As part of its marketing for OS X, Apple has promoted security of its operating system by making claims to the effect of OS X doesn't get PC viruses -- a stance that has been repeated on its Web site and in various television commercials. While technically true, this claim has been somewhat misleading to consumers who interpret it as there being no malware in any form for OS X. Apple appears to be addressing this confusion with a couple of recent changes to its Web site's rhetoric on security.
Earlier this month, security company Sophos noted that Apple had edited its descriptions of OS X security features on its Australian Web site, and changed its stance from OS X inherently keeping users safe without any effort on their part, to instead being an operating system that offers users tools to help them be as safe as possible.
For example, one of the previous statements on its site was, "A Mac isn't susceptible to the thousands of viruses plaguing Windows-based computers," which indicates to many that there is no need to be concerned with malware and attacks. In its new description Apple is instead claiming, "Built-in defenses in OS X keep you safe from unknowingly downloading malicious software," and by doing so is pulling back from promoting a lackadaisical approach to security for its customers, and replacing this with the notion that OS X just offers features to help users be as secure as possible.
These changes follow recent malware developments on OS X that have either, or that have taken advantage of security holes in third-party programs and resulted in the on many compromised OS X systems. Malware developers will undoubtedly continue to target OS X and take advantage of vulnerabilities that present themselves, so a change in Apple's stance on malware and other threats is warranted.
Not only is Apple changing the descriptions of its security features, but it's also offering tips for users to keep security in mind when using OS X. On its security descriptions for the upcoming Mountain Lion release of OS X Apple has listed several ways that users can enhance the security of their data when using OS X.
While Apple has offered these tips on its site, it does not offer any details on how or where to set them up.
- Turning on the firewall
Apple includes an application firewall in OS X that will block incoming network communications on a per-application basis, but this feature is off by default. To enable it, you must go to the Firewall tab of the Security system preferences and enable it. After doing this, when a new application tries to open a communications channel, the system will prompt you to either allow or deny it.
- Blocking your screen
Apple offers options to lock your display so even though you are still logged in, you can prevent someone from sitting down and using your system without providing your password. There are two ways to do this in OS X. The first is to open the Keychain Access utility and then enable the keychain status menu using the program's preferences. Then go to the menu and choose "lock screen" whenever you need to leave your system.
The second approach for this is to enable a screensaver lock in the General section of the Security system preferences, which can be set to activate immediately or up to 4 hours after the screensaver has activated. In addition to screen locks, you can enable other options in the security system preferences to disable automatic log-ins, and enable Apple's FileVault full-disk encryption technology.
- Securely delete sensitive files
If you have a file that contains sensitive data that you would prefer to delete with no way of recovering the file, you can place it in the trash and choose Secure Empty Trash from the Finder menu. This action will overwrite the file's location on disk instead of merely deleting its entry from the disk's index, and thereby will prevent the data from being read in the future. This option is only specifically selected by default, but you can have it enabled at all times in the Advanced section of the Finder preferences.
- Set up secure file sharing
Apple's suggestion to secure the file-sharing setup in OS X simply means to ensure that nobody can access your files over the network without proper authentication. If you do not have any need to share files over the network in OS X, then be sure the File Sharing service in the Sharing system preferences is unchecked. If you do need to share files, then enable file sharing and be sure to only allow those who need it access to your files.
By default, only your account can access the files in your home folder or in folders you specifically share. While OS X supports options to give entire groups of individuals or even everyone full read-and-write access to these shared folders, opening up the system like this may not be the best idea. Instead, only give specific users access by creating a sharing-only account for them to access that one shared folder. This can be done in the Sharing system preferences by clicking the plus box under the list of users for the given shared folder, and adding a given user name (or a new one if you need to create it) to a shared folder followed by setting its access permissions.