How to control security and privacy on OS X

27.08.2015
Maintaining privacy and keeping data secure are hugely important for any Mac user. Yet many of use give it scant attention and do little more than the bare minimum, if anything at all to ensure that hackers, opportunists and, yes, even the authorities are able to access as little of our personal data as possible.

Yet, OS X makes securing your data very simple, thanks to a host of tools in System Preferences and Safari, and several third party apps.

There are two places threats to your data are likely to come from: over a network like the internet, or from someone with direct access to your Mac. Taking steps to protect yourself will minimise both.

The first thing you should do is pay a visit to the Security & Privacy pane in System Preferences. Here, you'll find four tabs that control different aspects of security. To change settings you'll need to click on the padlock at the bottom of the screen and type in your user name and password. If you have an administrator account, you'll be able to make changes that affect the whole Mac, if not they'll only apply to your account.

Passwords...

The first tab is the General section. There are three settings here you should pay attention to. The first is the one which allows you to set a password for your account of you haven't already done so. You should have a password. The next allows you to specify if a password is needed to unlock your Mac when it goes to sleep or a screen saver begins. If you work in an office with other people, you should consider switching this setting on. You can specify how soon after sleep or the start of a screen saver the password is required. The most secure setting is 'immediately' but, like everything else to do with security, you need to balance security and convenience. So choose a time period that makes sense to you.

Next is the Disable automatic login setting. You should check this, particularly if you use a mobile Mac. If your Mac gets stolen, you don't want the thief to be able to access your data.

At the bottom of the General page are three options relating to which apps can run on your Mac. The safest, but most limiting option, is to only allow apps from the App Store to run. The least secure is to allow apps from anywhere. The middle option is a good compromise, allowing you to run apps from the App Store and from developers known to Apple.

The FileVault tab allows you to encrypt all the files in your user account. To decrypt them, you'll need to type in either your account password or the recovery key created when you switch File Vault on. For most users, the inconvenience of having to type in a password to open a file, together with the tine it takes initially to encrypt all the files on your Mac, outweighs the security advantages. But if you have reason to keep data as secure as it can be, switch it on.

Next is the Firewall tab. It's important to note that OS X's Firewall, while useful, offers only limited protection from malware. That's because it shields you from inbound traffic only. It's job is to limit which apps and services can accept incoming connections. It doesn't provide any control over outbound connections ie apps and services which initiate connections. So, for example, if you download a piece of malware, OS X's Firewall won't stop it connecting to the Internet. For that, you'll need an outbound firewall, usually found in ant-malware tools from the likes of Intego, Sophos, and Symantec.

In the Firewall tab, click Firewall Options to make changes. Here, you'll see a list of apps and services which are able to receive inbound connections. To add one to the list, if, say you try to run an app and it displays an error telling you it has been prevented from accepting an inbound connection, click the '+' beneath the list.

You should ensure that Stealth mode is enabled, and, for convenience, tick the box that allows signed apps to automatically accept incoming connections.

If you're concerned about apps making outbound connections, consider installing Little Snitch, which reports on apps that 'phone home' ie connect to a remote server, and allows to prevent them from doing so.

Location Services...

The last tab, Privacy covers a number of different controls and settings. These are listed in the window on the left of the pane. Location Services allows you to control which apps have access to your location data. You can switch Location Services off completely here, or prevent individual apps from accessing data.

Likewise, Contacts, Calendar, and Reminders allow you to specify which apps on your Mac can access the information stored in those core OS X apps. If you've added your Twitter, Facebook, and LinkedIn details to the Internet Accounts System Preferences pane, you can control which apps have access to those accounts here.

Lastly, but perhaps most importantly, is the Accessibility section. Despite sharing a name, this, confusingly, has nothing to do with the settings available in the Accessibility pane in the main System Preferences window. Here, you can control which apps are able to control your Mac in some way. For example, Deeper and Onyx allow you change settings which would normally require Terminal commands. To use them, you'll need to enable them here.

Safari privacy...

Away from System Preferences, Safari has several settings that allow you to control privacy. The first is New Private Window, from the File menu, which allows you to visit websites, without a record of where you go being stored in the History menu, or anywhere else on your Mac.

The second is Clear History and Website data, in the Safari menu, which if you click it periodically, erases cached data from the sites you visit and removes them from the History menu. In Safari's Preferences, the Privacy section allows you to prevent websites tracking you, control which sites can store cookies on your Mac, and specify how your location data is made available.

And if you're concerned about storing website username and passwords, or personal data, go to the Auto Fill and Passwords sections and uncheck the boxes that enable those services.

Finally, a word on passwords

Good passwords should be difficult to remember. They should also not be written down. That, of course, presents a problem, particularly if you don't want Safari to auto-complete them. The solution is a password manager like 1Password or Dashlane. These apps allow you to create and store robust passwords and sync them across all your devices. Crucially, however, they encrypt the data and allow allow access when you type in the master password. For more ideas read: How to choose a strong password, what is a good password

Read next:

How to remove Mac malware: free ways to scan, protect and defend Mac OS X from malicious software

Best Mac Antivirus software

Do Macs get Viruses

How to remove MacKeeper from your Mac

(www.macworld.co.uk)

By Kenny Hemphill

Zur Startseite