Has Apple Lost Its Security Shine? 2

With the latest large sets of security patches and an alleged wireless driver vulnerability, Mac OS X no longer seems invincible. Our expert delves into the real threats in the Apple world and outlines simple steps you can take to protect yourself.
3. Think before you enter a password. While many applications ask you to enter an administrator password, particularly during an installation, you shouldn't just do so because you were asked. If nothing else, check to see if it's a valid request dialog box. Below are two images of a legitimate authentication request that I created via AppleScript to demonstrate:

Check to see if request dialog boxes are authentic before approving.

There are a number of items that help identify this as a legitimate request dialog. First, there's the lock icon, with the requesting application's icon overlaid on it. Next is the text informing you that the application (Script Debugger in this case) is requesting your password. Then there's your complete user name already filled out in the "Name" field. If we expand the "Details" triangle we see more information that will help you identify this as a legitimate request dialog:

Make sure the application names match...

Here we see the specific right the application is requesting (system.privilege.admin), which will give it root access for this operation and the application requesting the privilege. If the application name doesn't match the name or the icon at the top of the dialog, think twice before authenticating. However, there's one more thing you can check, and that's the location of the application requesting the privilege. If you click on the blue application name bubble you can get a path listing for that application, as seen below:

...And that the file path seems appropriate.

The path shown for Script Debugger 4 is exactly where it should be: in the /Applications/Programming/AppleScript/Script Debugger 4/ folder. (Remember, in Unix nomenclature, "/" is the root level of the boot drive, and folders are shown with an optional trailing "/".) If the path shown in this dialog and the path where you think the application should be are different, again, you might not want to enter a password here.

The dialog check isn't perfect, and it's trivial to create a legit one (I did this in one line of AppleScript), but even the small bit of checking you can do here is better than blind trust.

4. Stay up to date on security patches. While you may not want to apply security patches the minute they're available (hey, bugs happen), I'd not wait more than a week to do it. Security patches are a dead simple way to protect yourself. I'd also stay up to date on OS versions. While upgrading the OS isn't something you just do, and can require you to pay for a new version, the truth is, the current version of the OS always gets more attention than older versions when it comes to bug fixes and patches. Security is as legitimate a reason to upgrade as any other, and some security holes may require changes on a scale that only a new OS version can address.

If you follow these four tips, and apply some common sense in your daily Mac usage, the chances of you ever having a problem drop rather quickly, and stay there.

So no, there's no looming security nightmare for Mac OS X. All the headlines mean is that more people are taking Mac OS X and Apple more seriously from a security point of view -- and that is, in the end, a good thing.

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Terry White, Associate Chief Analyst, Omdia
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer