This article is a pre-release chapter in the upcoming “Take Control of Security for Mac Users,” by Joe Kissell, scheduled for public release later in 2015. Apart from Chapter 1: Introducing Mac Security, and Chapter 2: Learn Security Basics, these chapters are available only to TidBITS members; see “Take Control of Security for Mac Users” Streaming in TidBITS for details.
Chapter 2: Learn Security Basics
In the coming chapters, I’ll tell you all about security preferences, software, online services, and practices that can help keep your Mac and its data safe. But first, to set the stage (and your expectations), I want to explain just what I mean by security—that word may not mean what you think it means. I also help you evaluate your risk level, shed light on some oft-overlooked security principles, and suggest that you can be responsible with your Mac’s security without becoming paranoid.
What Does Security Mean?
You go through a security checkpoint at the airport. You have a home security system. A lecture is cancelled due to security concerns. An ad for a bike lock claims it offers high security. These sorts of everyday uses of the word “security” all have subtly different senses, but what they have in common is reducing the likelihood of harm or danger.
Moving into the digital world—and more specifically your Mac—security takes on yet another shade of meaning. In most cases, a violation of your Mac’s security won’t result in physical harm to a human being. It may, however, cause you emotional or financial harm (theft of identity or money), waste your time (canceling credit cards, changing passwords), make more work for you (removing malware, restoring deleted files), and so on. Those are the sorts of harm better Mac security can help you avoid.
Closely related to the concept of security are those of privacy and anonymity. Here’s how to keep the three terms straight:
- Security is freedom from danger or harm.
- Privacy is freedom from observation or attention.
- Anonymity is freedom from identification or recognition.
You can have security without privacy (imagine living in a house made of bulletproof glass). You can also have privacy without security (think of a changing room at a clothing store). And you can have both privacy and security without anonymity (think of a royal family ensconced in a castle).
But when it comes to your digital life, these concepts—especially security and privacy—go together more often than not. Many of the harms or dangers that might befall you if your security is insufficient involve personal data being exposed, so one of the biggest reasons to have better security is to maintain your privacy. Or, to put it the other way around, many of the things you can do to protect your privacy are in fact security measures. When you use an encrypted Wi-Fi connection (see Use Encrypted Wi-Fi in Chapter 6) or turn on your firewall (see Use a Firewall in Chapter 7), you’re protecting yourself against several kinds of harm, including harm that could be caused by the loss of privacy.
Even though there’s a partial overlap between security and privacy, the two topics are distinct. Improving your Mac’s security can reduce the chance of harms beyond those that involve privacy, such as:
- Loss of data
- Degraded performance
- Malware that sends spam from your Mac
- Loss of control over your Mac
Conversely, a number of the steps I recommend to preserve your privacy (about which I say a great deal in Take Control of Your Online Privacy) don’t involve extra security as such. I’m thinking of things like keeping sensitive information from being exposed to the Internet, modifying your social media behavior, choosing communication methods based on what you have to say and to whom, and in general not doing stupid things online.
In short, better security can provide more privacy, but it does much more than that—and security is only one means to protect your privacy. I recommend paying careful attention to both angles.
Determine Your Risk Profile
In his 2004 TidBITS article Evaluating Wireless Security Needs: The Three L’s, Adam Engst laid out the three factors he considered relevant to determining one’s risk when it comes to Wi-Fi security. He called them the three L’s: likelihood (the probability that someone will violate your security), liability (the cost—financial or otherwise—that you’d incur if a security breach happened), and lost opportunity (what you lose in terms of time and convenience by implementing stronger security). That article is well worth a read, even today.
Times, technologies, and threats change, but some people still face greater risks than others. If you can assess your own level of risk soberly, you’ll be able to take appropriate measures—neither too weak nor too strong.
Sadly, a wealth of evidence suggests that many people misjudge their risks.
On the one hand, most of the news reports you see about celebrities, businesses, and government agencies being hacked suggest that someone underestimated their risk and didn’t go far enough to protect their security. (Let’s not overstate the case, though—even if you do everything “right,” you could be the victim of poorly written software or some other exploit you couldn’t reasonably have guarded against.)
On the other hand, I know lots of people who are excessively paranoid with no justification, and therefore waste time, money, and effort on security measures that won’t help them. I’m thinking, for example, of an aunt who had half a dozen deadbolts on her front door and lived in constant fear of burglars—but she owned nothing of value, lived in a run-down house, and did absolutely nothing to signal to criminals that she might make an attractive target…except using all those locks!
Similarly, I often hear from people who use elaborate spam-fighting techniques, heavily locked-down firewalls, multiple antivirus apps, and extensive encryption—but who have no data that would be worth anything to anyone else. They’re inconveniencing themselves tremendously due to a perceived threat that is in fact illusory, and they’d probably be much happier if they lightened up and forgot about most of those extreme measures.
Ideally, the security measures you take should be proportional to the threat you face—neither too little nor too much.
As a way of helping you assess your risk profile, I’d like to offer descriptions of four broad categories, or levels of riskiness. The idea is that each person falls primarily into one of these categories—this isn’t about specific security issues as much as one’s overall approach to Mac use.
Throughout this book, I’ll refer back to these levels when I suggest particular security measures. For example, I’ll recommend that everyone—regardless of risk level—use terrific passwords (see Chapter 5, Improve Your Passwords) and have good backups (see Prevent Data Loss with Backups in Chapter 10). But when it comes to VPNs (see Use VPNs and Similar Measures in Chapter 6), I’ll say that people in the lowest risk level can safely opt out; and when I discuss outbound firewalls (see Use a Reverse Firewall in Chapter 7), I’ll tell you that only people in the two riskiest categories should worry about them.
As you read these descriptions, make a mental note of the category you think most closely matches you. You might fall between categories, and your risk level may change over time. These categories are merely a tool to help you gauge your likely risk right now.
Risk Level 1 (Low)
The lowest risk level includes people who use their Macs mainly for recreation (things like games, casual Web surfing, and media consumption), people who seldom or never perform financial transactions online, and people who have little or no data on their Macs that anyone else would care about.
I say such people have low risk for three reasons. First, they’re unlikely to be singled out as a target, because they have no data of apparent value to an attacker. Second, they don’t typically engage in activities that are likely to get them into trouble. And third, even if they were the victim of an attack, the consequences would be comparatively minor—they could wipe their drives, reinstall OS X and their apps, and resume life as though nothing had happened.
Risk Level 1 also includes those whose Macs are owned and actively maintained by employers with dedicated IT departments—at least when the employers are large, the IT departments are highly clueful about both Macs and security, and the Macs in question stay in a workplace. The idea is: your company probably has its own network defenses, installs security software on each device, and has staff that monitors usage and network traffic to keep users (and the company itself) out of trouble. If trained professionals are worrying about your Mac’s security, you should have less to worry about yourself.
People at Level 1 will be able to skip a few of the security suggestions in this book, because they have nothing to gain from the extra work.
Before you conclude that you’re a shoo-in for Level 1, however, let me ask whether you consider yourself to be an alert, careful person. If you are generally trusting, click links in email messages from unknown senders, or download software from ads (or pop-ups, or chat messages), give yourself a demerit. You’re behaving dangerously, which means your risk level will rise by a notch or two.
Risk Level 2 (Average)
Most ordinary people—and thus, I’m assuming, most readers of this book—will be at Risk Level 2, which is to say average. You use the Web regularly for both work and pleasure. You regularly make online purchases (from reputable vendors). You may use your Mac to manage your finances, including online banking. You download software frequently. And your Mac contains many files (email messages, documents, contact records, calendars, and so on) that—while not necessarily super-secret—do contain personal information about yourself, friends, family, and colleagues that you would not want strangers or the general public to see.
The majority of suggestions in this book are appropriate for people at Level 2, although I will point out a number of measures that only those at higher risk levels should worry about.
Even if you feel like a perfect match for Level 2, extenuating circumstances might push you into a higher risk level. Read on to find out.
Risk Level 3 (Elevated)
You know how your doctor always checks your weight and asks if you smoke, how much you exercise, and whether you had a flu shot? These are all factors that, if the answer is “wrong,” push you into a statistically higher medical risk category—even if you’re otherwise healthy.
Similarly, someone who’s otherwise an entirely average Mac user can move into the elevated Risk Level 3 for reasons such as these:
- Your Mac contains unusually sensitive data. This could be old love letters you don’t want your spouse to see, confidential business information from your employer, records of a delicate medical condition, or anything else that could cause you serious problems (like loss of your job, insurance, or marriage) if it were to get out.
- You frequent any of the Internet’s seedier neighborhoods, such as sites that traffic in online gambling, porn, or pirated content (like software, television shows, or movies).
- You have an online identity, separate from your real-life identity, that you need to keep private.
- You engage in controversial discussions online that might result in people being exceptionally angry with you.
- You’re careless when it comes to clicking links of unknown provenance, sending or receiving personal information such as credit card or Social Security numbers by email, or striking up conversations with any random person who just wants to chat on Skype.
This is not, I hasten to point out, a complete list! But I hope you get the idea—if you use your Mac in a way that makes you a more attractive target to attackers, if you have something especially valuable to hide, or if you simply tend to be trusting or impulsive, you’ll need to take greater precautions to keep your Mac safe. That is, you’ll take advantage of almost every security option I discuss in this book.
Risk Level 4 (Extreme)
Then there are people whose risk isn’t merely elevated, it’s off the charts. More importantly, this risk level contains people who are likely to be targeted as individuals, not just randomly or part of a demographic. The people who fall into this category are as varied as the reasons they need ultra-high security. To wit:
- Those in professions that routinely deal with sensitive information: lawyers, physicians, accountants, high-profile journalists, pilots, military personnel, government employees, and the like.
- Celebrities, politicians, executives of major organizations, law enforcement personnel, and other influential people are always targets—whether on the street or online.
- Wealthy people, regardless of where their money came from, are especially attractive to hackers.
- People who buy drugs, weapons, or other contraband online—or, let’s just say, criminals of any stripe—face huge security risks. Candidly, those risks go far beyond what I cover in this book, and I’d like to reiterate my advice to not do stupid things online.
However, I should mention that ordinary, non-powerful, law-abiding citizens can, on occasion, find themselves thrust into Level 4. If you win the lottery, witness a violent crime, or start dating a movie star, for example, your risk will suddenly skyrocket, and you should take appropriate measures.
People at Risk Level 4 should almost invariably employ the strongest security options I mention in this book.
Understand the Chain of Access
I’m not the first person to point out that a chain is only as strong as its weakest link. And yet, many Mac users seem to overlook this basic principle by using weak (or non-existent) security measures that invalidate stronger measures.
Let me give you a couple of examples.
Let’s say you sign up for online banking, and you choose a fantastic, super-strong password like
w46e8AVnDkzbZqd4T[4&zC?KvJN(owJu. Great! Now you store that in your Mac’s Keychain, which is encrypted. Also great! But your Keychain, by default, is unlocked automatically when you log in to your Mac. So if your login password is
pancakes, an attacker only has to guess (or crack) that much weaker password, and—not great!—he has access to your bank account too. Worse yet, maybe your Mac is configured so it doesn’t ask for a password at startup, when woken from sleep, or interrupting a screensaver. Extremely un-great! Anyone who steals your Mac—or uses it
when you’re not looking—can access your bank account, and that super-strong password doesn’t help at all.
Or how about this. You’re very security-savvy: You connect your Mac to the Internet via a WPA-encrypted Wi-Fi connection. Nice! On top of that, you use a VPN (virtual private network) to secure all the network traffic to and from your Mac. Nicer! And, your Web browser uses SSL to encrypt all the data moving between your Mac and a particular Web site. Also nice—that’s three layers of encryption protecting your visit to, let’s say, gmail.com. With all that security in place, you send a trustworthy friend a message containing the plot of your new blockbuster screenplay. And—oops!—hours later it’s plastered all over the Internet. What happened? Well, someone at your friend’s email provider might have read the message while it was sitting on the server, or someone might have intercepted it in transit because your friend didn’t use a secure Wi-Fi connection. Maybe your friend’s computer was stolen or hacked, or maybe your “trustworthy” friend, unthinking, simply forwarded it on to someone less-than-trustworthy.
I could go on and on, but I think I’ve made my point. No matter how strong a certain security measure is, it’s meaningless if a weaker measure along the metaphorical chain permits someone access to the same data.
The lesson to take away is that security requires thought. The security features in OS X and third-party security apps address only specific processes or potential vulnerabilities. You are not guaranteed security simply by installing software and flipping switches—not even if you use every single security measure I discuss in this book. You need to think through the route your data takes from here to there, the various ways someone could access your Mac (physically or over a network), and numerous other factors to identify and then strengthen as many weak links as possible.
I’ll do my best to point out potential weak spots as we go. But I won’t be able to identify them all, which brings me to my next point.
How to Think about Security
If you’re looking for perfect, complete, impenetrable security for your Mac, then… (hahahahahaha) excuse me while I have a little laugh at your expense. Sorry, security doesn’t work like that. Because computers and human beings are what they are, there will always be the possibility that a flaw in a product, a clever person, or (more likely) the combination of the two may result in a security breach.
Security isn’t about guarantees, it’s about odds. You increase your Mac’s security to reduce the likelihood of an attack or loss and, in the event that an attack or loss does occur, minimize the damage and improve the chances of recovery.
But that’s OK. In the overwhelming majority of cases, “reduced likelihood” and “minimized damage” and “improved recovery chances” are enough—and they’re a vast improvement over what you’d have with no security.
Another thing to consider is that Mac security usually (but certainly not always) involves a trade-off between safety and convenience. For example, having a longer login password makes it harder for an attacker to break in, but it also makes it harder for you to use your Mac on a daily basis. Running certain kinds of security software may keep out snoops, but at the cost of decreasing your performance. Using two-step verification may prevent a thief from accessing your data, but it also makes you jump through extra hoops.
Is any given security measure worth the extra hassle? That depends on your risk level (as I discussed in Determine Your Risk Profile) and your tolerance for aggravation. In general, the greater your level of risk, the greater the inconveniences you’ll have to endure in the name of security—if you want to protect a priceless heirloom, you’d better go rent a safe deposit box, because your sock drawer isn’t going to cut it. Although I will tell you about a few security settings you should use that have no effect on convenience, those are the exception to the rule.
Regardless of what steps you take, security problems will continue to crop up from time to time. For example, while I was writing this chapter, news of a previously unknown Mac security flaw—and tool to exploit it, called Thunderstrike—was starting to circulate. Predictably, the press wrote panicked stories and the public started worrying that their Macs would be taken over, even though the exploit in question has never been seen “in the wild,” and would require a fairly advanced hacker to have physical access to your Mac. But then, even before this was published, Apple released a fix for some Macs, and in all probability, a fix will be available for your particular Mac before you read this—without any actual damage being done. All that anxiety will have been for nothing.
So I urge you to adopt a philosophical attitude. No matter what you read, don’t panic. You’ll take reasonable, responsible measures consistent with your risk level—and then you just won’t worry about unlikely problems. Worrying does not increase your security.
For almost everyone, almost all the time, using the advice in this book will be enough to keep you safe. And even if you are unlucky enough to fall victim to a threat none of us could have foreseen, the recommendations here can still get you back up and running in short order.