Partition for Internet use
I'll buy a new Mac at the end of this year, but I want to set it up differently. I won't install Windows, but I would like to install another Mac OS ??:?? on a separate partition. I've heard that Intel Macs will be more vulnerable to hackers, and I want to avoid those problems.
If I used one partition for work apps and another just to connect to the Internet, would the computer be less vulnerable to hackers? I'd still have to use the work partition for upgrades (internet) but nothing else.
What would I need to install in the secondary partition to access the net?
Would this prevent access to the work partition?
Is there an easier way to do this?
What are the pro's and con's?
Am I being stupid for trying something like this?
Feedback, please.
If I used one partition for work apps and another just to connect to the Internet, would the computer be less vulnerable to hackers? I'd still have to use the work partition for upgrades (internet) but nothing else.
What would I need to install in the secondary partition to access the net?
Would this prevent access to the work partition?
Is there an easier way to do this?
What are the pro's and con's?
Am I being stupid for trying something like this?
Feedback, please.
Comments
Most people should just use an user account with no admin rights, and leave it at that. If you were to put in another user account for internet use and Filevault the main account, that might make things just a little harder still for an attacker, because then it isn't enough to simply bullshit you to run an executable in order to grab your files - they need to gain root.
... but I would like to install another Mac OS ??:?? on a separate partition. I've heard that Intel Macs will be more vulnerable to hackers, and I want to avoid those problems.
...
Currently, the only version of MacOS X that you can install on your Intel-based Mac is MacOS X 10.4 from the System Restore disk. If you buy a computer released after Leopard is released, then the only MacOS X version that you will be able to install will be MacOS X 10.5. You should be able to install Linux, but Linux is not MacOS X.
As for your security concerns, there are no known cracks for MacOS X-none! If you put your computer on the network without password protection or you allow a friend to use your working account, then you may have a problem. If you allow friends to use only a limited-permissions guest account and you keep your working account password-protected, then you will be about as protected as you need to be.
Currently, the only version of MacOS X that you can install on your Intel-based Mac is MacOS X 10.4 from the System Restore disk. If you buy a computer released after Leopard is released, then the only MacOS X version that you will be able to install will be MacOS X 10.5. You should be able to install Linux, but Linux is not MacOS X.
He's talking about 10.5 on partition 1, and another install of 10.5 on partition 2.
If I used one partition for work apps and another just to connect to the Internet, would the computer be less vulnerable to hackers? I'd still have to use the work partition for upgrades (internet) but nothing else.
It would be more vulnerable because everything on your other partition can be deleted with a user account. While you are booted into a system, you need admin privileges to affect critical files. Even if that wasn't the case, if someone gained root access, all the drives are accessible because they can be referenced via /Volumes. You could of course unmount the partition but someone could easily mount it again.
Is there an easier way to do this?
What I would say is that if you keep a Time Machine backup or a SuperDuper backup updated regularly on an offline external drive, a hacker could do whatever they wanted, even wipe out the whole drive, then all you have to do is clone your backup back in place.
I'm sure I heard that Leopard has some sandbox features that allows you to run programs with very limited permissions and things. That might do the job but the backup is still the best security.
It would be more vulnerable because everything on your other partition can be deleted with a user account. While you are booted into a system, you need admin privileges to affect critical files.
Easier to delete, sure. But with the right setup they might be harder to steal and that's more important after you have decent backups.
He's talking about 10.5 on partition 1, and another install of 10.5 on partition 2.
Well, he said "another MacOS X ??:??," not "the same MacOS X 10.5." But, if you are correct, then this is an even worse idea than what I thought he meant. There is no benefit to having two installations of the same OS version on the same hard drive. It is a waste of space. The most common failure vector other than user stupidity is media failure. In that event, you need a complete backup on a separate drive, not another installation on the same failing drive.
Then be smart;
* Don't download or open up any old file from the internet or email if it looks suspicious.
* Use a router to connect to the internet and make sure the firewall on the router is active.
* If it's also a wireless router, make sure it is a password protected network, WPA is best, WEP if necessary.
* If you don't use a router, then turn on the firewall in the Sharing system preference.
Following those steps will leave your computer pretty safe from almost all attacks or exploits.
BTW, are Intel Mac's as safe from viruses, worms, and such as the PowerMacs? Are the PowerMacs actually safe or only because of the lower market share.
If you were to put in another user account for internet use and Filevault the main account...
Are people really using Filevault in the wild? I've seen Apple Geniuses tell people that unless you work for a secret branch of the government, FV is more trouble than it's worth.
As for your security concerns, there are no known cracks for MacOS X-none!
Well, until the next security update I guess. It's not like there haven't been a lot of those, eh?
It would be more vulnerable because everything on your other partition can be deleted with a user account. While you are booted into a system, you need admin privileges to affect critical files. Even if that wasn't the case, if someone gained root access, all the drives are accessible because they can be referenced via /Volumes. You could of course unmount the partition but someone could easily mount it again.
What I would say is that if you keep a Time Machine backup or a SuperDuper backup updated regularly on an offline external drive, a hacker could do whatever they wanted, even wipe out the whole drive, then all you have to do is clone your backup back in place.
I'm sure I heard that Leopard has some sandbox features that allows you to run programs with very limited permissions and things. That might do the job but the backup is still the best security.
Marvin, I do SuperDuper backups, so I'm not too concerned about losing info. I'm more concerned about personal and business financial records being accessed.
Well, he said "another MacOS X ??:??," not "the same MacOS X 10.5." But, if you are correct, then this is an even worse idea than what I thought he meant. There is no benefit to having two installations of the same OS version on the same hard drive. It is a waste of space. The most common failure vector other than user stupidity is media failure. In that event, you need a complete backup on a separate drive, not another installation on the same failing drive.
He was talking about hackers, not other failure vectors. And I think you could be more secure if your main installation was on a fully encrypted partition (not Filevault), so you could access the net partition from the main install but not vice versa, and if you physically pulled the network plug every time you boot into the work partition. An attacker would first have to gain root on the net partition, then put a trojan into something that the user will manually move onto the other partition, and then the trojan must transparently slip away your data onto the net partition and later move it - still transparently - in the course of normal network use.
Actually implementing this in anything is tinfoil hat tinkering, of course. Any place this interested in security would not allow the same physical computer that the data resides on onto the Internet under any circumstances.
Are people really using Filevault in the wild? I've seen Apple Geniuses tell people that unless you work for a secret branch of the government, FV is more trouble than it's worth.
I'm gonna enable it first thing after moving onto a bigger HD. Even if you just have all your personal credit card numbers in there, are those really so painless to lose? I understand victims can be dealing with the after effects of credit card fraud for years.
I don't even need to go into breaches of non-disclosure agreements, privacy laws, company regulations, or government secrets. But all of them are a concern with high-tech jobs. We're talking actual money, keeping or losing your job, loss of security clearance etc.
If you just need to keep a few small things safe against a casual laptop thief or burglar that buggers off with your desktop, then an encrypted disk image for the sensitive stuff would probably do. As the amount of stuff grows that must be protected, Filevault becomes more important.
BTW, are Intel Mac's as safe from viruses, worms, and such as the PowerMacs? Are the PowerMacs actually safe or only because of the lower market share.
They run the same software so they are equally secure/vulnerable. Driver exploits might be different but I wouldn't think so. No computer is 100% safe but combining the low market share with the tried and tested security of the unix core of OS X makes for a pretty safe experience. But no matter the security of a system, you should still take steps to secure sensitive documents.
Marvin, I do SuperDuper backups, so I'm not too concerned about losing info. I'm more concerned about personal and business financial records being accessed.
You should be encrypting those. Disk images are the best way to do that as you can mount them easily and they can be read/write. No matter if someone gets those image files, they can't unlock them - Windows users can't even read them because there is no .dmg support and they can't read the filesystem type without 3rd party software. Also, if those files don't need to be in use, keep them offline.
Are people really using Filevault in the wild? I've seen Apple Geniuses tell people that unless you work for a secret branch of the government, FV is more trouble than it's worth.
I would agree with that. They use sparse encrypted images and there are people who have had their images corrupted in a crash and they instantly lose the entire contents of the user folder, all preferences, files, music, everything.
As the amount of stuff grows that must be protected, Filevault becomes more important.
Yeah but it's unlocked while you're logged in until you lock it manually I guess but then you'd have to put in a password to save your internet files if you put them in your user folder. I'd say standalone images are far better.
BTW, are Intel Mac's as safe from viruses, worms, and such as the PowerMacs? Are the PowerMacs actually safe or only because of the lower market share.
PowerPC Macs and Intel Macs are equally secure from hackers, viruses, and spyware. The only situation in which Intel Macs are more vulnerable would be if, after being hacked, some virus used x86 assembly code. But that would require such a virus existing, which it doesn't.
PowerPC Macs and Intel Macs are equally secure from hackers, viruses, and spyware. The only situation in which Intel Macs are more vulnerable would be if, after being hacked, some virus used x86 assembly code. But that would require such a virus existing, which it doesn't.
Computer & Internet Security News
24 June 2004
Mac OS X security myth exposed
http://www.techworld.com/security/ne...fm?newsid=1798
I realize this is an old article. I assume Apple has covered all bases with security patches, etc.
I've heard that Intel Macs will be more vulnerable to hackers, and I want to avoid those problems.
The only reason why an Intel based Mac will be more vulnerable is if you are currently running Windows on it (i.e. via Bootcamp). But that would be a Windows vulnerability, not a Mac vulnerability.
The only reason why an Intel based Mac will be more vulnerable is if you are currently running Windows on it (i.e. via Bootcamp). But that would be a Windows vulnerability, not a Mac vulnerability.
Are you saying that any hacking or virus trouble couldn't spill over to the Mac side? That does make me breathe easier.
Thanks
Are you saying that any hacking or virus trouble couldn't spill over to the Mac side? That does make me breathe easier.
Thanks
Windows cannot read or write to the Mac except with the help of third-party software. Until such technology is included in a virus, your Mac is safe from Windows viruses.
Windows cannot read or write to the Mac except with the help of third-party software. Until such technology is included in a virus, your Mac is safe from Windows viruses.
It can't read/write the filesystem but it should be able to erase the partition, after all the Mac partition shows up in the Windows formatting panel when you install Windows. This is how people have managed to wipe out their OS X installation by accidentally choosing the wrong partition.
The majority of viruses will just target the Windows side though albeit more quickly :
http://macenstein.com/default/archives/280