SecureMac, Inc.

Mac OS X Security Guide v.1 by Chevell – SecureMac

June 5, 2002

MAC OS X Security to the general Macintosh user has never been much of an issue. Turn it on, use it, turn it off when you’re done. And even if you’ve got a DSL or other dedicated line, warnings related to hack attempts on open and dedicated networks lines never seemed to instill fear in a Mac user. Sure there are products like Norton Personal Firewall or NetBarrier 2.0, but these are for professionals right? Well, not really. But the truth is, for the general Macintosh user, the chances of …

Mac OS X Security Guide v.1 by Chevell – SecureMac

MAC OS X Security to the general Macintosh user has never been much of an issue. Turn it on, use it, turn it off when you’re done. And even if you’ve got a DSL or other dedicated line, warnings related to hack attempts on open and dedicated networks lines never seemed to instill fear in a Mac user. Sure there are products like Norton Personal Firewall or NetBarrier 2.0, but these are for professionals right? Well, not really. But the truth is, for the general Macintosh user, the chances of getting hacked are pretty low. Especially if that user does not frequent any on-line chat facilities or make any on-line purchases; things of that nature. The main reason for this lack of concern comes from the same idea that keeps Mac’s safe from most computer viruses. Most personal computer users (about 85%) use Windows or some other WinTel based operating system. For this reason, few hackers even know anything about Mac OS and the remaining minority really don’t seem to care. This keeps Macintosh users safe to a large degree from most any random hack attempt.

Enter into the battlefield Mac OS X. Mac OS X is Apple’s latest OS goodie, due to be released on March 24th. This new platform is set to replace MacOS 9 and lower on most, or all, existing G3 and G4 systems. The UNIX based operating system is born of BSD heritage and contains much of the original UNIX code while modified extensively to work in the Macintosh’s user friendly GUI. Because of it UNIX base, Mac OS X now enters into a Brave New World of Security Models.

UNIX is the oldest and most distinguished main-stream computer operating system ever produced. It was developed in the 70’s by several parties including the US government and Bell Labs to help run the ever growing nation-wide and world-wide computer networks of the age. It is so complex and powerful that it eventually grew and changed with the times, evolving into the most widely used Enterprise level server OS and network management system on the planet.

Mac OS X, now based on this technology, moves from the less than 10% global market share of personal computers to a more than 50% market share of all computer systems. Thus, increasing its visibility to hackers world-wide. For this reason, Apple has tried to include a base install that is, more or less, safe to all users from exploits and hack attempts by the underground masses. But Apple can only secure the machine until its left their dock. Once the average user gets his paws on that mouse and keyboard, logs in as root and starts changing the system configuration, the entire OS could be riddled with back doors and exploitable passwords.

For this reason, the responsible Mac OS X user needs to be aware of security risks that might plague the new operating system. The basics are echoed for all computer platforms: Use a password that does not contain merely letters but numbers and at least one special character. Do not use English words in the password to further complicate the hackers attempts to decode it. Change your password often and remember it, DO NOT write it down. If the machine is in a business, ensure that it will not be touched by users other than those allowed onto the system. If this is not possible, ensure that the screen saver has a password protection built into it and that it is enabled whenever you leave the machine.

These are the basics in keeping your computer safe from hack attempts but they do not solve all the problems. A Mac OS X user should be aware of daily Macintosh news that might report new bugs which have been encountered in the OS or possible exploits used in a recent hack attempt. This information can help users ensure that they have the latest and most up-to-date files, securing their personal information and files from the world. Also, ensure that security measures put in place by Apple are not circumvented first by the user, for that make it that much easier for a hacker to circumvent them. Do not add services to your computer unless you understand how they work. Because Mac OS X is UNIX based, many developers will be coming out with new applications for the Macintosh that were previously only available for other UNIX platforms. These applications might not have been tested thoroughly for security bugs before release and may compromise system integrity.

The most effective way to ensure that your Mac OS X system stays secure for months and years to come is to leave the root account alone. In current builds of Mac OS X, Apple has disabled root access to the system. Sure it can be hacked and then used for a login account however this is not recommended for the average user. Apple has designed the OS to allow a system administrator (user account created at install or given these rights by the original admin) to accomplish most tasks without needing to use the root account. Because the root account is the absolute power in a UNIX-based OS, this account can cause heavy damage to the system if it should happen to crash while logged in as root or can open up back doors simply by changing privileges on the system.

If trying to access remote sites while logged in as root such as www or ftp, this is an immediately hackable exploit. Remote users can �sniff� anything you do on your machine that is not encrypted. If logging as root, a hacker can access all files that that account can access- in this case, everything. Leaving the root account disabled will ensure that the system is not completely accessible by remote hackers.

Apple’s current scheme for enabling full access on the system appears to be using the �sudo� command from the command line. This command, when coupled with an administrator password, allows users to execute commands and complete tasks under the root account. Leaving this option open is a small risk compared to the end results of either leaving it completely closed or opening up the root account for login access.

If the user is unable to execute commands under the root account, items may not be able to be installed into the system that require that they run under the root account. All system daemons or processes that run at start up and continue to run (FTP, WWW servers, etc.) run in the root account and would not be able to be installed without the sudo command.

Alternatively, opening the root account up for login access is even more dangerous as it allows the system to be setup for possible hack attempts by other users and could allow the destruction of important data should a system crash arrive. Only users who are absolutely sure what they are doing should ever log in as root, and then, when finished, should log off the system and back in as a regular user.

All of these security items should be followed with any UNIX-based operating system. Fortunately for most UNIX users and unfortunate for Mac OS X users, UNIX is generally used in the workplace, on high-end servers and workstations, by those who have been trained to use them. Macintosh users, having received nothing but the online help (and who reads those?) are faced with a dilemma. They are generally untrained and unqualified to use the system correctly. While this may be true with all personal computer operating systems, it is especially true with Mac OS X. To protect themselves, OSX users should be cautious of what they do and restrict themselves from the root account entirely.

Get the latest security news and deals