JonHoyle.com Mirror of MacCompanion
http://www.maccompanion.com/archives/May2006/Columns/Screensavers.htm

 

Security 101

http://www.applemacpunk.com

applemacpunk at cox.net

Don’t Forget The Screen Saver: Security Where You Least Expect It

by Kale Feelhaver aka: Applemacpunk

Most Mac users are surprised to find that the screen saver is considered a security tool. In reality, the screen saver is a highly effective security tool which can be easily configured to help harden Mac OS X. Building upon last month’s article (Security 101: Secure Building Blocks), this article will take a look at how to configure your screen saver to increase security on your Mac.

Scenario… you’re at a coffee shop using the free Wi-Fi. You see a friend of your across the room. You get up to go talk to him, and leave your laptop sitting on the table. You’re not worried about it, because you can see it from where you are at. You’re talking to your friend for several minutes, and then you decide to go get another cup of coffee. You turn your back on your laptop while you walk through the line. Keep in mind it is still logged in and on the Internet. During this time anyone could walk by and surf explicit URLs, steal your saved passwords (how many of you save passwords in your browser?), or physically carry the laptop off and proceed to steal your data in a less public place. They could do all this without ever having to enter a password. A screen saver could’ve been configured to automatically lock your screen after several minutes. It can also be configured to lock the screen on command.

To configure your screen saver, launch System Preferences, click the Desktop & Screen Saver pane, select the Screen Saver button, and click the Hot Corners button. Set one corner for Start Screen Saver and another for Disable Screen Saver. Then choose a reasonable amount of time before the screen saver starts (ie: 10 minutes). After you have done this, click the back button to return to System Preferences and click the Security pane. Make sure Require password to wake this computer from sleep or screen saver is checked, along with Disable automatic login.


Setting hot corners allows you to invoke the screen saver immediately, or override it if needed. The Require password to wake this computer from sleep or screen saver box will lock the computer any time the screen saver starts. This is a very strong security feature. If you leave your Mac unattended, it will automatically lock when the screen saver starts. If you want to lock your computer immediately, you can simply pull the mouse into the hot corner and invoke the screen saver. If you are using your Mac for a presentation, or other event when you don’t want it to lock, simply drag the mouse into the hot corner, which you set to disable the screen saver.

Disabling automatic login will override the automatic login feature, even if someone turns it on in the Accounts pane. This is extremely handy for a laptop Mac. In the above coffee shop scenario, let’s pretend like the user had done all of the above except disabling automatic login. The bad guy grabs the laptop, runs out of the coffee shop and takes it to his lair. At this point he notices that you locked the screen. He proceeds to pull out the battery, powering the laptop off. Then he replaces the battery and powers the laptop back on. If you have automatic login enabled, he now has access to your data. The bottom line here is to always, always, always, always, always disable automatic login, unless the machine has a special restricted account intended for that purpose (ie: kiosk computer).

Maybe you don’t want to mess with the hot corners, but you want an easy way to invoke your screen saver. Launch Keychain Access (/Applications/Utilities/Keychain Access.app) and choose Preferences from the Keychain Access menu. Check the Show Status in Menu Bar box, and a new lock icon will appear in your menu bar. Now to lock your screen quickly, simply choose Lock Screen from the lock menu. The screen saver will engage immediately, and the screen will lock. To disengage the screen saver, you will need the account password.

The screen saver is a useful security tool for laptops, desktops, business computers and home computers alike. Let’s revisit our coffee shop scenario after applying the changes to your screen saver. You see your buddy across the room, you choose Lock Screen from your handy lock menu, and walk across the room to engage in conversation. Meanwhile, the bad guy moves stealthily across the room spying for an unlocked laptop. He sees your Mac running the screen saver and wonders if you were smart enough to require a password to unlock the screen saver. He walks by and casually bumps your keyboard to check. Immediately, he is greeted with a logon box. As he moves closer to the door, he spies an unattended Dell running Windows XP. “I’ll just grab that Dell,” he thinks to himself, “I don’t really understand Macs anyway.”


















Contact Us | ©1996-2007 MPN LLC.

Who links to macCompanion.com?