This article is a pre-release chapter in the upcoming “Take Control of Security for Mac Users,” by Joe Kissell, scheduled for public release later in 2015. Apart from Chapter 1: Introducing Mac Security, and Chapter 2: Learn Security Basics, these chapters are available only to TidBITS members; see “Take Control of Security for Mac Users” Streaming in TidBITS for details.
Chapter 1: Introducing Mac Security
In survey after survey after survey, security issues like credit card fraud, identity theft, and computer hacking rank among Americans’ top worries. Burglary is a bit lower on the list, while threats to personal safety are lower still, and concerns like global warming barely register (statistically speaking). Although poll results vary in other parts of the world, it’s still abundantly clear that the fear of having one’s devices and data violated is widespread and on the rise.
You might imagine, then, that books about computer security would fly off the shelves, but they don’t. (I’m speaking from experience here. I spent most of 2009 writing the massive Mac Security Bible, and even though it got great reviews, very few people bought it.)
One big reason for that disconnect is that computer security sounds like a scary, complicated technical topic that ordinary people wouldn’t be able to grasp. Yes, you’re afraid of being hacked—and sure, you want better security in order to prevent that. But you’re not a geek, and your eyes glaze over at the very mention of terms like SSL, firewalls, and two-factor authentication. No matter how scary the threat of computer hacking may be, to some people, the prospect of having to learn about computer security is scarier!
But authors like me also bear part of the blame. Who was I kidding to think that a 900-page brick on Mac security would seem accessible to the typical Mac user? Of course people are going to be put off when it looks like they’ll have to invest weeks of study into understanding and solving the problem. I understand. I’m sorry. I repent.
The book you’re now reading takes a much different approach.
For starters, it’s much shorter. As in, about 1/6 the length of Mac Security Bible. You can probably read the whole thing in an afternoon—but feel free to browse just the topics you care about.
Next, I’ve left out many of the gory details that only developers, system administrators, and other propeller-heads would care about. I tell you enough to understand the basics of Mac security problems and solutions so that you can make smart decisions about what steps to take. But I try not to overwhelm you with tech-speak.
Most importantly, my intention is to strike a more positive and reassuring tone. I don’t want you to be as scared of the cure as you are of the disease! On the contrary, my goal is to put your mind at ease. Because really, you don’t have to be afraid of the bad guys hacking your Mac. Once you understand what the threats are and the (mostly quite simple) ways you can counter them, you’ll be able to sleep better at night knowing that your Mac’s security is under control. Even if you should fall victim to a security breach, this book will teach you how to recover quickly and gracefully—no panic required.
And, because this is a Take Control ebook, we’re able to update it if and when the facts change—it isn’t doomed to be obsolete before it’s a month old.
This book is just for Mac users—and especially for those running OS X 10.10 Yosemite. Most of what’s here also applies to 10.9 Mavericks, but the older your version of OS X, the less relevant this book will be. I don’t go out of my way to spell out the differences from one version of OS X to the next, either, because one of the most important steps you can take to increase your security is to keep your software up to date. If you’re still running, say, 10.6.8 Snow Leopard, you can’t take advantage of the many security improvements Apple built into newer versions of OS X, and the best advice I can give you is to upgrade if possible.
Since it’s an integral part of the Apple ecosystem, I’ll occasionally mention iOS, too, but mobile security is another whole ball of wax. (If you’d like to see a book on that, too, let me know.)
You’ll notice throughout this book that I put special emphasis on network security—that is, helping you prevent attacks and intrusions that originate on the Internet. That’s not the only type of Mac security, of course, but it so happens that most of the threats you’re likely to encounter involve the Internet in some way. Keeping your Mac’s network interactions secure is much more than half the battle. We’ll also discuss physical security, protecting your data from other people you permit to use your Mac (not to mention thieves and snoops), keeping rogue apps from causing mischief, and everyday techniques to keep your data safe.
Of course, security involves more than your Mac. I can’t prevent someone from stealing your wallet, hacking the payment terminals at your local department store, digging through your trash to find personal information, or breaking the lock on your back door. But I can help you achieve that all-important balance between security and convenience when it comes to your Mac and all the data it contains, and that’s an excellent start to living a more secure life.
One final note before we move on: I’ve written Take Control books on a number of other topics that touch upon security, too. Although there’s inevitably some overlap here and there, each book addresses a different core issue. I refer you to these other books where applicable for more detail on specific topics:
- Take Control of Your Online Privacy concerns keeping your personal information private. Because privacy and security often go hand in hand, it addresses a number of the same topics found in this book, but from a different perspective.
- Take Control of Your Passwords explains password security thoroughly, helps you develop a complete strategy to deal with passwords, and reviews several popular password managers.
- Take Control of 1Password is a task-oriented guide to my personal favorite password manager. It has less theory than Take Control of Your Passwords and lots of practical advice for 1Password users.
- Take Control of FileVault guides you in using FileVault, OS X’s built-in disk encryption feature, including troubleshooting and advanced capabilities.
- Take Control of Backing Up Your Mac is the Mac user’s complete reference to every aspect of backups—from Time Machine to bootable duplicates, online backup services, and more. Good backups can mitigate the severity of many security lapses.
- Take Control of CrashPlan Backups is for CrashPlan users who find the app confusing, need help boosting its performance, or want to learn advanced backup tips.
- Take Control of iCloud includes an entire chapter about iCloud security and privacy.
Find Your Way around This Book
There are many different aspects to Mac security, which are often intertwingled in confusing ways. In general, I’ve tried to group similar concepts together and put the most important (and easy-to-implement) material earlier in the book. Here’s what you’ll find.
Hit the Ground Running
I recommend that everyone next read Chapter 2, Learn Security Basics, in which I frame the concept of Mac security in more concrete terms. This chapter doesn’t have step-by-step instructions for particular security features, but instead takes a broader look at what security means—in general, and to you specifically. Yes, you! I’ve been watching you read this, which I could do because I just hacked into your Mac. Kidding! Totally kidding! But if you had a moment of doubt there, you’ll appreciate Chapter 2’s discussion of risk profiles. I don’t advocate a one-size-fits-all approach to security. Having a clearer idea of how much risk you likely face when using your Mac will help you make better security decisions and avoid unwarranted paranoia.
Next come three chapters—again, recommended for every reader—that deal with the low-hanging fruit of Mac security. Chapter 3, Perform Quick Security Fixes, discusses a handful of things you need to know and do right now, all of which are pretty easy but can dramatically improve your security. This includes updating your software and making a few important tweaks to OS X’s security settings. Then in Chapter 4, Beef Up Your System Settings, I continue with (to strain the metaphor) some higher-hanging fruit that may require pruners or a stepladder. I talk about how OS X uses sandboxing to keep apps from doing bad things, and how the settings related to this feature affect your security. I also make suggestions for improving your Users & Groups settings and discuss implications of sharing files, screens, and other resources via the Sharing pane of System Preferences. Chapter 5, Improve Your Passwords, talks about how crucial good passwords are to nearly every other aspect of security and helps you improve passwords that are currently too weak.
Manage the Ins and Outs
Although network security is a recurring theme throughout the book, the next group of chapters focuses on network-specific topics. Chapter 6, Improve Your Network Security, covers your network connection as a whole (Wi-Fi or otherwise), showing you how to protect various segments of the path data travels between your Mac and other computers—and showing what could happen if you don’t.
In Chapter 7, Fortify Your Mac’s Defenses, I talk about several categories of software that monitor and filter data as it comes into or leaves your Mac, which is important regardless of how secure your network connection might be. (For example, you could have a secure connection to a compromised computer that tries to send you malware.) Speaking of malware, Chapter 7 also revisits the age-old question of whether you as a Mac user need anti-malware software—and if so, what the best options are.
Moving on to more specific tasks, we come to Chapter 8, Surf the Web Safely. The Web is a conduit for all sorts of malicious behavior, and in this chapter I tell you what to be on the lookout for—and how to stay out of trouble. This may include altering some browser preferences, installing plugins, and taking greater care in which sites you visit. Chapter 8 also spends a good bit of time helping you safely use passwords and credit cards on the Web, while steering clear of phishing schemes designed to trick you into giving away private information.
For iCloud users—which, let’s face it, is pretty much everyone with a Mac these days—Chapter 9, Manage iCloud Security lays out the good and the bad. You might be surprised to learn that some aspects of iCloud are much more secure than generally believed. On the other hand, you could be casually using iCloud features that—unless you exercise special care—could be fabulously unsafe, exposing personal data (like those sorts of photos) to people who should never see them. By the end of this chapter you’ll know how to keep yourself appropriately safe when using iCloud.
Tie Up Loose Ends
The final three chapters cover essential topics that don’t fall under either “basics” or “network security.”
Read Chapter 10, Prevent Data Loss and Theft, to learn about the crucial importance of backups (you knew I’d bring up backups sooner or later, right?) as a key to preventing—or recovering from—data loss. However, you also want to prevent someone from gaining unauthorized access to your Mac’s data even if you don’t lose access yourself—in other words, data theft. I discuss techniques to prevent data theft, including the use of FileVault or other encryption tools and secure deletion.
You can think of Chapter 11, Keep Personal Data Private, as the Reader’s Digest condensed version of Take Control of Your Online Privacy. Although I can’t cover every aspect of online privacy in a single chapter, I hit the highlights and review the key steps you can take to keep your personal information out of the hands of others—whether they’re other local users or ne’er-do-wells across the Internet.
The final chapter is the one I hope you never have to read! In Chapter 12, Recover from a Disaster, I reiterate my “Don’t Panic” advice and walk you through the steps you need to take if misfortune strikes. Did you lose data? Here’s how to get it back. Did malware find its way onto your Mac? Here’s how to get rid of it. Did you suffer a network intrusion or even—heaven forbid—identity theft? Here are the steps to take. (At the risk of stating the obvious, you’ll be way ahead of the game if you’ve prepared for disaster with measures like strong passwords and great backups, but I tell you what you should do either way.)