Black Friday has come and gone. Cyber Monday is now in the mirror. Can we Mac users feel safe now feel safe from identity theft, hacking, and viruses that always find ways to ruin some of our Windows friends’ holiday season? While using a Mac may provide some cyber protection, there are plenty of steps we all can take to ensure that our days shopping and traveling will leave us feeling merry.
Traveling in a Winter Wonderland
During the holidays, many of us are flying or driving to see loved ones. We take our laptops and iPhones with us wherever we go, but our portable lives expose us to security threats we may not fear at home. Here are a few tips to keep your data protected while on your journey.
Tip #1: Consider using Apple’s FileVault. FileVault is a technology built into Mac OS X Leopard that allows a user’s home folder to stored on an encrypted disk image rather than as a group of folders on the hard disk. Why is this a big deal? All of your sensitive data, such as bank passwords, emails, and browser cookies are stored in your home folder. If someone were to steal your laptop, they could boot from a Mac OS X restore disc and reset your user password (or go a step further and remove the hard drive from your machine to gain access to the files). With the new password, they can simply log in to your account and access all of the data. File Vault encrypts (or scrambles) that data so that it is completely unreadable with the password. File Vault also prevents a thief from resetting the password to gain access to the files.
While the majority of Mac users have never heard of FileVault, many who do know about the technology fear it, or worse, revile it. When FileVault made its debut in 10.3 Panther, it “worked,” but I know many people who lost data due to a buggy implementation. File Vault was refined in 10.4 Tiger and further improved in 10.5 Leopard. While no software implementation is perfect, FileVault does a great job of protecting your data. To turn it on, go into your System Preferences and select Security:
- Then select the FileVault tab at the top.
- Next, assuming you do not have a master password set for the computer, select the button to select a master password. This is a password that can be used to reset the password of all the accounts on your computer. It’s likely you are the only user, so this will be less important, but if you have multiple FileVault accounts on one machine, this password lets you reset any of them.
- Finally, click to turn on FileVault. You must have enough free space on your computer to do this. How much? You need roughly the same number of gigabytes of free space as you are using for your account. Thus, if you account is 8 GB, you’ll need at least that to turn on FileVault. If FileVault can be turned on, you’ll be logged out of your account and the conversion process will begin. This can take anywhere from a few minutes to several hours. Be patient! You only have to do this once. Once completed, you will have to log into your account, and the decryption process will be seamless. Tip: When users’ home folders are too large, this is usually because they have huge iTunes collections. One solution is to go to iTunes and change the location of the iTunes folder to the Shared folder in the Users folder. Then, from iTunes’ File menu, choose Library–>Consolidate Library to move the files. While this will leave your iTunes collection unprotected, you may not care about people simply getting ahold of your music.
Tip #2: Use Secure Virtual Memory (along with other precuations). As long as you’re still in the Security System Preference, you should click on the General tab, where there are five additional high-security precautions you can take. I have ranked these from 1-5 in terms of most paranoid protection to least paranoid protection. If that’s the case, why am I first recommending to turn on secure virtual memory if that’s for the most paranoid? Because FileVault is not secure without secure virtual memory.
The reason for this is because your computer stores everything you type (and everything you read) in temporary memory (called virtual memory). Without checking the “Use secure virtual memory” box, anything you type or read, if it is still in memory, will be plainly visible to someone who knows how to read it. Thus, if someone steals your machine, it is possible the password you typed to log in (or anything else you typed) might be readable. Using secure virtual memory will scramble even this temporary memory, giving you much more protection.
You are free to use any of the other check boxes as well. Doing something as simple as disabling the automatic login (so that you have to put in your password to get to the Desktop) goes a long way. Many people who steal laptops simply want to turn around and sell them. Either they or the buyer will wipe the hard drive, but if you’re letting them go straight to the Desktop, even the most novice thief may be willing to poke around your files to see what he can uncover.
Tip #3: Set an Open Firmware/EFI password. This tip is not just valuable in the face of holiday theft: it is great for computer lab administrators or even parents who don’t want to let a knowledgeable user gain too much access to the computer. If you set this password, you will need to enter it each time you boot your computer. This prevents a user from booting the computer from a CD/DVD, external hard drive, network drive, or the boot drive until the password is entered.
- If you’re running 10.1-10.3.9 you can download the Open Firmware Utility from Apple.
- If you’re running 10.4.x, you must copy the Open Firmware Utility to your Utilities folder. It is on your 10.4 install/restore disc (first restore disc) and is located in the /Applications/Utilities folder.
- If you’re running 10.5.x, you must boot from the Leopard install/restore disc and choose Firmware Password Utility from the Utilities menu.
Note that you should try to physically secure your machine (obviously tough to do if you have a laptop). Someone can still get access to your data if they physically remove the hard drive. But for people in homes or labs, this provides a moderate level of protection. For a more thorough explanation of this utility, you can read Apple’s kbase article on the subject.
Tip #4: At least install anti-virus software. Yes, it’s true that Macs are less vulnerable to viruses than PCs are. There have been some “experimental” or “demo” viruses on Mac OS X that have not been released into the wild to any large degree, but other than those, there’s virtually no way to put Mac and virus in the same sentence. That being said, there are still valuable reasons to use anti-virus software.
First, as was covered here, here, here, and here (and even here), Apple is now recommending that Mac OS X users install anti-virus software. [Note: Since the above articles were published over the last 24 hours, Apple has removed its knowledgebase article on the subject.]
Second, anti-virus software provides an ounce (or ~28g) of prevention. AV software is updated regularly and even more frequently when viruses are released. By having up-to-date software already installed on your machine, you will be better prepared in case a more serious Mac virus is released. While I understand the philosophy of downloding AV software once a virus makes the headlines, that only works if you’re lucky enough to not get the virus before you download the AV software. Is that laziness really worth it, especially when …
Third, there is the excellent and free ClamXAV anti-virus software. ClamXAV uses the open source Clam engine, available on Mac OS X, Windows, and of course Linux. You can scan your entire HD, watch susceptible folders (like your Downloads folder), or easily scan individual files in the Finder. Download it, install it, be done with it.
Fourth, you can still transmit viruses to Windows users if you receive a file with a Windows virus. Simply transferring an infected file from Windows to Mac does not remove the virus. Since it is common to release viruses around the holidays and even more common to exchange Office files and photos and movies of holiday events, it’s worth inspecting the files you exchange with Windows users.
Tip #5: Lock down your iPhone. It will come as no surprise that iPhones are big theft targets this holiday season. While I can’t offer advice on how to prevent iPhone theft, I can tell you how you can prevent thieves from running up your phone bill once they’ve stolen it.
First, you need to turn on the SIM PIN. You can do this by navigating to Settings -> Phone -> SIM PIN. From here, you can create a PIN number that will be entered each time you turn on your phone to gain access to incoming and outgoing calls and data. A few notes:
- Don’t forget your PIN! Turning off the PIN number does not erase the number; the next time you turn it on, you’ll need to enter the same number before you can change it. (Click here to see what your service’s default PIN is.)
- Once the PIN is deactivated while the phone is on, you can’t reactivate the lock until you turn the phone off again.
There’s another reason I love this feature: international travel. When I travel internationally, I turn on the SIM PIN and turn off my phone when boarding the plane at the domestic departure. That way, when I arrive overseas, my phone never connects to the local phone service (that way, I’m not paying for international data, voice mail, or text messages). I can still use the phone’s applications and WiFi.
Second, you can turn on the Passcode Lock. How is this different? Well, for starters, it’s both more and less secure than the SIM PIN. It’s more secure because you will have to enter the passcode after a period of inactivity (that you set) to do anything (make calls, use applications, use the iPod feature). When you become inactive again, the passcode turns back on. Thus, it’s a great way to prevent any access to your phone.
It’s also less secure, though: Without a SIM PIN, a thief could take your phone home and restore the iPhone to factory settings, then make all the calls he wants. While he won’t have your data, he’ll use your minutes. Using both PINs give you the best security. You can access the passcode lock by going to Settings -> General -> Passcode Lock.
There are many other things you can do to protect your computer and its data during the holidays. Consider installing theft recovery software like Undercover or MacTrak so that if your laptop is stolen, you might be able to see its location and new owner. Make sure your user account is password protected. Turn off Bluetooth on your iPhone to prevent unauthorized access.
What do you think of these tips? Are any more or less valuable than others? Do you have stories or tips you can share from past holidays to help others? Let us know in the comments.