Allow Apps Downloaded From” (Figure 1). As usual, click the lockicon in the lower left of the window, enter your existing administrator username and password, and click Unlock before proceeding.
Your choices are:
Note that these settings aren’t retroactive. For example, if you install software while the Anywhere option is set and later change the setting to Mac App Store, that won’t disable the previously authorized app.
If you (wisely) selected a setting other than “Anywhere,” then sooner or later you will encounter an app you want to run, but which doesn’t meet your minimum criterion. When you try to run such an app, you see a warning dialog (Figure 2), and when you click OK, the app quits.
Before I tell you how to override this Gatekeeper warning, let me explain what it means. This alert usually means one of two things:
Although those are the two most common situations, either of these settings can prompt a warning in other cases, too, such as:
So, before you override Gatekeeper, give some thought to what you’re trying to run and where you got it. If you feel confident that it’s merely an older app, or if you want to restrict Gatekeeper to allowing only Mac App Store apps most of the time but still install an occasional app purchased elsewhere, you can override Gatekeeper when you see this warning.
To do so, right-click (or Control-click) the application and choose Open from the contextual menu. When you do this—and only when you do this—the dialog that appears (Figure 3) has an Open button. Click it.
If your Mac has only one user—you!—then you may never have thought about the security implications of user accounts. Although I’ll cover this topic from another angle later (see Keep Your Data Safe from Other Local Users in Chapter 11), I want to mention at this point several important principles about user accounts, most of which apply even to single-user Macs:
You can create as many user accounts as you need, and switch between them easily. To keep your Mac secure, you should make sure you have the right number and types of accounts. That’s what I discuss in the remainder of this topic.
Even though your Mac has a single administrator account (and no standard accounts) by default, that’s not the most secure arrangement. Because administrator accounts have so much power, they can get you in trouble. While logged in as an administrator, you could inadvertently delete files that would keep your Mac from working properly, install malware that could damage your system, or do any of numerous other things you might later regret. So, many Mac experts recommend using a standard account for day-to-day computer use, and using the credentials for your administrator account only when you’re installing software or doing other tasks that require access to the depths of your system.
Let me be candid: even though I have frequently recommended this tactic, it’s not something I do myself. My main, everyday user account has administrator privileges. That makes things simpler for me (just one set of credentials that I can use everywhere). And because I’m an expert user, I know how to avoid the sorts of mistakes that might cause problems for someone using an administrator account—and besides, I have great backups that I can fall back on if I do anything truly dimwitted. (It does happen.)
Therefore, I won’t insist that you make your main account a standard account. But I do suggest that you consider it, especially if your risk level is higher than 2 (see). If you have anything less than complete confidence that you can either avoid or recover from any mistake you might make by accidentally exercising administrative privileges, a standard account might be what you want.
If your main account is now an administrator account but you want to make it a standard account, you can create a new administrator account (for occasional use only) and then remove the administrative privileges from your main account. To do so, follow these steps:
At this point, you may be prompted to enter the Apple ID for the new account. Since this administrator account will be for occasional use only, I suggest selecting the Don’t Sign In radio button, clicking Continue, and then confirming by clicking Skip again. If it turns out you need iCloud services with your new administrator account, you can always set them up later.
Having done all this, you’ll find that almost everything about using your Mac is exactly as it was before. But there’s one exception: when a dialog prompts you for an administrator’s credentials, you won’t enter the username and password for your everyday account but instead enter the credentials for your new administrator account.
As long as you’re making changes in the Users & Groups preference pane, you should think about whether you want to have a guest user account. It’s enabled by default starting in Yosemite. That’s usually a good idea, but if it doesn’t suit your needs, you can disable it.
With a guest user account enabled, you have a spare (non-administrator) account that anyone can log in to, without a password, to run an app, browse the Web, or perform any other tasks that don’t require saving private information to disk permanently. (Guest users can, however, save data to publicly shared locations.) As soon as the guest logs out, OS X deletes the guest’s temporary home folder, leaving everything just as it was beforehand. If you ever need to give someone temporary access to your computer, using the guest account makes your life simpler than having to set up and later delete a conventional account for that person, and more secure than letting them use your account.
To turn guest access on or off:
If you’re the only person who uses your Mac, you can skip this topic. But if you share your Mac with family members, coworkers, or friends, do yourself—and them—a favor and create a separate (standard) account for each person. And then, insist that everyone log in to their user-specific accounts when using the Mac. That way, any damage (accidentally deleted files, changed preferences, and so on) will be restricted to that user’s space and not affect the entire Mac.
To enable switching from one user to another without having to log out (and thus quit all your apps), go to System Preferences > Users & Groups > Login Options and check Show Fast User Switching Menu As—choosing either Full Name, Account Name, or Icon, as you prefer, from the pop-up menu. Then, to switch users, choose the name of the user you want to log in as from that menu, which appears near the right side of your menu bar and enter that user’s password.
If you open the Sharing pane of System Preferences (go ahead and do that now; I’ll wait), you’ll notice several different resources your Mac can share with other devices on your local network—and, in some cases, beyond it (Figure 5). You can share your screen, files, printers, and your Internet connection, for example, and you can also enable various types of remote access to your Mac.
All these features can be handy, especially in that they enable multiple Macs in your home or office to talk to each other. You can copy a file from a Mac in the other room, or view what’s on the screen of the Mac upstairs when you’re downstairs. And, with Back to My Mac (see Use iCloud Features Selectively in Chapter 9), you can even share files and screens with a Mac that’s on another network, as long as it uses the same iCloud account.
I’m not going to tell you in this book how to use all these sharing features—I’ve got that (and much more) covered in. Rather, I want to make two simple points here:
Specifying access privileges is fairly self-explanatory, but if you need guidance, click the Helpbutton or consult .
Read More: Chapter 12 |  |  |  |  |  |  |  |  |  |  |  |