Desktop Securityget help

When it comes to desktop security, computer users and owners are the first line of defense. Listed below are best practices you can use to keep your PC and Mac safe.


Best Practices for PCs

Run your computer as a User and not as an administrator.

When you surf the web or open email attachments, your computer is vulnerable to viruses, Trojans, malware, spyware, and other security risks. However, if you operate your PC from an administrator account, you are putting your computer at increased risk. 

Administrator privileges allow access to critical systems and programs on your computer. A virus or Trojan can infiltrate these key systems and cause havoc such as deleting your files, reformatting your hard drive, creating an account with administrator access, and spying on your computer-related activities.

Recommendation:

Create a user account or a power user group. With a user account, you can perform routine tasks such as running programs and surfing the web without exposing your critical computer systems to security risks. As a power user, you have greater access. You will install programs, add printers, and use most of the Control Panel items. 

If you need to perform administrative tasks, such as upgrading the operating system or configuring system parameters, log off and log back on as an administrator.

Use strong passwords. Better still, use a pass phrase.

Passwords can be hard to remember, so don't forget that you can use pass phrases instead. Pass phrases are short fun sentences with spaces between the words.  Imagine an incredible or funny scene and make that your easy-to-remember pass phrase.

For best results, avoid well-known phrases and include words that are misspelled, or not found in the dictionary.

Here are some examples:

  • kitty ate my face off!
  • my 10 pups play fight
  • naked clowns cost $$$
  • 20 carbs a day max
  • Vader is my father dude a 200% raise is nice
  • Sugar is g00d for me.
Recommendation:

Do not reuse passwords. For example, your Facebook password should be different from your SFU password which should be different from your GMail password.

Use pass phrases instead of passwords. Read more about password security in our Password Strength Standard page.

Check the security on the websites you visit.

Be a smart web surfer. Check the web addresses of all the sites you visit to ensure you haven't been pharmed off to another website. Find more information about pharming on our website.

Before you provide person information, read the website's security policy. Find out how your information can or will be used. If you are entering credit card information, ensure you see HTTPS:// in the address field. The "s" stands for secure. Although it is not foolproof, it offers more protection than standard HTTP:// web pages.

Use anti-virus or anti-spyware software.

There are many levels to an operating system, and some are more secure than others. Windows computers are susceptible to viruses, malware, and spyware such as the following:

  • Trojans
  • Malware
  • Adware
  • Keyloggers
  • Java exploits
  • Flash exploits
  • DNS spoofing

Recommendation:

Purchase or download well-recognized free anti-virus or anti-spyware solution.

Mac Security Best Practices

Be a parrot not an ostrich. Macs have vulnerabilities.

A prevailing attitude with regard to Macs is that they are impossible to hack and impervious to viruses and other computer malware. This is a myth.

Although there are no known viruses that affect Macs, there are a multitude of other attacks that Macs are vulnerable to. Moreover, while Macs may presently be immune to many viruses that target Windows machines, this does not preclude Macs from being “carriers” of viruses. So, even if you are unaffected by a virus or Trojan sent to you in email or downloaded from the web, it does not mean that you can’t pass it along to another computer.

The incidence of Mac exploits will grow as the popularity of the Apple platform increases.

Recommendation:

Don’t believe the hype. Stay on top of issues that pertain to your chosen platform, and do not fall victim to the belief that just because you have a Mac, you have nothing to worry about.

Do not perpetuate the fallacy of the impenetrable Mac.

Use anti-virus or anti-spyware software.

Presently, there are no versions of Mac OS X that has native anti-virus protection.

Although it is unlikely that your Mac will become infected with a virus (in the Windows sense of the word), there are other types of exploits that anti-virus software can protect you from:

  • Trojans
  • Malware
  • Adware
  • Keyloggers
  • Java exploits
  • Flash exploits
  • DNS spoofing

There are many levels to an operating system, and some are more secure than others. Recent attacks on Mac OS X have targeted subsystems like Java and Flash with resounding success.

Moreover, anti-virus and anti-spyware software can help to protect other computers on your network from attack vectors.

Recommendation:

Purchase or download a well-recognized free anti-virus or anti-spyware solution.

Upgrade your system and/or hardware regularly.

Currently, Apple only supports and releases security patches for two generations of its Mac OS X operating system:

  • Snow Leopard (10.6)
  • Lion (10.7)

All other versions of the Mac OS X operating systems are considered deprecated and will not receive further support from Apple. All non-Intel PPC Macs are considered legacy hardware and should be retired. PPC hardware cannot be upgraded to a secure version of Mac OS X.

Operating a computer that is not receiving regular security updates is a threat not only to your own security, but in a networked environment, it can be harmful to machines you share the network with.

Recommendation:

Consider upgrading your operating system or hardware to meet minimum standards. A good rule of thumb is to upgrade if the following situation applies:

  • You are not using a Snow Leopard (10.6), Lion (10.7).
  • Your Mac is capable of hosting Snow Leopard (10.6), Lion (10.7).

Disable Mac's auto login.

By default, all versions of Mac OS X enable what is known as “auto login.” This feature does not require that you enter a valid username and password to access your Mac.  Consequently, anyone with physical access to your computer will have access to the data stored on it.

Moreover, the process used by Mac OS X to store the password for the designated auto login user is inherently insecure (unencrypted).

The auto login feature is enabled only for the sake of convenience.

Recommendation:

Disable the Mac OS X auto login feature to prevent unknown persons from easily accessing your computer and its data.

To disable the Mac OS X auto login feature, do the following:

  1. On your Mac, double-click the System Preferences icon.
  2. In the Personal group, select Security & Privacy.
  3. On the General tab, check Disable automatic login.

Enable screen saver and sleep lock.

All versions of the Mac OS, except Mac OS X, include a feature that demands a valid password in the following situations:

  • Waking from sleep 
  • Dismissing the screen saver. 

In Mac OS X, however, after the screen saver or sleep mode is enabled, you are not required to type a password to disable it. As a result, you are at high risk of data theft if their devices are stolen. 

Also note that if you are operating an Apple desktop in a high-traffic area you are susceptible to spying and data theft.

Recommendation:

Enable the Mac OS X security feature, by doing the following:

  1. On your Mac, double-click the System Preferences icon.
  2. In the Personal group, select Security & Privacy.
  3. On the General tab, check Require password for sleep and screen saver.
  4. Then select Immediately from the drop-down menu.

Use Filevault

By default, Filevault disk encryption is not enabled. As a result, anyone with physical access to your computer’s disk, will be able to read its contents without any form of authentication. This means that if a computer is stolen, the contents of the computer’s disk can be accessed by the perpetrator without sophisticated equipment.

All versions of Mac OS X since version 10.4 (mid-2005) support a form of partial or full disk encryption named “Filevault”. Each version of the operating system since 10.4 has made significant improvements to this feature.

Recommendation:

Enable Filevault (or some other form of disk encryption) to prevent unwanted data exposure.

Important: Not all versions of Filevault are created equal. It is strongly recommended that anyone wishing to use the native Mac OS X disk encryption, upgrade their operating system to Mac OS X Lion which utilizes FDE (Full Disk Encryption) via Filevault version 2. FDE is a more rigorous and friendly form of encryption, and does not suffer from many of the drawbacks of Filevault version 1.