SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Sharing Preferences in macOS

Posted on April 27, 2017
  • Screen Sharing
  • File Sharing
  • Printer Sharing
  • Remote Login
  • Remote Management
  • Remote Apple Events
  • Internet Sharing
  • Bluetooth Sharing

Computers offer users the most usefulness when they connect and share data with one another. That was a founding idea behind the Internet, and the need to exchange information continues to drive innovation today. Did you know that your Mac has a powerful suite of sharing tools built right into macOS? If you’ve ever looked through your system preferences, maybe you’ve noticed the Sharing screen and all its various options. Some of them, like file and printer sharing, are as straightforward as they sound; others, like “Remote Apple Events,” can leave you scratching your head.

Utilizing some of the sharing options can have an impact on the security of your computer, as well. It’s important to only enable the sharing services that you actually need, and leave the rest of them turned off.

Whether you just want to share information over your home network or you want to make sure your computer is set up for sharing in a secure manner, understanding the sharing preferences will make your macOS experience all the more valuable! In today’s episode of The Checklist, we’ll cover each of the options on this preferences screen, what you can do with them, and the potential impact they can have on your Mac’s security.

Note: All of the settings we’ll be discussing in this episode can be found on the Sharing preferences screen. To get there, click the Apple icon in the upper lefthand corner of your screen, click System Preferences, and then click the “Sharing” icon. Additionally, we’ll be reviewing the various sharing options in the context of a trusted home or office network environment – if you’ll be traveling with your Mac or connecting to an untrusted network such as the free wifi network at your local coffee shop, you’ll want to disable all of the sharing services unless you need them enabled for a specific reason on the untrusted network.

Screen Sharing: Put simply, screen sharing does exactly what it says — it allows you to let another Mac user view your screen as if it were their own, from anywhere in the world. The user you’ve shared the screen with can move the mouse cursor, open or close windows, enter text from their keyboard, and even start apps. A screen-shared user can even reboot the machine — so this isn’t a feature you want to use with anyone you don’t explicitly trust.

With that said, it’s a very useful tool in certain situations. If you want to allow someone else to help you solve a problem with your Mac, this is a quick and easy way to give your friend access.

When you set up screen sharing, you’ll have the opportunity to designate who can share the Mac’s screen. You can restrict this option to only provide screen sharing access to specific users, or allow anyone to request permission to share your screen. While screen sharing can be great when a family member or friend is helping you fix a problem with your computer, it does come with a certain degree of risk when it comes to the security of your Mac. Since a remote user can control your mouse and enter text on your Mac when screen sharing is enabled, it’s extremely important to only enable screen sharing for people you specifically know and trust — you’re putting the security of your computer in their hands! A malicious remote user could do all sorts of bad stuff, such as disabling your Mac’s digital defenses or sending themselves your sensitive files.

There are a number of tech support scams that take advantage of the screen sharing functionality in macOS. We’ve discussed these scams on this show in the past, but here’s a quick refresher on them: You’re surfing the web when suddenly you see an alert pop up saying your Mac is infected and you need to call some 1-800 number to fix it. If you call the number, the tech support scammer will walk you through the steps of enabling screen sharing (sometimes through macOS itself, other times through a 3rd party remote control program such as VNC or PCAnywhere), and proceed to take control of your computer to “fix” the problem (which didn’t exist in the first place). They’ll then proceed to charge you hundreds of dollars for their supposed services. These tech support scams are one very good example of the danger of allowing someone you don’t actually know and trust in real life to remotely access your computer through screen sharing.

Next up in the list is file sharing.

File Sharing: Sharing your data is one of the most basic networking features out there, and enabling it is as simple as checking the box next to “File Sharing” on the Sharing preferences screen. The practical effects are pretty basic: this allows other machines on the network, both macOS and Windows-based, to “see” and communicate with your Mac. By defining folders as “Shared,” other networked users can access these folders to access, add, or remove files. Depending on the level of access you provide, users can be limited to only add files to the designated “Drop Box” folder (despite the similar name, this folder has nothing to do with the DropBox file sharing service).

The utility of this feature is clear, especially for those with lots of machines or with a family: sharing data between computers is easiest over your home network. For example, maybe you setup a shared folder to store your family photos. You can define some permissions so you aren’t giving free reign of your shared folders to anyone on the network. You can set folders to be read-only, for example, or you could instead opt only to allow certain users to write data to the folder. Overall, this is a straightforward feature; used correctly, it can be very valuable.

File sharing does come with some security concerns, however. First, you need to be very careful when it comes to who you’re providing file sharing access to, and what files and folders you’re allowing them to access. If you’re just looking to quickly transfer some files over the network, Apple’s got your back. By default, only your public folder is shared – it gives other users a place to put files on your Mac, but keeps them away from your important documents and data. File sharing is definitely something you want to disable when you’re not on your trusted home or office network; there’s no need to have your Mac advertising the fact that file sharing is enabled to all those random people at the coffee shop!

So, what’s next? Let’s talk about printer sharing!

Printer Sharing: Though many printers today come equipped with wireless functionality, it’s not universal. You might have a printer physically connected to your home Mac, which is great when you need to print things, but what about everybody else? If you don’t want to purchase a wireless printer, but you’d still like to be able to let others on your network use it for printing, you’ll want to look at the Printer Sharing option. Like file sharing, setting up this feature is easy and straightforward.

If you have your printer connected to your Mac and ready to go, all you need to do is check the “On” box next to Printer Sharing on the Sharing Preferences screen. From there, you’ll see a list of available printers in the window. Choose the correct printer, and it will be automatically shared with everyone on the network. As before, if you’d like to restrict its usage to particular users, Apple allows you to do that; just define them in the same window as you selected the printer. That’s all there is to do for printer sharing.

As far as security risks go, this one doesn’t pose much of a threat. I mean, sure, if you allowed random people to utilize your printer you might end up running out of paper and printer ink earlier than normal, but other than the environmental impact there’s not much of an issue here.

Unlike printer sharing, the next item on our list *does* come with some serious security concerns to be aware of.

Remote Login: So far, we’ve covered Sharing services that are pretty straightforward, but the “remote login” option is a feature geared more towards advanced users. At its most basic, this is a feature which allows you to log in to your Mac from another computer while you’re away from home. However, it lacks the easy setup of Screen Sharing and requires you to know some key information about the machine.

After enabling remote login, specified users can use the secure shell protocol, commonly known as SSH, or the Secure File Transfer Protocol (SFTP), to log in to your Mac via the Terminal application. Using this feature requires entering your username and the IP address of the Mac in question through the Terminal’s command line. Afterwards, you can coordinate file transfers and other operations. For most users, though, this advanced feature isn’t something you’ll often (or ever) need to use.

From a security standpoint, it’s best to leave Remote Login disabled unless you really know what you’re doing.

Next up is a feature that sounds similar to Remote Login – Remote Management.

Remote Management: If you’ve ever looked at screen sharing before, you might’ve noticed that you can’t enable both “Remote Management” and “Screen Sharing” at the same time. Remote Management supersedes sharing; in other words, when you enable this option, this feature takes over the screen sharing functionality. Why?

Remote management is a feature designed more for corporate environments or setups where many Macs are on the same network. It is a more powerful administrative tool that allows for expanded control over the remote machine. Enabling Remote Management on the Sharing Preferences screen turns on the service necessary for Apple’s Remote Desktop product to work properly. Usually, a system administrator will use this functionality for troubleshooting, software installation, and other “housekeeping” tasks. Unlike screen sharing, which requires users to ask for and receive permission first, remote managers can access the Mac without delay.

As with Remote Login, most home users won’t have a need to enable Remote Management, especially since Screen Sharing fills many of the same roles. Security-wise, unless you’re in an office environment where it’s specified by your system administrator, you can leave Remote Management disabled.

Now, there’s one more “sharing” feature that centers around working on your Mac from a distance. What are these “Remote Apple Events”?

Remote Apple Events: When it comes to automating tasks on your Mac, Apple has a robust scripting environment in the form of AppleScript and Automator. This works great when you’re at your computer, but what about those times you’re not? If you’ve ever wished you could tell one of your Macs to do something without sitting down in front of it, this feature makes it possible. A “Remote Apple Event” is simply an action triggered by an Applescript sent to your machine from another Mac. For example, it could be telling the computer to shut down or go to sleep, or adjusting the volume on music playing in iTunes. The only limiting factor on what you can do with Remote Apple Events is your ability to code in Applescript. To send commands, users can run the script through the Terminal. You must also know the actual IP address of the target Mac in question.

If you decide to turn this feature on we suggest you define a limited range of users who have permission to run scripts on your machine. Otherwise, you’re opening a potential security hole in your computer’s security. By restricting usage, users will need a username and password to authenticate their access to your Mac. There are plenty of tutorials out there on the web about what you can do with Remote Apple Events. If you like to tinker and customize your Apple experience, this is a fun way to explore expanding the functionality of your home computers.

Two more items to go on the sharing preferences screen! Up next is Internet sharing.

Internet Sharing: Internet Sharing is exactly what it sounds like: a way to share your Mac’s Internet connection with other devices. Setup is fast; once you enable this feature, you only need to choose the connection you want to share and then designate the sharing method (like Wi-Fi or Ethernet). If you choose Wi-Fi, this instantly transforms your Mac into a kind of wireless router. This feature is useful if you don’t have a wifi router at home and need to get online with your iPhone or iPad, but it’s even handier when you’re away from home.

Consider this: you’re traveling, and you’re staying someplace where your only option is a wired connection to your MacBook. However, you’d prefer to use your iPad instead. By enabling Internet sharing on your MacBook, you can provide a wireless signal for your iPad to use for a connection.

As far as security is concerned, there are wi-fi options which you can use to set up a password for your shared internet connection, in order to prevent strangers from being able to use your new access point. Obviously, Internet Sharing is a service you’ll want to keep disabled when you don’t actually need to use it.

And the last item on today’s list: Bluetooth sharing.

Bluetooth Sharing: Now, before we talk about Bluetooth Sharing itself, we need to take a step back and talk about how Bluetooth is used in a larger context on your Mac. If you use an Apple wireless keyboard or mouse, you’re already taking advantage of the Bluetooth capabilities of your Mac. Bluetooth has its own screen in the macOS System Preferences, and is generally enabled by default. You might be familiar with the Bluetooth menu bar icon, which will let you know when it’s time to replace the batteries in your Apple wireless keyboard or mouse. While the Bluetooth Sharing feature utilizes the Bluetooth hardware in your Mac to work, it’s a completely separate and optional setting to configure. Along the same lines, having Bluetooth Sharing enabled on your Mac is different from having Bluetooth itself turned on. To compound the confusion, you need to have Bluetooth enabled before Bluetooth Sharing will work.

With features like AirDrop, Apple already makes it simple to share files between macOS and iOS, but when it comes to non-iOS smartphones and tablets, it’s not quite as straightforward. Thankfully, there’s a solution for situations like that! Bluetooth Sharing is one of the easiest ways to quickly share files wirelessly between non-IOS mobile devices and your Mac. The Bluetooth Sharing section of the Sharing Preferences screen governs how your Mac will handle requests to share data over Bluetooth with your system. There are a few options to adjust here that can make your Bluetooth Sharing experience smoother while allowing you control over where files end up on your hard drive.

You can choose how your Mac behaves when it receives a file: will it save it, open it automatically, or ask you first? This last option is the best one — it gives you the chance to evaluate the sharing request and make sure everything is okay before allowing new data onto your computer. By default, macOS will save shared files from Bluetooth devices to your Downloads folder. You can set a different file path here if you prefer. You can also make some folders on your Mac publicly available to Bluetooth devices. Choose which folders you want to share, or set up the option to request your permission when a device wants to browse files.

When it comes to the security of your Mac, Bluetooth Sharing is one of the services that you’ll want to leave disabled in most situations, unless you’re specifically trying to transfer data to or from a non-iOS mobile device. However, it’s ok to keep Bluetooth itself enabled, as it needs to be on in order for your Mac to communicate with your wireless keyboard and mouse!

When you understand the sharing capabilities of your Mac, you can extend its functionality in many useful ways. Whether you’re making an Internet connection available to another machine or setting up a shared printer for family use, correctly configured sharing options can supercharge your home network’s capabilities and ensure you always have access to important files and data. Even if you’ve previously configured the various sharing options on your Mac, now is a good time to double-check your settings and make sure you’ve disabled the sharing services you don’t specifically need to use on a regular basis.

Thanks for joining us again on this edition of The Checklist. We’ll see you again next week!

If you’d like more information on this topic, or if there’s a specific one you’d like to see us cover on a future episode, send us an e-mail at checklist@securemac.com!

Join our mailing list for the latest security news and deals