Mac OS X Security Part Six: Desktop Security

Last week we looked at email encryption for OS X. In particular, we walked through an install of GnuPG, the open source engine of unix email encryption derived from PGP. Today we consider desktop security issues for OS X.

It may well become my trademark to say that Mac OS X isn't your father's operating system. You've certainly heard me say it often enough. And I'm sure I'll say it again too. Some time back I helped a good friend of mine upgrade his iMac to OS X. The whole process went famously. It was after I went home that trouble set in. You see, I hadn't prepped him well enough as to why we're doing OS X in the first place. Yes, it's more stable than its predecessor, and that was our motivation. But he not only couldn't see the motivation for all the baggage that came with it, such as passwords, he saw it all as a violation of his personal space. Seen a certain way, he was right. His own computer was now locking him out from doing certain things, where he had been totally free before. So I need to explain something of OS X's rationale to you before we delve further.

Apple now makes three operating systems, namely, Mac OS 9 (Classic Mac), Mac OS X Server, and Mac OS X (client edition). The latter two share the same unix engine. Microsoft makes four operating systems - wait, make that five - , namely, Windows Me, Windows 2000 Server, Windows 2000 Professional, Windows CE, and now Windows XP. I can't tell you exactly how the last one derives from the others, but my point is that Apple supports, one for one, a competitive desktop operating system for every one Microsoft makes. Which company has the greater resources? If you move from, say, Windows 98 to Windows 2000, you'll realize pretty quickly that you're no longer in Kansas, Toto. They look the same at first blush, but under the hood they are completely different animals. Mac OS X carries over certain familiar features and concepts from Classic Mac, but no-one will argue that it looks the same. Well, it's completely different under the hood too, and for a very good reason. It is a network-quality operating system. Even if you run OS X on a standalone machine that never sees so much as a dial-up, it is no less of an operating system. Networking comes in the box. It has to. Practically everyone today connects to a network, and it's usually the internet. The moment your computer sees a network, its security is at risk. Some people will buy OS X for its robust security. You must not be able to turn it off because such an ability would open a huge security hole for those who need that security. If you cannot stomach the concept of having your personal machine locked down even a little, then you need to stay with Classic Mac, a truly personal operating system.

What raised that issue with my good friend in the first place? It was how OS X requires at least one user installed on it. I suppose it's one of those things that finally you just have to see to believe. Like my firewall crusade for ZoneAlarm on Windows machines, people click when they see their security logs filling up before their very eyes. One thing is certain: you cannot have OS X's crash resistance without its networking security.

At home you might be inclined to think that your biggest risk is Kitten on the keys, and you're probably right. At work it's a different story. You need to secure your computers if only to keep your tax records intact from accidental deletion. The very first thing, then, is to use a screen saver password. Open up System Preferences, Screen Saver, and go. Note that you can set activation corners as well. By default they're off, but I find the top right corner works very well for me. That way I can pick up and go at a moment's notice, and I can lock my desktop instantly. Today in my office I sat at a Windows 2000 machine and moved the mouse to wake it up. Much to my horrified surprise, it delivered me directly onto the desktop. Upon further checking, I found that its last user had defeated the screen saver password, and evidently forgot about this open session. Naughty, naughty. Don't let this happen to you in your office.

When you first install OS X, you are the system administrator. It's a big responsibility. The first password you set gets passed to the unix engine of OS X. Should you ever have to do serious things at the unix system level, you'll need that password. So don't forget it. If you change it later in System Preferences, the new one may not get passed to the unix core.

Each user has a totally reserved area of the hard disk. One user's personal files are invisible to all of the other users. This is a very good thing on a machine used by multiple users. It behooves one to keep personal stuff in one's own Documents folder located under Home in Finder. I have an Archives folder in my hard drive root, in which I keep installation archives of programs I've installed, but no personal files go in there. Conversely, I can also use that same Archives folder to make a document available to everyone on that machine. It works two ways. To make a document available as read-only, I'd place it in my Home/Public folder instead.

One of security's larger risks is letting something slip. Most traffic "violations" are results of being distracted, and the cost is far out of proportion to the "crime". My screen saver kicks in after only five minutes, which can be a pain sometimes, but a consoling thought if I'm pulled away more quickly than I'd planned for, which happens now and then. So I'm covered in that instance after at most only five minutes.

Another opportunity to slip is leaving a confidential file in a common folder. Many word processing programs have a facility to password-protect files. It's a good idea. A better alternative might be to encrypt sensitive files. That way you aren't tied down to specific file types. PuzzlePalace for OS X is perfect for this. Written by the author of BrickHouse for OS X, PuzzlePalace is a drag and drop facility that encrypts your files with a passphrase. It's not too likely that anyone less than a serious hacker will even bother to attempt breaking the code. It works really well. PuzzlePalace uses any of several good encryption algorithms. The output file has an appropriate extension added to it, such as .des3 for Triple DES encryption, .bf for Blowfish, .idea for IDEA, .cast for CAST, and .rc5 for RC5 encryption.. You don't want to rename the encrypted file, because its extension is what tells PuzzlePalace how to decrypt it. If you do lose the extension in, say, an already long file name, try renaming the file with each of the extensions above, one by one, then drop it onto the PuzzlePalace window. Eventually one will surely work as long as PuzzlePalace made it in the first place. In combination with Aladdin DropStuff, PuzzlePalace makes a very effective way of sending email attachments securely, assuming the recipient has similar software at the other end of course.

I for one think it's a good thing that iMacs do not have diskette drives. Someone once quipped that diskette drives are really virus input devices. Your chances of catching a Mac virus are fairly small, but there's a larger issue with diskette drives. Someone else can either install unauthorized programs onto your machine, or copy off sensitive files from it. Removing the drive altogether eliminates both of those problems. If there's no drive, there's no problem. If you have a USB SuperDrive or similar, may I suggest you don't advertise the fact? People don't expect Macs to have diskette drives these days (I'm referring to the ubiquitous 1.44 MB variety, not Zip Drives), so they aren't likely to try something you'd rather they didn't do.

Once in a while you'll need to make a remote login. For the same reasons that you wouldn't leave your desktop open to others, you also don't want to leave unattended login sessions open either. Many remote hosts have an automatic inactivity timeout feature, but that's not good enough. Unless you know that your desktop is locked down when you leave for a while, logout those remote sessions. For some perspective on this, imagine that someone else happened across your desktop and that open session to your office server. Then suppose he did some nasty things there, even if accidentally. Who would walk the dock for it? You will, that's who.

With the proliferation of Linux machines these days, you may find yourself fielding a request for a "quick access" to one. Our normally cool system manager boils over at the mere suggestion of shared accounts. If he caught me sharing my shell with someone else, he'd rake me over the coals. If someone asks you for your command line and it's not part of your office policy on a "public" machine, then either set up an account for him (you only have to do it once), or just say no. If you're timid to say no, then refer the individual to your system manager, who will have no trouble with the word whatsoever.

One last item to consider is an X Window server. If you run X on your Mac, then make sure your access control is set properly. You only have to do this once, and it's part of a good X setup regime anyway. Type xhost in an xterm and see what you get. There should be a very short list of hosts approved for connecting to your machine via the X protocol. It should look something like this:

[localhost:~] damien% xhost
access control enabled, only authorized clients can connect
INET:localhost
INET:123.456.789.10 <--- your own machine
LOCAL:
[localhost:~] damien%

Remove anything else with the sudo xhost -foo.bar.domain command.

Most of the things we've covered today form a common-sense checklist that can be extrapolated to any operating system. If there's one thing I am apprehensive about in this context, it's that OS X may be presenting me with certain well-known unix security challenges that I myself am not up to speed on. I regularly have coffee with linux/unix characters at work, and we talk about these things. That's one reason why I'm able to share a few things with you. Nevertheless, there is no way to know it all, or to be totally secure. At the same time, we Mac users are already starting from a solid base in OS X. Most security issues pertaining to OS X up to now come under the heading of tweaks. That is a consoling thought.

Next time, we'll look at security considerations for Classic mode and VirtualPC. Ciao.