18
Safety First: Backups and Other Security Issues
In This Chapter
Backing up . . . it’s easy
Discovering why you should back up
Finding out what happens to you if you don’t back up
Keeping your Mac safe from rogue viruses and malicious attacks
Protecting your data from prying eyes
Although Macs are generally reliable beasts (especially Macs running OS X), someday your hard drive (or SSD) will die. I promise. They all do. And if you don’t back up your drive (or at least back up any files that you can’t afford to lose) before that day comes, chances are good that you’ll never see those files again. And if you do see them again, my friend, it will be only after paying someone like my buddy Scott Gaidano, the founder of DriveSavers Data Recovery Service. And even if you pay, there’s no guarantee of success.
DriveSavers is the premier recoverer of lost data on hard drives. The people there understand Mac hard drives quite well, do excellent work, and can often recover stuff that nobody else could. (Ask the producers of The Simpsons about the almost-lost episodes.) Understandably, DriveSavers charges accordingly. Here are some phone numbers for DriveSavers: 800-440-1904 toll-free and 415-382-2000.
In other words, you absolutely, positively, without question must back up your files if you don’t want to risk losing them. Just as you adopt the Shut Down command and make it a habit before turning off your machine, you must remember to back up important files on your hard drive to another disk or device — and back them up often.
How often is often? That depends on you. How much work can you afford to lose? If your answer is that losing everything you did yesterday would put you out of business, you need to back up hourly or perhaps even continuously. If you would lose only a few unimportant documents, you can back up less frequently.
Following the comprehensive coverage of backup options, I explain the possible threat to your data from viruses and other icky things, as well as how you can protect against them.
Finally, I cover what you can do to keep other people from looking at your stuff.
Backing Up Is (Not) Hard to Do
You can back up your hard drive in basically three ways: the super-painless way with Mavericks’ excellent Time Machine, the ugly way using the brute-force method, or the comprehensive way with specialized third-party backup and disk-cloning software. Read on and find out more about all three. . . .
Backing up with Mavericks’ excellent Time Machine
Time Machine is a most excellent backup system that was introduced with OS X Leopard — and it’s only gotten better. I say it’s a system because it consists of two parts: the Time Machine System Preference pane, shown in Figure 18-1, and the Time Machine application, shown in Figure 18-2.
Figure 18-1: The Time Machine System Preferences pane and menu.
Figure 18-2: The Time Machine application is ready to restore a file in the Finder.
To use Time Machine to back up your data automatically, the first thing you need is another hard drive that’s the same size as or larger than your startup disk. It can be a FireWire hard drive, a USB 2 or 3 hard drive, a Thunderbolt hard drive, an SSD (if you can afford to use a Solid State Drive for backups), or even another internal hard drive, if your Mac is a Mac Mini or an aging Mac Pro like mine.
Another option is an Apple Time Capsule, a device that combines an AirPort Extreme wireless base station with a large hard drive so you can automatically back up one or more Macs over a wired or wireless network.
The first time a new disk suitable for use with Time Machine is connected to your Mac, a dialog asks if you want to use that disk to back up with Time Machine. If you say yes, the Time Machine System Preferences pane opens automatically, showing the new disk already chosen as the backup disk.
If that doesn’t happen or you want to use an already-connected hard drive with Time Machine, open the Time Machine System Preferences pane and click the big On/Off switch to On. Now click the Select Disk button and select the hard drive you want to use for your backups. Mine is called emiT enihcaM (Time Machine backwards, which is what I named this backup disk) in Figure 18-1.
The only other consideration is this: If you have other hard disks connected to your Mac, you should click the Options button to reveal the Exclude These Items from backups list, which tells Time Machine which volumes (disks) or folders not to back up. To add a volume or folder to this list, click the little + button; to remove a volume from the list, select the volume and then click the – button.
The Options sheet also has a check box for notifying you when old backups are deleted; check it if you want to be notified. And if your Mac is a laptop, a second check box governs whether Time Machine backs up your Mac when it’s on battery power.
For the record, Time Machine stores your backups for the following lengths of time:
Hourly backups for the past 24 hours
Daily backups for the past month
Weekly backups until your backup disk is full
When your backup disk gets full, the oldest backups on it are deleted and replaced by the newest.
When does it run? Glad you asked — it runs approximately once per hour.
What does Time Machine back up?
Time Machine backs up your whole hard disk the first time it runs and then backs up files and folders that have been modified since your last backup. That’s what backup systems do. But Time Machine does more — it also backs up things like contacts in your Contacts, pictures in your iPhoto or Aperture Library, and events in your Calendar calendars, not to mention its support of versions and locking. About the only thing Time Machine doesn’t back up is the contents of Home folders other than your own.
Those features — sweet ones indeed — make Time Machine unlike any other backup system.
How do I restore a file (or a contact, a photo, an event, and so on)?
To restore a file or any other information, follow these steps:
1. Launch the appropriate program — the one that contains the information you want to restore.
If what you want to restore happens to be a file, that program is the Finder, which, as you know, is always running. So to restore an individual file, you don’t actually need to launch anything. But to restore a contact, a photo, an e-mail message, or an event, for example, you need to launch Contacts, iPhoto, Mail, or Calendar, respectively.
2. With the appropriate application running (or the appropriate Finder window open), launch the Time Machine application, as shown in Figure 18-2.
If you selected the Show Time Machine in Menu Bar check box in the Time Machine System Preference pane, you can choose Enter Time Machine in the Time Machine menu, as shown in Figure 18-1.
It will be easier to restore a file in the Finder if the folder the file is in (or was in) is the active folder (that is, open and frontmost) when you launch the Time Machine application. If not, you have to navigate to the appropriate folder before you can perform Step 3.
3. Click one of the bars on the right side of the screen or click the big “forward” and “back” arrows next to them to choose the backup you want to restore from (Today at 11:10 AM in Figure 18-2).
The large “Today at 11:10 AM” at the bottom of the screen in Figure 18-2 reflects the bar I clicked on in the lower-right corner. If I were to select one of the other bars (by clicking Latest Backup, Now, or Today in Figure 18-2), I’d see files from that backup and the large date and time would reflect the date and time of that backup.
4. Select the file, folder, Contacts contact, iPhoto photo, e-mail message, or Calendar event you want to restore.
5. Click the big Restore button below the big forward and back arrows.
If the file, folder, Contacts contact, iPhoto photo, e-mail message, or Calendar event exists in the same location today, Time Machine politely inquires as to your wishes, as shown in Figure 18-3.
Figure 18-3: Time Machine asks what to do with the file you’re restoring.
Backing up by using the manual, brute-force method
If you’re too cheap to buy a second hard drive, the most rudimentary way to back up is to do it manually. You accomplish this by dragging said files a few at a time to another volume — a CD-R, CD-RW, DVD-R, or DVD-RW. (If you use an optical disc, don’t forget to actually burn the disc; merely dragging those files onto the optical-disc icon won’t do the trick.)
By using this method, you’re making a copy of each file that you want to protect. (See Chapter 8 for more info on removable storage.)
As you read in the following section, backing up your Home folder is even easier if you use special backup software.
Backing up by using commercial backup software
Another way to back up your files is with a third-party backup program. Backup software automates the task of backing up, remembering what’s on each backup disc (if your backup uses more than one disc), and backing up only files that have been modified since your last backup.
Furthermore, you can instruct your backup software to back up only a certain folder (Home or Documents) and to ignore the hundreds of megabytes of stuff that make up OS X, all of which you can easily reinstall from the OS X Install DVD.
Your first backup with commercial software might take anywhere from a few minutes to several hours and use one or more optical discs — CD-R, CD-RW, DVD-R, DVD-RW, magneto-optical disc — or nonoptical media, such as another hard drive or any kind of tape backup. Subsequent backups, called incremental backups in backup-software parlance, should take only a few minutes.
One of the best things about good backup software is that you can set it up to automate your backups and perform them even if you forget. And although Time Machine is a step in the right direction and might be sufficient for your needs, it’s not good enough for me. I use a total of nine hard drives for backups.
Why You Need Two Sets of Backups
You’re a good soldier. You back up regularly. You think you’re immune to file loss or damage.
Now picture yourself in the following scenario:
You leave the office one day for lunch. When you return, you discover that your office has been burglarized, struck by lightning, flooded, burned to the ground, or buried in earthquake rubble — take your pick.
Alas, while you did have a backup, the backup disk was in the same room as your Mac, which means it was either stolen or destroyed along with your Mac.
This scenario is totally unlikely — but it could happen, and it does demonstrate why you need multiple backups. If you have several sets of backup disks, and don’t keep them all in the same room as your Mac, chances are pretty good that one of the sets will work even if the others are lost, stolen, or destroyed.
Non-Backup Security Concerns
As you’ve probably surmised by now, backing up your files is critical unless you won’t mind losing all your data someday. And although backing up is by far your most important security concern, several other things could imperil your data — things like viruses or other types of malware, including worms, spyware, and intruder attacks. That’s the bad news. The good news is that all those things are far more likely to affect Windows users than Mac users. In fact, I’d venture to say that viruses, worms, malware, spyware, and intruder attacks are rarer than hens’ teeth for Mac users.
That said, here are a few precautions Mac users should consider, just in case.
About viruses and other malware
A computer virus, in case you missed it in Time magazine, is a nasty little piece of computer code that replicates and spreads from disk to disk. A virus could cause your Mac to misbehave; some viruses can destroy files or erase disks with no warning.
Malware (short for malicious software) is software that’s hostile, intrusive, annoying, or disruptive. Malware is often designed to gain unauthorized access to your computer and/or collect personal data (including passwords) without your knowledge.
The difference between a virus and other types of malware is that malware doesn’t spread by itself. It relies upon trickery, mimicry, and social engineering to induce unsuspecting users to open a malicious file or install a malicious program. So a virus is a type of malware, but not all malware is viral.
You don’t hear much about viruses on the Mac because there have been few (if any) since the dawn of the modern OS X era (so many big cats ago). Almost all viruses are specific to an operating system — Mac viruses won’t affect Windows users, Windows viruses won’t affect Mac users, and so forth, and the vast majority of known viruses affect only (you guessed it) Windows.
The one real exception here is a “gift” from the wonderful world of Microsoft Office (Word and Excel, for example) users: the dreaded macro viruses that are spread with Word and Excel documents containing macros written in Microsoft’s VBA (Visual Basic for Applications) language. But you’re safe even from those if you practice safe computing as I describe (although you can unknowingly pass them along to Windows users).
As it happens, so far, much of the viral activity affecting OS X involved various Windows macro viruses. Sadly, a very real threat known as Flashback appeared in early 2012. It exploited a security flaw in Java and stealthily installed itself on Macs. Soon after its discovery, Apple issued software updates for OS X that removed the malware and corrected the security flaw.
So while there was at least one piece of truly malicious software spotted in the wild, others are spread mostly via social engineering. So here’s how to protect yourself:
Disable Open Safe Files after Downloading in Safari Preferences.
If a suspicious alert or window appears on your screen, Force Quit your web browser (⇒Force Quit or +Option+Esc) immediately.
If the OS X Installer launches for no apparent reason, do not click Continue! Don’t install the software, and for heaven’s sake, don’t type your administrator password.
Don’t run any installer — the one built into OS X or a third-party kind — unless you’re absolutely certain that it came from a trusted source.
Don’t use credit or debit cards with unfamiliar vendors and/or insecure websites.
You don’t have too much to worry about if
You download files only from commercial online services, such as AOL, CNET, or MacUpdate, which are all very conscientious about malware.
You use only commercial software and never download files from websites with strange names.
You should definitely worry about malicious infection if
An unsavory friend told you about a website called Dan'sDenOfPiratedIllegalStolenBootlegSoftware.com
, and you actually visited it.
You swap disks or USB thumb drives with friends regularly.
You shuttle disks or USB thumb drives back and forth to other Macs.
You use your disks or USB thumb drives at public computers or printing shops.
You download files from various and sundry places on the Internet, even ones that don't sound as slimy as Dan'sDenOfPiratedIllegalStolenBootlegSoftware.com
.
You receive e-mail with attachments (and open them).
If you're at risk, do yourself a favor, and buy a commercial antivirus program. I'm not quite ready to install antivirus software myself; I find that it's obtrusive and slows my Mac. If you think you need protection, consider VirusBarrier X6 ($49.95; www.intego.com
), MacScan ($29.99; www.macscan.securemac.com
), or ClamXAV (free; www.clamxav.com
).
Firewall: Yea or nay?
According to the OS X built-in Oxford American Dictionary, a firewall is
Part of a computer system or network that is designed to block unauthorized access while permitting outward communication.
Using a firewall protects your computer from malicious users on other networks or the Internet and keeps them from gaining access to your Mac.
Unlike older versions of Windows, OS X is quite difficult to crack. There have been few (if any) reports of outsiders gaining access to Macintosh computers running OS X. One reason might be that OS X has a built-in firewall. That’s the good news. The bad news is that said firewall is disabled by default. You’ll need to activate it if you want to be protected against unauthorized access to your computer.
To activate your firewall, follow these steps:
1. Open the System Preferences application (from the Applications folder, menu, Launchpad, or Dock).
2. Click the Security & Privacy icon and click the Firewall tab.
The default setting is Allow All Incoming Connections, which is the least secure option.
3. Click the Turn On Firewall button to turn the firewall on, if it’s not already running.
(Optional) If the lock in the bottom-left corner of the Security & Privacy pane is locked, click it, and provide your administrator password.
4. Click the Firewall Options button to configure your firewall’s settings.
5. For the highest level of protection, select the Block All Incoming Connections check box.
6. Click OK.
Alas, you probably won’t want to keep this setting for long, because you won’t be able to use awesome OS X features such as Messages and file, screen, printer, and music sharing, to name a few. If (or when) it becomes desirable to allow certain incoming connections from outside computers, enable them in the Sharing System Preference pane.
The only other issue you’re likely to face is when a particular application needs you to allow outside connections to it in order to function. How would you know? Check the user manual, Read Me file, or application Help. Or you might see an error message that the program can’t connect to the Internet. Don’t worry — if a program requires you to open your firewall, you can almost certainly find some information in one (or more) of these places.
The solution is to click the little + button on the left near the bottom of the Firewall Options window. A standard Open File sheet drops down over the window; select the appropriate program and click the Add button. Your firewall will then allow incoming connections to that particular application evermore.
Install recommended software updates
I mentioned this before in a short tip but it bears repeating: By default, your Mac checks with the mothership (Apple) once a week to see if there’s any new or updated software for your Mac. If there is, your Mac informs you that a new Software Update is available and asks whether you’d like to install it. In almost all cases, you do. Apple issues Software Updates to fix newly discovered security concerns, to fix serious bugs in OS X, or to fix bugs in or add functionality to Apple applications.
Apps need updates, too. So make a habit of launching the Mac App Store application now and then, clicking the Updates tab, and then updating any apps that require it.
Many third-party programs, including Microsoft Office and most Adobe products, use their own update-checking mechanism. Check and make sure you’ve got yours enabled. Many third-party apps offer a Check for Updates option in the Help (or other) menu or as a preference in their Preferences window.
One last thing: If you see a little number on the App Store’s icon in the Dock, you have that many updates waiting. Launch the Mac App Store, and click the Updates tab.
Protecting Your Data from Prying Eyes
The last kind of security I look at in this chapter is protecting your files from other users on your local area network and users with physical access to your Mac. If you don’t want anyone messing with your files, check out the security measures in the following sections.
Blocking or limiting connections
The first thing you may want to do is open the Sharing System Preferences pane by launching the System Preferences application (from the Applications folder, menu, or Dock) and clicking the Sharing icon. Nobody can access your Mac over the network if all the services in the Sharing pane are disabled and your firewall is set to Block All Incoming Connections. See the section “Firewall: Yea or nay?” earlier in this chapter for details on these settings.
Locking down files with FileVault
If you absolutely, positively don’t ever want anyone to be able to access the files in your Home folder, FileVault allows you to encrypt your entire disk and protect it with the latest government-approved encryption standard: Advanced Encryption Standard with 128-bit keys (AES-128).
When you turn on FileVault, you’re asked to set a master password for the computer. After you do, you or any other administrator can use that master password if you forget your regular account login password.
FileVault is useful primarily if you store sensitive information on your Mac. If you’re logged out of your user account and someone gets access to your Mac, there is no way they can access your data. Period.
Because FileVault encrypts your Home folder, some tasks that normally access your Home folder might be prevented. For one thing, some backup programs choke if FileVault is enabled. Also, if you’re not logged in to your user account, other users can’t access your Shared folder(s).
To turn on FileVault, follow these steps:
1. Open the Security & Privacy System Preferences pane.
2. Click the FileVault tab.
3. Click the Turn on FileVault button to enable FileVault.
To turn off FileVault, click the Turn off FileVault button.
Setting other options for security
The General tab of the Security & Privacy System Preferences pane offers several more options that can help keep your data safe. They are
Change Password: Click this button to change the password for your user account.
Require Password after Sleep or Screen Saver Begins: Enable this option if you want your Mac to lock itself up and require a password after the screen saver kicks in or it goes to sleep. It can become a pain in the butt, having to type your password all the time. But if you have nosy coworkers, family members, or other individuals you’d like to keep from rooting around in your stuff, you should probably enable this option.
When enabled, this option offers a pop-up menu that lets you specify how long after sleep or screen saver this password protection should kick in. The options range from immediately to four hours.
Show a Message When the Screen Is Locked: Type the message you want on your screen when it’s locked in this text entry box.
Disable Automatic Login: One of the login options in the Users & Groups System Preferences pane is automatic login. With automatic login enabled, you don’t have to choose an account or type a password when you start up this Mac. Instead, it bypasses all that login stuff and goes directly to the Desktop of the designated account. If you want to disable this feature for all accounts — so that every user of this Mac sees the login screen and is required to choose an account and type a password — you should enable this option.
Allow Apps Downloaded from:
Last, but certainly not least (at least with regard to the General tab), is a feature called Gatekeeper, which helps protect you from downloading and running malicious software by limiting the applications your Mac can run.
You have three mutually exclusive options — Mac App Store, Mac App Store and Identified Developers, or Anywhere. Click the radio button next to the level of protection you desire and the other two options are automatically deselected.
Here’s what they do:
• Mac App Store: This option allows you to run only apps you download from the Mac App Store. It’s the safest and most restrictive setting.
• Mac App Store and Identified Developers: Apple offers a Developer ID program to certified members of the Mac Developers Program. Apple gives them a unique Developer ID, which allows Gatekeeper to verify that their app is not known malware and that it hasn’t been tampered with. If an app doesn’t have a Developer ID associated with it, Gatekeeper can let you know before you install it.
This is probably the best choice for most users. It allows third-party apps from Apple-vetted vendors, such as Microsoft, Adobe, and thousands more. It’s a lot less restrictive than the Mac App Store option and a lot safer than choosing Anywhere.
• Anywhere: What its name suggests; this option lets you run any app, no matter where it came from.
Finally, the Privacy tab of the Security & Privacy System Preferences pane has several potentially useful options:
To Enable or Disable Location Services: Click Location Services on the left and you’ll see a list of apps that are allowed to use your computer’s current location. Check or uncheck these apps to enable/disable their use of Location Services.
To Enable or Disable Other Apps Access to your Contacts, Calendars, and Reminders: Click Contacts, Calendars, or Reminders in the list on the left and apps with access to their contents will appear on the right. Check or uncheck the checkbox for each app to enable/disable its permission to access Contacts, Calendars, or Reminders.
To Enable or Disable Apps Allowed to Control Your Computer: Click Accessibility in the list on the left, and apps allowed to control your computer appear on the right. Check or uncheck the check box for each app to enable/disable its permission to control your computer.
To Automatically Send Anonymous Diagnostic & Usage Data to Apple: Click Diagnostics and Usage in the list on the left and then select the Send Diagnostic & Usage Data to Apple check box. This sends details of system crashes, apps that quit unexpectedly, freezes, or kernel panics (anonymously) to the mothership in Cupertino, Apple’s world HQ, where engineers pore over the data and issue software updates to eliminate the bugs.
At least that’s the theory. . . .
And that’s all you really need to know about security and privacy (or at least enough to make you dangerous).