• 06/09/2007
    6:00 AM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Inside OS X Security

Mac expert John Welch takes you through the threats, holes, and exploits swirling around Mac OS X, and offers up some tips and tactics to protect your system.

The best way to deal with these problems is awareness and avoidance.

Be aware of the people and entities that would have a legitimate reason to get various kinds of information from you. In the case of passwords, there's no IT department that is even vaguely competent that needs your password to run any kind of test, upgrade, or what have you. Unless you are the sole possessor of the root/directory administrator password, there's no reason for IT or anyone else to need "your" password.

On the networks I run, I can do anything I need without needing a user password. If I need a user to log in as themselves, then I have them do that. I don't know, nor do I wish to know, anyone's password but the ones I have to know to do my job. It's a bad idea on every level to know other people's passwords unless you have a hard, unavoidable reason to do so. I've yet to run into one.

If you give someone your login credentials, especially if they're admin-level access credentials, then there's little the operating system can do to stop them, as they'll not be "hacking" into the box at all. They'll be signing on as a legitimate user: You.

At that point, the operating system is going to let them do whatever those credentials allow for, because that's how it's supposed to work. Even worse, any action they take will look like you took it, because it's happening under your credentials.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments