Maintaining Mac OS X Security

This page provides security information for Mac OS users. For general information regarding security measures and precautions, please refer to the Security Overview.

Mac OS X is a relatively secure operating system. Filesharing services are turned off by default, and only the ports necessary for network connectivity remain open. The root account is disabled and inaccessible. All system-level modifications require an administrator's password.

Checking for Security Updates on Mac OS

ITS recommends that you check for updates at least once a week.

1. Log into the computer as the administrator.
2. Under the Apple menu, select System Preferences.
3. In the System section, select Software Update.
4. Click Check Now. A list of available updates will display.
   Note: ITS recommends that you configure Software Update to automatically check for updates.
5. Choose the updates you would like to install.

Note: You may need to restart your computer in order for the security update to take effect.

Keeping Your Mac Secure through User Accounts

You will have two options when creating user accounts: administrator or standard. You can improve the security of your computer by limiting your use of your administrative accounts. Administrators can modify system services and files, as well as files owned by other users. Standard, or regular, users can only modify files located in their home directory.

When you launch Mac OS X for the first time, the first account you will need to create is an administrator's account. You should use the administrator account only to install system-wide applications and to apply operating system patches. For daily use, create and use standard accounts. This way, should you accidentally infect your machine or download malware, only the standard account in use at that time will be affected.

Creating a Standard Account

1. Log into the computer as the administrator.
2. Under the Apple menu, select System Preferences.
3. In the System section, select Accounts.
4. Click the Plus Sign in the lower left-hand corner of the Accounts panel.
5. In the Name field, type the account owner’s full name.
6. In the Short Name field, type the username for the account.
7. In the Password field, type the password you want to use for the account. (See the Security Overview page for more information on creating secure passwords.)
8. In the Verify field, re-enter the password.
   Note: You can enter a clue to your password in the Password Hint field; however, this may leave your password less secure by making it easier to guess.
9. Close the Accounts panel. Click Yes to turn off automatic login.

Note: You should configure your user account so that a password is required when you log in. If you choose the automatic login feature, you will compromise the security of your personal information, since anyone with physical access to your machine can access your files.

File Sharing and Remote Login

In the Mac OS X, file-sharing services are turned off by default. You can turn these services on in the Sharing system preference panel. Possibilities include file sharing via AFP, SAMBA, and FTP. You can also enable Remote Login, which starts up the Open SSH service. This allows you to log into the computer from another computer and control it via the command line. APACH web services and Printer Sharing are also available options.

Use caution before enabling file-sharing services, since networked computers are open to potential security breaches.

Getting Help

The ITS Customer Support Center provides support for software available on the software download page. For help with other programs, contact the software’s vendor or go to the vendor's website.

For questions, please contact the Customer Support Center at 213-740-5555 or send an email to consult@usc.edu.