Graham Lee, Senior Macintosh Software Engineer for Sophos, wrote an interesting paper recently. The paper, titled “10 Steps to better secure your Mac laptop from physical data theft,” covers tips and information most seasoned Mac users are aware of. However, as Mac users are cropping up all over thanks to marketing and buzz, these are still tips worth exploring. The Tech Herald spoke to Graham recently, and got him to talk a little about his paper and Mac security.
The Tech Herald sits down with Graham Lee on 10 things you can do to help protect your Mac. (IMG:Sophos)
[Note: Access to Graham Lee was provided by himself after an e-mail exchange. Sophos, while cited and sourced for news material in the past, was not the main source for this Q&A. Graham’s paper, and the reprinted tips, appear with his permission in limited form with commentary provided by The Tech Herald. The full paper is linked on page two of this feature.]
Not just anyone can write a paper for security on a Macintosh. For one, it will offend hardcore Mac users if someone poaches in their domain and, in some cases, the advice is ruled as invalid because of the author’s lack of experience on a Mac system. Does Graham have that experience?
The Tech Herald (TTH): How long have you been a Mac user? What got you into using a Mac over a Windows or Linux-based system?
Graham Lee (GL): I'm one of those odd people who got into Macs via NeXT. My undergraduate computing lab was stocked with NeXTStations. I was a Linux user at the time, but was quickly hooked on what would become Mac OS X... in fact my first 'real' job was back in that lab, upgrading it to Macs. I didn't use Windows much until fairly late in the 1990s and it just never grabbed me.
TTH: You mentioned in a recent interview that the reasoning behind your paper on '10 Security Tips for Mac' was a threat report that talked about "...the increased frequency of Mac based Malware attacks..." You pointed out that a user needs to be an active participant in most of the exploits working. In your opinion, does this negate the security risk?
GL: It doesn't negate it, but it does allow the user to assume some responsibility for their own security, without having to worry that the computer itself is letting everyone in while they're not looking. Even though the burglar is at fault when he breaks into your house, it doesn't mean that you don't need to worry about whether the doors are locked.
TTH: Why do you think criminals are targeting the Mac platform, even if it is in a small cluster of attack vectors?
GL: The recent increase in Malware attacks that we've seen on the Mac is beginning to use techniques which the bad guys are already using on Windows, and even detecting what browser a visitor uses to serve them Windows or Mac Malware. It seems that the Malware authors are testing the water, to see what tricks they can use and whether they can infect Macs. I don't know about you, but proof-of-concept Malware is one beta test program that I don't really want to take part in.
TTH: Do you really think that market share is the cause for the appearance of Mac based Malware? Would you agree criminals don't care about the platform, they target users only?
GL: Criminals are ultimately targeting people rather than computers; they want credit card details, PayPal login passwords and so on. However in many Malware attacks, it's actually computing resources - CPU time, hard disk space, network access - that the bad guys are trying to get as a base for launching the real work, which may be a spam campaign or a distributed denial of service (DDoS) attack. The criminals then effectively sell access to that botnet or zombie army, and the value is in the size of the army. Criminals will preferentially attack popular systems, because the size of botnet they get for a given amount of effort is higher.
Minority platforms don't escape the Malware problem completely; compromised Linux servers are frequently used as the command-and-control hosts for the botnets because they are available 24x7 and often don't have anti-Malware software configured. Currently Macs are too few to become cheap zombies, but not useful as army controllers - although as the market share increases, so does the attractiveness as potential zombies.
Malware isn't the alpha and omega of security problems though! Returning to the burglar analogy, we've decided that the door is nice and safe, but this doesn't mean people can't get in through the windows (no pun intended).
TTH: Avid Mac fans go crazy when the security of a Mac is mentioned or criticized. How would you explain to a Mac user that, despite the low number of vulnerabilities on OS X or Malware targeting the platform, security on a Mac is still important?
GL: The criminals are after information, which doesn't depend on our choice of computer - they want our credit cards, bank account information, or other personal details, and Mac users have bank accounts too. Even if there were fewer vulnerabilities on Mac for Malware to exploit - and it would be hard for anyone to claim that's true - other attacks including exploiting weak passwords, phishing or finding a laptop in a train station work in exactly the same way. Claiming that Macs are more secure is one thing, but proudly proclaiming that while leaving all the doors open will only have one conclusion; us Mac users will be proved wrong.
By design and their very nature, laptops are prone to physical attack, Lee says in the start to his paper. The reasoning is simple; they are mobile assets. Not only that, but as laptop owners take their asset outside, they are also taking all the information stored on it with them. There is tons of information online for PC based laptops, however, often tips like this for the Mac are forgotten. “In this paper I describe 10 steps that can improve the security of a Mac system, paying particular attention to laptop considerations. I concentrate on improving physical security – that is, protecting the system from attackers who can get their hands onto the computer,” Lee said.
Here are Graham Lee's helpful tips, with commentary from The Tech Herald in italics.
10 Steps to better secure your Mac laptop from physical data theft
1. Does it need to come with you?
“The first step in securing your remote computing lifestyle is considering whether you need to take everything out. All of the attacks discussed here involve getting data from the computer – the easiest way to stop that from happening is to ensure that the data isn’t there in the first place,” Lee wrote.
He makes valid points as well. Shoulder surfing, cell cameras, and other means can be used to collect information. Is this alarmist? Not at all, it’s a harsh fact that most criminals do not even use a computer to rip you off.
2. Change your Keychain password and settings
In short, the Keychain password is synched up to your log-in password. Once logged into the Mac, then your Keychain store is unlocked as well. If you don’t know what Keychain is, it is a feature on OS X that acts as a password and SSL storage station. Password managers like this keep you from needing to remember all the various passwords you use when surfing online. Changing the password for Keychain is paramount to removing the default passwords from wireless routers.
3. Lock your screen if you are away from the computer
This tip should go without saying. However, I myself have seen laptops, PC and Mac, left open and unattended in airports as a user makes a call or goes to the gate counter.
4. Enable and use Filevault
Protect your personal information by replacing your home directory with an encrypted container.
5. Encrypt disk images
Like Tip #4, encryption goes a long way towards securing your data.
6. Use Secure Notes in Keychain
Secure Notes often reminded me of the notes feature in outlook. However, anyone with access to the computer can find and read these little personal memos. Securing them with Keychain seems like a wise idea.
7. Secure Empty Trash
You see secure delete for Windows in the form of several applications. It only makes sense to use the feature if it is built into the operating system as it is on OS X.
8. Encrypted Swap Files
Again, encryption will go a long way towards protecting the information that is stored on the laptop. The 'cold boot' attack protection offered here is just smart if you use your Mac for business.
9. Use a firmware password
10. Automatic logouts
The full paper, with examples and detailed instructions, can be viewed here.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story