Charlie Ruggiero
- 2002.03.06
This article is meant for beginning users who are worried about
security on their Mac OS 9.x or earlier system. For ease of use I
have separated the information into four sections.
Data Security
It is very difficult to completely secure data on a Mac OS 9.x
and lower computer. Macintosh computers running OS 9.x and lower
will probably never be run in a high security facility for this
very reason, but there are a few things you can do to stop
snoopers.
Mac OS 9.x offers built-in file encryption. It is easy to use
and is secure enough to stop most people from reading your data.
The only problem with the built in encryption software is it will
not encrypt folders or groups of files. To get around this compress
the data (using StuffIt) and encrypt the compressed file.
Under older operating systems you can use something like Stuffit
Deluxe to add a password to a compressed file. This security is not
as good as OS 9's encryption software, but it will definitely keep
snoopers out. There is also shareware encryption software available
for older operating systems.
For systemwide light security there is a montage of screen
saver-based password protection, startup password protection, and
even software that allows you to make certain files invisible.
These should never be considered for high-security.
For systemwide heavy security there is software that modifies
the boot sector of your hard drive to not allow booting or access
to the drive until a password is entered. Think of it as a
mini-program that runs before the computer starts the OS. This
prevents people from accessing your data even if they boot from a
CD. This does not protect against the hard drive being
erased.
Before applying any kind of password protection, remember
what you used for a password. [Don't laugh - I once had a
coworker lose an entire partition full of files when he was unable
to recreate the password he had created. dk] There is basically no
way to gain access to an encrypted file if you don't have the
password. Make it something you can easily remember - but not so
easy it can be guessed. Examples of bad passwords that everyone
uses (but shouldn't):
- password, god, <your name>, <a relatives name>,
computer, <company name>, <a pets name>, macintosh,
mac, <your social security num>, <your birthday, family
member's birthday>
Basically any password that can be obtained by simple research
is bad. You should avoid dictionary names as well. Some good
passwords contain at least 1 number, one capitol, and one
non-letter/number character. Like:
- VdeF13*jJ
This is extremely hard to remember, but if you create a phrase
it is easier:
- TcioI2c = The cat i own Is 2 cute
Easy to remember, hard to guess.
Internet Security
Currently there is a huge buzz about firewalls and people
hacking into your computer from the Internet. It is almost silly
for Mac OS 9.x users to worry about Internet security. What you do
not need to do is go out and buy a firewall or some sort of
software solution unless you are running a server. People
running a server probably know about the security risks and have
taken steps to cover it, so I will not go into that right now.
The biggest risks for Mac OS 9.x users are through file sharing,
Web sharing, and third party applications opening up your computer
to the Internet. File sharing should be off unless you are using it
for something, do not leave it on if you do not use it. If you need
it, make sure it is using password protection for all users.
Never have "guest" access, as a password is not required for access
to your computer. Make sure your password is hard enough to not be
easily guessed.
Turn off Web sharing if you do not use it. If you need Web
sharing, make sure the documents included in the root directory are
not your whole hard drive. Even though it's read-only access,
someone may be able to read a document you want secret.
Never store passwords on your hard drive in a file unless that
file is encrypted with a good password.
The next threat is from third party software that opens up your
hard drive to other computers on the Internet. Programs like
LimeWire, Napster, and other point-to-point file sharing programs
all allow access to a specific directory of your hard drive. Make
sure you do not make that directory your entire hard drive, or
include aliases to data outside of that directory. While I do not
know of any security risk besides what I just mentioned, I would
still recommend shutting down those types of programs when you
leave the computer unattended.
Virus Related
A lot of people using Macs don't worry about viruses. There are
very few Macintosh viruses compared to the Windows world, and
because of that many people have decided not to purchase virus
software. I recommend you purchase virus software for two
reasons:
- You can spread viruses unknowingly to other Windows users even
though you see no signs of virus activity.
- Viruses written in the early 90s are making a comeback because
fewer people are using virus protection.
The main concern is macro viruses on Macs. They may not always
work right on the Mac, but they can cause some annoying side
effects. One problem you may see is Word constantly wanting to
save, even if you made no changes. Saves may take a long time. Text
may not appear the way you thought it would, and a number of other
annoying minor problems. Get virus protection to stop these
problems and to prevent viruses from spreading.
As stated in number two, some viruses have been popping up
recently that were meant for early System 7 operating systems, but
the still effect computers with OS 9.x because of backwards
compatibility. Most notable the 666 virus has made a comeback,
causing damage to various system files, applications, and
documents. This virus, written a long time ago, still plagues us
today because people are not using virus software. Another annoying
virus that still shows up is the
autostart worm.
Get virus software and keep it up to date for both your
computer's security and the sanity of Windows users and the
world.
Physical Security
Having your data secure on your computer is good, but if someone
steals the entire computer you are not only loosing all that data,
but giving the thief a chance to spend as much time as they need to
break through the security.
The first step is to determine how to secure the computer as a
whole. Most Macs have a security hole where you can insert a tab
and attach a cable to it. This is useful to stop a casual thief,
but bolt cutters can get through the tab in seconds.
The tower G4 and Blue and White Macs have a lock that keeps the
door shut if a bar is pulled out and a padlock is put through the
bar's hole. Tabs, padlocks, and cables are great if you are in a
higher security area, but they should not be completely relied on
for physical security. If you have sensitive data, the computer
should be stored and used in a limited access room. The room should
not have universal key access. You should backup regularly to
ensure you still have the data if your computer is stolen.
Some Macs may be vulnerable to component theft. Easy access to
the motherboard is great for upgrades - and also for theft if
someone just wants to steal memory, hard drives, or even PCI cards.
Most vulnerable are the Power Mac G4 and Blue and White G3 towers.
They luckily have the security bar mentioned above, which should be
used.
Other computers, like slot-loading iMacs, are vulnerable to
having memory stolen. While it is hard to get to other components,
there is almost no way of stopping someone from stealing the
memory. You should take a look at your computer and see how easy it
is to get the case off. Then try to think of some ways to prevent
people from stealing components if your computer is open to the
public or in an open office setting.
In case your computer is stolen, I recommend doing two things:
Label your computer in some way. Etching is good, but it could
lower the resale value (and void the warranty if done in the wrong
spot). If you don't want to etch, maybe get a sticker with your
name, address, and phone number and place it in a non-obvious spot.
Stick it on a non-removable item like the inside of the case
wall.
The second thing is to write down the computer's serial number,
installed components (memory size, hard drive size, video card),
and even the ethernet hardware address, which you can obtain by
clicking on the Info button in the TCP/IP control panel. These
items will allow you to identify the computer if it's
recovered.
Keep copies of receipts past the warranty period for insurance
purposes. Check with your insurance company to make sure the
computer is covered if stolen. Many insurers do not cover
computers unless you specifically add them to the policy,
especially laptops. They will want to know the serial number, model
number, price, and specifications of the computer.
What to do if the computer is stolen
Always file a police report and give them as much information as
possible (like the serial number). There is a chance the computer
will show up somewhere. Check local pawnshops for your computer. If
a pawnshop is honest, they will have taken information from the
seller such as a driver's license number, phone number, address,
and even fingerprints. Call the insurance company and give them the
information, including the police report number.
If the data is extremely important (and worth more than the
computer) offer a reward for equal or more than the computer is
worth and specify a no questions asked policy for safe return.
