NSA Security Guide for Mac OS X 250
An anonymous reader writes "The National Security Agency has just released a Security Configuration Guide for Apple Mac OS X (pdf). The guide mostly contains common sense configuration information that applies to many Unix systems. It also includes specific discussion for Apple's unique features such as Keychain and FileVault. It should be useful to most Mac OS X users and will be particularly useful for US Government organisations that use Mac OS X and for commercial IT Departments that are supporting Mac OS X. A range of other NSA Security Configuration guides for other operating systems, applications, and IT kit are also available."
These things make a nice checklist, but.... (Score:5, Insightful)
Security, Usability, Reliability (Score:5, Insightful)
Re:Lack of safety in numbers (Score:4, Insightful)
Did you click on the second link in the story? There's a lot for Windows See under "Operating Systems".
Given the fact that I don't use MacOSX, I checked out the Cisco one some time ago and it's quite impressive. Lots of common sense things of course, but some good ideas I would have otherwise not thought about. Definitely recommended.
It's nice to see government agencies not waste our (sorry: your) tax dollars and instead produce something useful and not hiding it in one of their many shelfs.
Counterintuitive... (Score:4, Insightful)
You gotta start with the fundamentals...
Re:What about... (Score:3, Insightful)
Malware is hard to code on Linux and *BSD not because of some standard or non-standard way of asking for access, but because of years of very intelligent people asking themselves how can we safely do that. OS X's polished GUI functions are over and above that to present the nice base OS in a non-threatening way.
Re:Screwed up (Score:2, Insightful)
But I think more needs to be done to educate the public that security isn't any single software/component, but rather, a process.. From passwords, to firewalls, to antivirus, to spyware, there are many parts to it.
I think it's unfair to blame the OS solely. Application developers need to be aware of bugs and potential problems. No matter how hard you idiot proof a system, they will build a better idiot, as the saying goes.
Re:What about... (Score:3, Insightful)
That would make it EASIER to spread worms/viruses than a normal Unix system, NOT harder. In Unix, attempts to access resources you don't have permissions to, just fail. If it pops up a window that says "would you like to give this program access" then you're just as screwed as the rest of the world... That's because people are stupid and click yes without knowing what they're doing. If it's piggybacking on some other installation (browser plug-ins or other 'gee wiz' features) then users wouldn't have the slightest reason to suspect anything.
Note, though, that this is only for viruses/worms, because spyware doesn't need root access to do it's job. It can spy on you in user-land just fine. It can change your browser proxy settings without root access, and pop-up ads from competing sites without root access. Am I missing any annoying features?
Re:File Vault (Score:4, Insightful)
Kind of defeats the purpose, doesn't it?
Re:What about... (Score:4, Insightful)
Pardon Me while I take a NAP while waiting for my (Score:3, Insightful)
Re:Slashdotted already? (Score:2, Insightful)
-nB
Re:What about... (Score:5, Insightful)
On Windows, if you are logged in as an administrator (not the Administrator account), your account will automatically authenticate during program installations and such, hence why you can make changes to the system settings and install programs without ever being challenged for a password. That is what makes the Windows way of doing things inherently more risky. You don't need to enter your password for administrator actions.
Re:MacOSX attacks... (Score:2, Insightful)