100 more things every Mac user should know: Security

Macworld Staff
5 June, 2013
View more articles fromthe author

Continuing our guide to 100 more things every Mac user should know, here we cover 49 to 81, some tips and tricks all related to Security.

Change the administrator password

49 Forgetting account password

If you ever forget your account password, and you’re running OS X 10.7 (Lion) or 10.8 (Mountain Lion) with a Recovery HD partition, you have an easy way to reset that password. (Note: this procedure doesn’t work if you have enabled OS X’s FileVault encryption feature.) Start up your Mac while holding c-R, and release the keys once you see the familiar grey Apple logo. When your Mac enters recovery mode (it shows you the OS X Utilities screen), choose Utilities > Terminal to launch the Terminal utility. Type resetpassword and press Return. In the Reset Password window, select your startup volume and choose your account (the one for which you want to change the password) from the pop-up menu. Enter a new password for the account, and then enter it again to confirm. Add an optional password hint for the new password. Click Save. Quit the Reset Password utility, quit Terminal, choose OS X Utilities > Quit OS X Utilities, and click the Restart button.

Five ways to avoid phishing

Even if you resist the temptation to send your life’s savings to a recently exiled Nigerian president, you can still be victimised by phishing attacks. Take steps to defend yourself.

50 Use a cloud-based email spam filter

Services such as iCloud and Google Mail include this feature, which will stop a lot of phishing efforts.

51 Replace your email client’s junk filter

Install the excellent SpamSieve (US$30, c-command.com/spamsieve), and take some time to train it.

52 Keep your browser up-to-date

And once you do, be sure its phishing and malware protection, which checks all web addresses against a list of known bad sites, is turned on. In Safari, go to Settings > Security; in Chrome, find it under Settings > Advanced > Privacy.

53 Use different email addresses

Try using a dedicated address or alias for known financial and retail sites, but using a different one for less trusted sites. iCloud supports up to three mail aliases that you set by logging in to iCloud.com and going to Mail > Settings > Accounts.

We suggest one for banks, one for trusted retailers (such as Amazon) and one for junk sites. Alternatively, you can create as many Gmail (or Yahoo) addresses as you like. If you never use your bank email address for anything other than banking, and notice spam on it, your bank may have been compromised.

54 Use a throwaway email address

For truly junky sites, use an email address from Mailinator (www.mailinator.com). These one-use addresses aren’t secure, but they are good for sites that have no legitimate need for your real email address.

Eight ways to avoid malware

Yes, there really is malware for Macs, but you can avoid it.

55 Upgrade to Mountain Lion

It has some important built-in protection against malware.

56. Uninstall Flash from the Flash player settings page.

56 Isolate Flash 
and Java

These are two of the biggest security headaches. Uninstall Flash using the uninstall tool from Adobe. Then download Google Chrome, which includes its own sandboxed version of Flash.

You’ll either have to switch to Chrome as your primary browser or use it whenever you navigate to a Flash-enabled site. (Don’t forget to review the browser’s privacy settings.)

57 Install the latest version of Java

If you really need Java, get Java 7. Note that, because Java 7 is 64-bit and Chrome is only 32-bit, this version of Java will work only in Safari. Disable it (Safari Preferences > Security, uncheck Enable Java), and turn it on only when you need it.

58 Enable Gatekeeper in default mode

Go to System Preferences > Security & Privacy, and in the box titled ‘Allow Applications Downloaded from’, select the option ‘Mac App Store and Identified Developers’.

59 Use an email filter

Try using an email provider, such as iCloud or Google, that filters malware.

60 Apply plug-ins

You can block potentially compromised ads in your browser with a plug-in such as Adblock Plus.

61 Use a firewall

Use an outbound firewall such as Little Snitch (US$34.95, www.obdev.at) to catch any malware that sneaks through.

62 Use a virtual machine

If you need to visit a really risky site, use a virtual machine in Parallels or VMWare Fusion, restoring it to a baseline snap
shot afterward.

Eight places smart browsers never visit

63 Questionable websites

Avoid the obvious trifecta of pornography, gambling and illegal download sites.

64 Forum links

Automated attack tools can make links posted in forums of any type dangerous. Use extra caution, no matter how innocuous the site seems.

65 Image search

Google or Bing image searches can also lead to in
fected sites. A family member of ours got infected hunting for birthday cake photos.

66 Free games

Ignore any site pushing free games that require Java or a download, but that aren’t signed for Gatekeeper.

67 Suspicious links

Avoid any link sent by 
a friend in email (usually to multiple people) with a subject line like ‘Pictures of you’, ‘Check out this link’ or ‘You have to see this’. Call your friend on the phone and tell them they’ve been hacked.

68 Twitter links

Bypass any link on Twitter from a follower you’ve never heard of, sent within minutes of your last tweet, usually with ‘Check this out’.

69 .ru or .cn links

Don’t visit URLs that end with .ru or .cn, unless you are Russian or Chinese.

70 Old sites

Skip any website with a blink tag, the Comic Sans font, and/or a tiled image background. Odds are, no one has maintained it since 1996.

Eight ways to hide files and folders

71 Enable File Vault

You can go to your Mac’s System Preferences’ Security & Privacy pane and turn on File Vault to encrypt your entire hard drive.

72 Put them in the Library

Assuming that your Library folder is hidden (which is the default in OS X Lion and OS X 10.7 Mountain Lion), hold down the Option key as you open the Finder’s Go menu to navigate to that Library folder, and then drag files and folders into it.

73 Put them in another user account

You can create a new user in System Preferences’ Users & Groups preference, copy files to that user’s Public folder, log in as that user to move your files out of the Public folder, and then log back in as yourself. Remember to delete the original files.

74 Move to hidden folder 1

In Terminal, type chflags hidden and then drag a folder that you want to hide from the Finder into the Terminal window.

You can still access those hidden folders by summoning the Go To Folder dialogue box (c-Shift-G) and typing in their full paths.

If you want to unhide the folders, all you need to do is go back to Terminal and type chflags nohidden followed by the file path.

71. Using File Vault is the simplest way to hide files and folders on your hard drive.

75 Move to hidden folder 2

Again in Terminal, type mv foldername.foldername. This moves the original folder to one with a full stop at the beginning of its name. In Unix, folders with a full stop at the beginning of their names are considered system files and so are hidden. (You can’t add a full stop to the beginning of the name in the Finder, because that will result in an error message.)

You can also type mkdir .hiddenfolder to create a new hidden folder.

In either case, you’ll be able to gain access to the hidden folder by using 
the Go To Folder option.

76 Hide in plain sight

Try using innocent-sounding file and folder names such as ‘Cat videos January 2013 – LOL!’ instead of the more intriguing ‘Nuclear trigger codes’ and the like.

77 Set visibility attribute to invisible

If you have access to Apple’s Developer Tools, go to Terminal and enter setfile -a V followed by the name of the file. That sets its visibility attribute to invisible. You can undo this by using a lowercase v.

78 Use a third-party utility

You can also try various third-party security software such as Apimac’s Secret Folder ($20; www.apimac.com), Altomac’s Hide Folders ($20; www.altomac.com), and MacPaw Software’s Mac Hider ($10.49; macpaw.com).

Three ways to surf the web anonymously

On some occasions you may want to visit a website without revealing anything about yourself (such as your IP address or operating system) to the site itself, your ISP or any other networks through which your data passes.

You may also wish to keep your surfing hidden from hackers who might be eavesdropping on public Wi-Fi networks, and prevent records of your activity (such as browsing history and cookies) from being stored on your Mac.

79 Private browsing

Most web browsers have a private browsing mode (for example, in Safari, choose Safari > Private Browsing), but that addresses only part of the problem.

A private browsing mode prevents your browser from storing information about where you have been. However, it doesn’t prevent the websites you visit from knowing your IP address (and therefore your approximate location) as well as other details that could be traced to you.

Furthermore, even with private browsing enabled, your Mac can cache DNS lookups, and browser extensions or plug-ins can store their own caches and cookies.

80 Proxy server

You can address the problem piecemeal by using a proxy server or VPN (virtual private network) to hide your true IP address, a browser’s private mode to prevent local data storage, a browser extension to disguise your operating system, and so on.

81 Browser bundle

The easiest solution is to download and install a software bundle that handles all of these privacy measures for you at once: the free Tor Browser Bundle (www.torproject.org).

It includes ‘onion router’ software to redirect your web traffic through a series of anonymous proxies, as well as a custom Mozilla-based browser with an optional private browsing mode (choose Tools > Start Private Browsing).

Just beware: All those redirects and intermediate servers make web browsing much slower.

By Dan Frakes, Joe Kissell, Lex Friedman, Ted Landau, Steve McCabe, Rich Mogull, Ben Waldie and Dan Miller, Macworld

Leave a Comment

Please keep your comments friendly on the topic.

Contact us