Useful
Tools - CheckMate - Part 2
The
files and their checksums. You can add/remove and import/export,
or go back to default..
|
| |
|
GPG
Mac
The
GNU Privacy Guard program for OS X. PGP-compatible.
•
Follow
the readme’s to a tee and you’ll be fine.
|
| GPG
for Mac OS X works perfectly as long as you follow every step
in the directions. The GUI tools are kinda minimalist, but
they work,
and everything works fine from the CLI. Definitely not as pretty
as PGP Freeware for Mac, but it’ll get better. Apple’s “Mail” program
has built-in
GPG support, too. |
|
MacSFTP
Carbon
Drag-and-drop
SCP (Secure CoPy).
|
Fetch-like
interface, but secure. If you’re moving files between
your Mac and an SSH-able server, this is a must.
Caveat: It will keep asking for your password over and over (because each transfer
is a separate SCP action). But you can add that password to your Keychain and then
it will stop bugging you. (Remove it later if you’re
worried about your Keychain’s security.) |
|
Surfing
Differences
Principles
and methods from the previous section also hold true in OS X.
One big tip: OS X ships with Internet Explorer. Update it asap.
Apple’s “Mail” program has SSL and GPG support!
:)
Eudora, Outlook, BlitzMail for OS X are available
|
We
covered the principles of safer surfing in the last section,
so here we’ll only skim and point out some key tips.
Thing One is, Internet Explorer comes with OS X. Make sure you update it right
away -- early versions had severe security problems.
Pure opinion re web browsers: Use OmniWeb. It’s shareware, but it has all
features enabled regardless of whether you register or not, and it has a bunch
of
security and privacy options that are easy to understand and modify. It’s
also fully integrated with the Quartz engine, so even silly web pages look beautiful
when viewed with OmniWeb. This program is what tipped me over the edge from OS
9 to X. :) |
|
Patches
Are
vital.
Software Update
•
Runs automatically, you can specify
when (at least once a week please…)
You might be able to
patch things quicker yourself with sourcecode, but usually not
a great idea
Apple’s pretty fast. If they’re not
fast enough, then get creative with your firewall.
•
Or
turn off services and just wait. |
Software
Update runs automatically, once a week unless you say otherwise.
Or you can “Update Now.” Sometimes, you’ll
hear about an update before your computer’s updater detects
it; try again in a few hours. Apple staggers the availability
to avoid having a big traffic glut all at once. If you don’t
want to wait, you can download and install manually -- go to
the Apple menu and select “Get Mac OS X Software…” to
be taken to the website.
As an alternative to waiting for Apple’s patch, if you know which services
are affected, you can get the updated source code and compile it yourself. But
the downside is that this can confuse Software Update, making future updates
more difficult to apply. Also, some of the BSD things are specially tweaked for
OS X, and if you overwrite them with your own installation, you can lose functionality
(I updated my copy of Apache manually, and in the process broke my users’ Sites
folders. Wonder what else I broke).
On average, Apple’s patches come out within a week or two of an advisory.
Turn off/block the affected service, or reconfigure/disable whatever aspect of
the service is affected, until you’ve installed the patch. But what if
you absolutely cannot live without that service for any length of time? Alter
your usage to compensate. For example, the OpenSSH vulnerability -- limit access
to one other machine, then shell into that first.
By the way, run Software Update (and reboot when applicable) repeatedly until
it says “no updates available.” Why? Software Update updates have
been released several times, so older versions will not see all the newest updates. |
|
Patching
3rd Party Software
Many
software companies are following Apple’s example
•
Automatic
update check at startup
•
Or “Check for Updates” menu
option
If not, use http://www.versiontracker.com
Or go to Apple
Menu -> “Get Mac OS X Software…” and find
updates there. Categorized and searchable, not just Apple’s
stuff. |
| It’s
especially good to stay up-to-date with your programs now,
even if they’re not network- or security-related
per se, since OS X is still so relatively new. Bug fixes tend
to be pretty major (like, stop Word from crashing on launch). |
|
Conclusions
Why use MacOS/OS X?
Running OS
X is a bigger security risk than using old MacOS.
We don’t know how much longer we’ll
have the choice (OS 9 is being phased out) but for now, you might
want it.
What do you use a computer for?
Security is not about definite rights and wrongs, it’s
about business need. Or academic need.
Sometimes the benefits
are worth the risks.
Hopefully, from what we’ve talked
about, you’ll be able to minimize your risk with minimal
expense.
Contact info: Email mbates@ists.dartmouth.edu,
AIM screen name nu11dev1ce |
Why
use MacOS/OS X?
Running OS X _is_ a bigger security risk than using old MacOS. You are in the
Unix world now.
What do you use a computer for? If you’re just doing word processing and
using a web browser, MacOS 9 is probably enough for you, and if you’re
extremely paranoid about hackers, that’s another reason to stick with old
MacOS while you still have the choice. If you’re not sharing files or web
pages, your OS 9 Mac is a fortress, network-wise.
But if you’re interested in Unix, OS X is a nice environment for learning
about it; you can delve in as deeply as you want through the Terminal, then back
out and use it as a Mac again. If you need the power of Unix and you like to
write code, or you need to be able to perform remote administration tasks (but
don’t want to cough up bucks for Timbuktu), OS X may be a great match.
And in another year or two, it will be your ONLY choice in the Mac world.
Please feel free to contact me by email or AIM anytime. |
|
<<Back | Index
|
