6 things that can be done to secure a Mac

During setup, Mac OS X creates a user account that is an administrator on the system. This is necessary for getting things configured, but a liability from a security perspective. Open the System Preferences and choose the "Users & Groups" applet

Click the lock icon to authenticate with your current password, then click the plus sign to add a new user account. The default is to create a standard user account, which is what we want here.

Enter the appropriate information and click "Create User". An enhancement to account security is to have a username, which is not based on the user's proper name. Things like nicknames, aliases, or words based on a determined naming convention are great for this type of practice. Using a wacky name for one's user account forces an adversary to figure two items, the username and the password, instead of just the password. This is providing the login options are set to disable automatic logins and display the login window as username and password (not the default). Strong passwords which are not based on dictionary terms are always the best idea. The key icon, to the right of the password field can suggest passwords of varying strength.

The above steps create a standard account. As stated, the first account created on a Mac, during setup, is already an administrator. Ideally, the newly created account should be the administrator and the first account demoted to that of a standard user. To do this, select the first account and uncheck the check-box titled "Allow user to administer this computer". Then, go to the newly-created account and check the same box, "Allow user to administer this computer". The first account will now be a standard account and the new one will be the admin. Administrative privilege can now be exercised by enting the new account's username and password in the keychain prompt when necessary.

OS X stores user access credentials in a sub-system called "Keychain". Despite being a security caution, keychain is very convenient and helps remember the many usernames and passwords required to participate in the interactive web.

Keychain's defaults are to sync the login keychain password with the user's account password. As a result, when a user logs in, they unlock their keychain transparently in the background. Access to e-mail, bank web-sites and corporate networks can be had, easily, just by logging in to Mac OS.

The keychain's settings are managed by the Keychain Access applet, in the Utilities folder.

Opening the Keychain Access will display all of the stored items associated with the current account. The keychain "login" is the item in question for this password change.

Go to the Edit menu and choose "Change Password for Keychain "login".

Enter the existing keychain password (the login password) and the new keychain password twice. Make note of the new keychain password and the fact that it was changed. The next time the user logs in to the Mac, an additional keychain password prompt will appear, asking to unlock the keychain.

The vast majority of compromised computers stem from exploits that could have been mediated by software updates. Mac OS X will check for updates automatically as a default. Unlike Microsoft, Apple does not have a regular scheduled release cycle for updates. The amount of vulnerabilities for OS X is significantly lower than that of it's main competitor, but that doesn't absolve it of risk. Macs can get viruses, just they are a very small target at this time.

A school of thought exists that the latest updates have the potential to damage existing functionality. This notion has been proven true many times and has fostered a "wait-and-see" approach to new updates. I am a big believer in if it is not broken, don't fix it, but updates are an important part of system maintenance. A week after the updates have been released is not a bad time to download and install the latest updates from Apple. Other software packages have their own update mechanisms. Microsoft Office, Adobe Flash/Reader, Mozilla Firefox/Thunderbird seemingly update almost constantly. Two of the largest culprits for introducing mal-ware to a system are the web browser and Flash. Keep the programs, used every day, up to date as best as possible.

There a couple of ways to get to OS X's update program, "Software Update". The first method is from the Apple menu to the top-left. Choosing Apple (), Software Update... will open the update program as will going in through System Preferences and choosing the Software Update applet. Either method lauches the same application.

Make sure "Download updates automatically" is selected and that the updates come at a regular interval. Checking once every week is fine. Administrative access is required to install any updates on Mac OS X.

OS X makes sharing files with other computers very easy. Just enable sharing in System Preferences and place your items in /Users/username/Public, that's it. Public items are available as well as the entire disc and the user's profile. This can be very convenient, but also very compromising.

If no sharing is needed, or is only needed on an occasional basis, the file sharing services should be shut off. There is no sense in providing multiple doors for access, if you are the only one going in and out.

File sharing settings are available in OS X's System Preferences, under "Sharing". There are many different sharing options available, disable the ones that are not needed. Information on exactly what each file sharing service does can be found on Apple's File Sharing web-site.