Tips for securing Mac OS X 10.3 or later

This document offers tips for securing a default installation of Mac OS X 10.3 or later.

This one's pretty easy: there's not much more to do other than installing Norton Antivirus, turning off unwanted services, and turning on the built-in firewall.

You will, however, need an administrator-level account to perform the tasks on this page.

Installing Penn-supported Antivirus Software

There hasn't been an Apple-specific virus since 1997. The real virus threat comes from Microsoft Word and Microsoft Excel macro viruses, which are written in a Office-specific language called Visual Basic. Some macro viruses, not all, can spread between Windows and Macintosh computers. So it is a good idea to install and update Norton Antivirus, which Penn provides for free:

• Download the Norton Antivirus installer here: http://www.upenn.edu/computing/product/desk/macnav-form.html
• Double-click on the installler icon on your Desktop to install Norton Antivirus
• Update the antivirus signatures at least once (signatures are components of NAV that identify infectious data)

As a bonus, Norton Antivirus 10 will catch and delete files which it finds are infected with Windows binary viruses, in addition to scanning for those of the macro variety. However, Windows virus-infected files still cannot infect Macintoshes, so there is little for you to worry about in this respect.

Turning off services and enabling the built-in firewall in Mac OS X

A default installation of Mac OS X does not enable any file sharing, web or other remote services unless you turn them on manually after installation completes.

Still, you can check the services list with the following instructions:

• Pull down the Apple Menu and select System Preferences
• Click once on the item labeled Sharing
• Click once (if necessary) on the tab labeled Services to view the status of available services
• Remove checkmarks next to services you do not want or need enabled at that time

Finally, you will want to enable the built-in firewall to block off most unwanted remote access to your computer.

In general you will not need to add openings to the firewall, although if you run certain utilities on your computer, such as Dantz Retrospect's network backup client, you will need to follow up with a little extra customization:

• Pull down the Apple Menu and select System Preferences
• Click once on the item labeled Sharing
• Click once (if necessary) on the tab labeled Firewall to view the status of the built-in firewall
• Click once on Start to enable the firewall, if it is not already enabled

If you need to add "holes" to the firewall to allow network applications to operate properly:

• Click once on the New... button
• Pull down the Port Name pull-down menu and select the item that most closely matches your network application, e.g. Retrospect
• If your application is not listed, select Other and enter the port number that is provided by the administrator of your network application
• Otherwise, click OK to add this opening to the firewall list