[Star Traveler]

Kirkwood said — “Mac users have no protection at all and don’t bother scanning for security threats.”

Then you said — “True. So what can I install to avoid something like that happening to me? That would be a living nightmare what happened to your wife. I do try to be careful, but it would be better if I did no finanancial transactions or logging into various accounts whatsoever online.”

—

Well.., the fact of the matter is that Macintosh Users have all the protection that they could want, but just about all Macintosh users find that they really don’t need hardly any additional, because of how secure the Macintosh is, as it comes out of the box, already.

BUT, if you do want additional security, there are ways of dealing with it, for those who are “security conscious”... :-) And, just for your information, I use every one of those I’ve listed below...

1Password
http://agilewebsolutions.com/products/1Password

Little Snitch
http://www.obdev.at/products/littlesnitch/index.html

IPNetMonitorX
http://www.sustworks.com/site/prod_ipmx_overview.html

DoorStop X Firewall
http://www.opendoor.com/DoorStop/

Intego Virus Barrier
http://www.intego.com/VirusBarrier/

MacScan
http://macscan.securemac.com/

FileVault
http://www.apple.com/macosx/what-is-macosx/security.html
http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1877.html

PGP Desktop Home
http://www.pgp.com/products/desktop_home/

About PGP (Pretty Good Privacy)
http://en.wikipedia.org/wiki/Pretty_Good_Privacy

—

I’ll give you a rundown on how you might use each one and how they are useful.

“1Password” allows you to keep all your passwords and other information (i.e., bank accounts, card numbers, other confidential information, passwords, and whatever else you want to keep secure — “locked up tight” so that no one can access it. BUT, the *really convenient* aspect of this piece of software is that it allows you to create *strong passwords* for all the different websites you access (stronger than you can ever remember yourself) and will even create them for you (making them stronger still). The problem people have with strong passwords on banking sites and other confidential websites is that they can’t remember them... LOL... Well, this program remembers them for you, and you just have to basically “click” on the website, and it will enter your name and password and log on for you, without you typing in either one. So, you can create *super strong* passwords that no one is going to crack, and be assured that the information is as safe (at least) as the company who is keeping it for you (if it’s a bank, of course they’re going to keep their own information pretty secure).

“Little Snitch” will monitor all outgoing Internet connections and alert you when any program (or even any *hidden process* running in the background on the computer) wants to “go out” and contact another place on the internet — namely, send “out” information from your computer to another location elsewhere. You can set up rules and procedures for every access that whatever program you have wants to use, or just allow or disallow in “real time” as it’s happening. In any case, if someone manages to implant some hidden software that sends out information from your computer to another location on the Internet, this program will intercept if and ask if you want it to go out. If you don’t know about it (i.e., some hidden program that someone just installed), you’re gonna find out this way... :-)

“IPNetMonitor X” is a program that monitors all aspects of your Internet connection and does all kinds of other cool stuff. BUT, if you’re wondering if anything is “going out” on your Internet connection, especially when nothing is supposed to be going out (i.e., you’re not using the computer but “info” is leaving your computer and going out onto the Internet) — then IPNetMonitor will *show it to you* — that it’s happening. And it will show you the process, the port number, the connecting end (out on the Internet that is receiving it) and so on. If you want to get right down to analyzing *exactly* what data its sending, right down to each bit and byte, you can do a “dump” of the data and look at it precisely and see what is going out (if you want to go that far). At the very least, it shows you in graph form, how much data is being transmitted over your Internet connection (how much out and how much in) and it tracks it over a period of time, so you can see your upload and download figures.

“DoorStop X Firewall” is an addition to the firewall that’s already built into your Mac OS X right now. But, it’s difficult to use and confusing (on the Mac OS X itself) and isn’t necessarily as fully featured as one might want. Thus, “DoorStopX Firewall” will supplement the built-in firewall and make it real easy to shut off ports and particular programs that may operate in the background, but you don’t want them too and it will alert you to dangerous connections that you might not want to have open. You can use its other features to analyze and track connections that are being made and see whether they are legitimate or not. There is a lot of stuff going on there, that you might not know about, so it pays to know what’s going on.

“Intego Virus Barrier” is an anti-virus program. I wouldn’t use Norton on the Macintosh, so I use this one, instead. It seems to be good and full featured and capable. So, that’s all there is to say about that one... :-)

“MacScan” comes from a company that has been around for a while and it’s not necessarily the most requested type of program that Mac Users want to have, but it’s there for those who want it. They programmer (at least to me, in the past) has seemed to be a bit flaky at times, but he seems to have gotten his act together and has finally put out this program to scan for hidden spyware and keylogger programs on the Macintosh. If there is one that is not known by this software, people can submit information and he will add it to the scan. So, it operates on the principle that there are certain files that will exist with certain programs and if they are there, then that spyware has been there or is there now. So, you can get a clue as to whether someone has been trying to “spy” on you or not.

“FileVault” is the Mac OS X’s security safe for your home directory. If you activate this (and it’s built into the system), you will automatically lock up and encrypt your home directory every time you sign out, log off or shut down. If someone else steals your computer, there’s no way they’re going to find anything in your home directory, because everything is encrypted and locked up tight.

“PGP Desktop Home” is a program that started a while back from Phil Zimmerman and the U.S. government tried everything they could to prevent this encryption software from coming out..., but they failed. Zimmerman got it out, nonetheless and now it’s the “gold standard” for encryption software. It’s supposed to be so good that *no one* can crack it, no matter what. You might want to use it for your personal files (if you’re even more paranoid than what is provided up above).

Phil Zimmermann
http://en.wikipedia.org/wiki/Phil_Zimmermann

—

And so..., that’s a pretty good collection of security and “paranoia software” for anyone who is concerned about security on the Macintosh... :-)

[Star Traveler]

I should also mention a program that is on the Mac OS X already...

“Activity Monitor”
It will show you the processes running on the computer and show you disk accessing that is going on and several other things you can do with it, too. You should become familiar with processes that normally go on with your computer so you can spot any new process that maybe should not be there.

You might also become familiar with some of your computer’s log files that the system makes use of, too...

“Console”
That’s the utility provided by Apple to use for accessing those log files.

[RightOnTheLeftCoast]

"'FileVault' is the Mac OS X’s security safe for your home directory. If you activate this (and it’s built into the system), you will automatically lock up and encrypt your home directory every time you sign out, log off or shut down. If someone else steals your computer, there’s no way they’re going to find anything in your home directory, because everything is encrypted and locked up tight."

FileVault works well and does a superb job of encrypting your disk. But--and this is a big whopper of a but--it will seriously cripple Time Machine. Time Machine will still back up your disk, but you will not be able to browse back in time for that file you deleted in a moment of idiocy. And if you take your old hard disk out, forget about accessing it externally via a USB adaptor.

Bottom line: FileVault is great if you deal in state secrets. For the rest of us, it exacts a non-trivial price. I recommend not using it unless institutional policy demands you perform full-disk encryption.

[antiRepublicrat]

Nice list, thanks. I'll be looking up a couple of them. But this did catch my eye:

But, it’s difficult to use and confusing (on the Mac OS X itself) and isn’t necessarily as fully featured as one might want.

It isn't the easiest to configure thing, and it's dumbed down for the average user. But OS X uses the powerful BSD ipfw firewall underneath so it is technically absolutely fully featured, although you have to learn the UNIX command line if you want to get the most out of it. Or you can get WaterRoof, which is a GUI for ipfw, and pretty sweet.