OS X Mountain Lion Pocket Guide (15 page)
Read OS X Mountain Lion Pocket Guide Online
Authors: Chris Seibold
Tags: #COMPUTERS / Operating Systems / Macintosh
The Security & Privacy pane looks like the one
included with previous versions of OS X, but Mountain Lion has brought
some substantial changes you might miss if you don’t scrutinize the
pane. The biggest changes are on the General and Privacy tabs. On the
General tab, you can invoke Apple’s new Gatekeeper technology, and the
Privacy tab lets you control which apps know where you are.
Even if these new features of this pane aren’t of interest to you,
spending a little time in the Security & Privacy preference pane is
a wise investment of time. Five minutes in this pane can make you much
safer, your data more inaccessible, and your location known only to you.
Or, if it is your wish, you can use this pane to leave your Mac
completely unprotected. The following sections explain what’s on each of
the pane’s tabs.
If you want to spend 30 seconds making your Mac much
safer, the General tab is the place to visit. The first option on this
tab is “Require password ___ after sleep or screen saver begins,”
which lets you fill in that blank with “immediately” or a duration you
select from the pop up menu. This makes it so that anyone who wants to
use your computer has to enter a password if the screensaver has
started or if your Mac has been asleep. This requires more typing on
your part, but it’s likely worth the inconvenience, especially if
you’re using your Mac in a public setting.
Not
requiring a password lets anyone who walks by shake your mouse and
start poking around. So unless you log out every time you’re away from
your Mac for more than 30 seconds, seriously consider enabling this
option.
The rest of the options on the General tab are for
administrators only. You can click the lock in the pane’s lower left
and then type in an administrator username and password to make
changes to the following settings:
- Show a message when the screen is locked
Turn on this setting and then click the Set Lock Message
button and type the message that you want to appear under the
login window when your screen is locked.- Disable automatic login
Checking this box means all users will have to log
in each time the computer is restarted.
Below a faint dividing line, you’ll discover three more
options. You can’t tell by looking at them, but these options are part
of Mountain Lion’s new Gatekeeper security feature designed to help
protect your Mac from malware. Gatekeeper lets you specify which
applications are allowed to run on your Mac:
- Mac App Store
This option allows your Mac to run only
applications you’ve downloaded directly from the Mac App Store.
Since every app in the Mac App Store has been approved by Apple,
this is the safest choice, though also the most restrictive. As
of March 1, 2012, all apps in the Mac App Store were required to
have
sandboxing
enabled.
(Sandboxing doesn’t mean much to the average user, but it has a
big impact on your system. Sandboxed apps can access only the
parts of your system that they need access to in order to
function, thus limiting the damage they can cause.)- Mac App Store and identified developers
This option lets you install apps from both the Mac App
Store and ones that have been created by developers with
Apple-distributed developer IDs. Developers with these
credentials digitally sign the applications they create, which
allows OS X to check whether or not the app has been altered. If
it has, you’ll be informed of that fact, and you’ll have to
manually allow the app to make network connections and the
like.- Anywhere
This option is what you’re used to if you’ve used previous
versions of OS X; it lets you install apps from anywhere and
made by anyone. While convenient, this option offers the least
amount of protection from malware.
If you’re familiar with earlier versions of OS X, you’ll realize
that some of the options that used to be in this pane have apparently
disappeared. Turns out the options are still around; you just have to
click the Advanced button to see them. When you do so, your reward is
a mini pane with the following options:
- Log out after __ minutes of activity
This is a little redundant if you already require
a password to wake the computer or to get past the screensaver,
but for total control, this is a better option. You can force
your Mac to log out after any period of inactivity between 1 and
960 minutes (that’s 16 hours!). This option will attempt to shut
down any applications you’re running, so save your work before
you wander away (at least until Auto Save is universally
supported).- Require an administrator password to access locked
preferences with lock icons System Preferences are powerful, so you wouldn’t
want just anyone mucking with them. Check this box to force
users to authenticate themselves before changing any preferences
in a pane that has a lock icon in its lower-left corner.- Automatically update safe downloads list
This setting, which is turned on by default, lets
you opt out of Safari’s daily update of safe downloads. These
updates help protect you against malware such as
MacDefender.mpkg. If you download a dangerous file and it is on
Apple’s list of known malicious software, you’ll get a message
telling you to move it to the Trash. (The list is stored on your
Mac but gets updated every day.) Turn off this setting and
you’re taking chances you don’t want to take.- Disable remote control infrared receiver
By default, unless it’s a Mac Pro, your Mac will
accept input from almost any infrared device. This can pose a
security risk and be very annoying if you’re using Apple TV and
your laptop. Turn this behavior off by checking the box. If you
want to use a remote with your Mac but have it ignore all
other
remotes, click the Pair button and
follow the instructions that appear.
Mountain Lion includes FileVault, which provides an
extra layer of security for your data. When enabled, FileVault
encrypts your entire drive with XTS-AES 128 encryption, the same
algorithm used by governments to protect classified data. You might
think all that encrypting and decrypting would burden your system, but
OS X manages this trick on the fly so you won’t notice a substantial
slowdown because of FileVault.
FileVault is turned off by default, but if you decide to enable
it by clicking Turn On FileVault, your computer will generate a
24-character recovery key. Committing that key to memory would be a
chore, so you can opt to store the key with Apple by clicking the
appropriate radio button when the next page pops up. If you do choose
to store your key with Apple, it’ll be encrypted. Apple will issue the
key only if you can answer a security question exactly the way you did
when you set up FileVault. (In
other words, you won’t have to remember the long security key, but you
will
have to remember the answer.) After you make
your choice, restart your Mac and your disk will be encrypted.
If you forget your login password
and
lose your recovery key, your data is gone forever.
The Firewall tab relates to your Internet and network
connections. The default setting is off, which means your Mac will
listen to and respond to just about anything coming over the network:
network traffic, pings, and assorted signals that you’re never aware
of. Surprisingly, this usually isn’t a problem if you use your home
network or other trusted network all the time. Your router (or the
router of other trusted networks) has a firewall built in, so your
Mac’s firewall would be a bit redundant. But if you’re constantly
joining iffy WiFi hotspots with your MacBook, you should probably
enable the firewall.
To do that, check the lock icon in the pane’s lower left and, if
it’s locked, click it and then type in your administrator name and
password. Then simply click the Turn On Firewall button. The dot next
to the Firewall status entry will turn green to let you know the
firewall is up and running.
Now that the firewall is running, you might be wondering what
it’s actually
doing
. To find out, click the
Firewall Options button. When you do, you’ll get some settings that
let you tweak how Mountain Lion’s firewall performs. The first one is
“Block all incoming connections”; if you check this box, Mountain Lion
will listen to incoming connections only for very specific, necessary
network communications. You’ll also see a message appear warning you
that turning on this setting prohibits you from using sharing services
such as screen sharing and file sharing.
A less inhibiting option is “Automatically allow signed
software to receive incoming connections.” With this setting turned on
(which it is by default when the firewall is enabled), software that’s
been signed (meaning its author is known to Apple and OS X has
confirmed that it hasn’t been altered or corrupted) is allowed to
receive incoming connections. Every Apple application on your Mac has
been signed, so you don’t need to worry about killing any of the
built-in applications. You can also give applications the green light
even if they aren’t signed by clicking the + button and adding them to
the list of programs that are allowed to communicate.
You don’t need to try to think of all your unsigned
applications and add them to this list. A better tactic is to wait
for an application to try to connect to the network; if it’s
unsigned, OS X will ask if you want to let the program accept
incoming connections. Click Accept and that program will be added to
this list.
If you check the box next to “Enable stealth mode,” your
Mac will be less visible on the network. For example, should some
nefarious person try to scan all ports at your IP for a way in,
they’ll get no response; it’ll seem like no computer exists at the
scanned IP address. However, network activity you engage in—such as
visiting a web page or checking email—can reveal your presence on the
network.
This tab has been completely redone in Mountain Lion.
While the old functionality is there, the look is totally different;
see
Figure 5-2
.
Figure 5-2. The Privacy tab
On the left side of the pane is a list of services and
information that apps can access: Location Services, Contacts,
Twitter, Diagnostics & Usage. (If you haven’t made your Mac aware
of your Twitter existence, Twitter won’t appear in the
sidebar.)
On the right half of the pane, you’ll see what apps can
access said information. If you’re thinking that it seems like a lot
to control manually (who wants to open up System Preferences to allow
a Twitter app to access your Twitter account?), don’t worry—this pane
is simply for
revoking
the ability of apps to
access certain information. If an app wants to access your location,
for example, a dialog box will pop up so you can grant it access right
from that dialog box. So you need to open this pane only to revoke an
app’s permission to access said data.
The Spotlight preference pane has two tabs. The Search
Results tab lets you adjust the order of results returned by Spotlight
searches (drag items in the list here to change their order in the
results) and change the Spotlight menu and window shortcuts. The Privacy
tab allows you to exclude folders and disks (but not individual files)
from Spotlight’s searches. For more on Spotlight, see
Searching with Spotlight
.
Notifications is new to OS X, but it will be familiar if
you’ve been using iOS 5. Notifications provides a centralized location
where all your apps can alert you that something is going on. It’s a
nifty feature: instead of a dozen apps bugging you in a dozen different
ways, they can all bother you in the
same
way.
On the left side of the Notifications preference pane is a
list of all the apps that will notify you when they have information you
need to know. For example, if you’re having a text chat and someone
sends you a message, you’ll be alerted via the Notification Center, a
panel that opens on the right side of your screen. How you’ll be alerted
is up to you (more on that in a moment), but to see all your recent
notifications you can either click the Notification Center symbol at the
right end of the menu bar or, if you’re using a trackpad, swipe with two
fingers starting on the right edge of the trackpad and moving left (a
two-finger swipe from anywhere else closes the Notification Center
panel).
If you’re wondering whether there’s a keyboard shortcut or mouse
maneuver that lets you open the Notification Center, the answer is no.
Instant access to recent notifications is available only with a
trackpad; if you prefer a mouse, you’ll have to click the Notification
Center symbol.
The Notification Center shows you all your recent notifications,
but constantly opening it would be a burden. However, notifications
don’t have to just show up in the Notification Center; you can also make
them appear as banners or alerts by tweaking the settings in the
Notifications preference pane. (Banners float in the right corner of
your screen and automatically disappear after a few seconds, while
alerts require you to acknowledge them with a click; you can also choose
None, which leaves the alert visible only in the Notification Center.)
The style of notification is determined on an app-by-app basis. Click an
app on the left side of the pane, and then choose how you want to be
alerted in the right side of the pane.
The Notifications preference pane gives you a few more options,
too. The “Show in Notification Center” checkbox controls which apps
appear in the Notifications Center. By default, there are nine apps
included (they’re all listed in the In Notification Center column), and
that number will likely grow as you install new apps (apps are
automatically added to the Notification Center). Eventually, you’ll
reach the point where you’re getting bothered by too many apps. To
banish an app from the Notifications Center, uncheck the “Show in
Notification Center” box. It isn’t gone forever, though; if you scroll
to the bottom of the In Notification Center column, you’ll see a Not In
Notification Center section. To put the once-banished app back in the
Notifications Center, simply click the app in that column and then check
the “Show in Notification Center box.”
The “Show in Notification Center” setting also lets you control
how many messages each app displays in the Notifications Center. The
default is five recent items, but you can choose as many as 20 or as few
as one instead. You can also adjust the order in which apps appear in
the Notification Center by dragging them up or down in the In
Notification Center column. So if you want notifications of new email
messages to appear at the top of the center, simply drag the Mail item
to the top of the column. Or, if you’d prefer that your most recent
notification always appear that the top of the center, then set the Sort
Notification Center option (it’s below the In Notification Center
column) to “By time.”
The “Badge app icon with notification count” checkbox
controls whether apps in the Notifications Center are badged. A badge is
a red circle with the number of notifications that appears on the app’s
icon. The most familiar example of this is likely the Mail icon, which
displays the number of unread emails in this fashion. With
notifications, this behavior can be redundant, so uncheck this box to
make those red badges disappear.
The last setting lets you decide whether you want an audible alert
to go with your notifications. If you want the audio reminder, leave the
box next to “Play sound when receiving notifications” checked. If you
prefer to be notified only visually, uncheck this box.