Security in OS X Lion is a big problem that not many people are aware of, and here’s why: your Lion computer contains the install/recovery disk on the internal drive. That means anyone with a basic knowledge of Mac and Lion can start up your mac and reset your passwords, thereby accessing your user accounts and all your personal data. The same trick can help kids easily get round restrictions applied through OS X’s ‘Parental Controls’ feature.
How is this possible, you may ask? First, a little history. Among the 250 changes vaunted about Lion over its predecessor, Snow Leopard, there is one that is widely known but whose implications are rarely pointed out: you download the OS rather than install it from a disc. In the past, if your OS went bad and needed to be recovered, or you forgot your admin passwords, the simplest answer was to insert your install disk. From that, you could restore the OS and reset your passwords. That made your Mac a little safer (though not entirely safe) so long as your disc was kept somewhere physically different from your computer.
With Lion having no install disc, Apple had to find an answer as to how to provide the recovery option. The solution was to install a Recovery partition on the same disk as the operating system itself. In the event that the OS goes bottoms up and needs to be recovered or re-installed, you just restart your computer holding down the ‘command’ and ‘r’ keys to access the Recovery partition.
So far so good, but likewise, just as with the old DVD install discs, you — or anyone else — can also reset the user account passwords from the Recovery partition. That means your passwords are effectively useless. Anyone who wants to hack your user account just has to restart your Mac holding down ‘command’ and ‘r’ and then use the built-in Password Utility to make new passwords for your accounts. Now I’m not going to tell you quite how to do it (you do need a little knowledge to get the user account names and know how to do the reset) but it is widely publicized elsewhere, and indeed even in Apple’s own online documentation (so if you really want to know, google is your friend or follow some of the links in this post…).
What’s the answer to this security nightmare? Here’s one thing that’s NOT the answer but which I have seen widely touted: setting a firmware password. If you’re not familiar with the concept of the firmware password, don’t worry. It is practically useless, since anyone can reset that simply by taking off the back of your computer, and then pulling out and then putting back in one of the memory chips.
Apple, of course, thought about this problem. Their own solution is to encourage you to use FileVault 2 (FV2) to encrypt all your data. Indeed, this is the BEST solution. Without your password, no one can access the disk on your computer no matter what they do (and that includes YOU if you forget it…). However, there are a couple of drawbacks to FV2. One is that it requires extra disk space, and if you have more than one partition on your hard drive, or a lot of data, and little space you may not be able to encrypt and decrypt your data. The other drawback is that FV2 places a little extra wear-and-tear on your hard disk (though that may be negligible given the security pay off).
Using FileVault 2 is really the only security option if you’re using Lion. However, if you don’t have the space for it, there is a ‘second-best’ strategy (see below why it’s only ‘second best’), and that is to remove the recovery disk and use a clone as your recovery option instead (WARNING: the Recovery disk is required for FileVault 2, so by removing it you will also remove the ability to use FV2).
There’s a couple of ways to remove the recovery partition on your internal disk, but this is probably the best:
1. Clone your current system to an external disk using Carbon Copy Cloner. This will clone your entire system exactly as it is now, but it will not copy the Recovery disk.
2. Still booted into your internal OS (the one on your machine), open Terminal.app and paste the following command:
defaults write com.apple.DiskUtility DUDebugMenuEnabled 1
3. Open Disk Utility.app (Applications/Utilities/Disk Utility.app). In the menu bar of Disk Utility, choose Debug > Show Every Partition.
4. In the left-hand pane of Disk Utility, you can now see the Recovery HD. Click on it. Then click on the Erase tab on the (larger) right-hand pane. Click the Erase button down there on the bottom right.
5. Quit Disk Utility.
Now you can use your bootable clone as your recovery disk if your OS becomes corrupt and no one can boot up your computer with ‘command-r’. If you keep the clone backed up on a regular incremental schedule (you can choose anything from once an hour, once a day, week, or month), you can simply restore a corrupted internal disk to exactly the same state as your last backup.
Why only ‘second best’?
As alluded to earlier, it is still possible for advanced users to start up your mac and reset the password without the Recovery partition (this was also true in Snow Leopard even without the install disc). In fact, what this procedure does is give your OS X Lion installation the same security level as an OS X Snow Leopard installation, which is not actually that great, but better than Lion with a Recovery disk! Also, if you are storing highly sensitive data, don’t neglect the fact that someone who has complete unfettered access to your hard drive could even remove the disk and recover the data using special software.
The short story is if you want to be absolutely certain that your data is secure, FileVault 2 is really your only option.
featured picture Security Workstation by digitalhadz
UPDATE: Please also see How To Troubleshoot Your Mac with FT2.
There can be various reasons why your Mac starts running slowly. Some of these can be app-related – especially if you are making multiple changes in programs that have autosave enabled. Other problems could be due to running processor-heavy apps that need more RAM than you’ve presently got. Before you dash off to Crucial to check out your RAM upgrade options, here’s a few basics to run through:
1. Applications > Utilities > Disk Utility.app
How old is your HDD drive? Click on the top-most hard disk icon in the left column and check the S.M.A.R.T status at the bottom right of the window. Does it say ‘verified’? If it says anything else, back up all your important data and start thinking about buying a new hard disk. If the S.M.A.R.T status is verified, have a look at how much space you’ve got left. A nearly-full disk will slow you down. Generally, it is recommended that you have at least 10% free, but I’d work on getting that closer to 25% for optimum performance. If you have less than that, think about what can be archived onto a backup disk (or two..), such as photos, movies, and even your songs.
2. Applications > Utilities > Activity Monitor.app
What’s using all the CPU time? Is it something you need to be running? Select any obviously unnecessary resource hogs and hit ‘Quit Process’.
3. > System Preferences > Users & Groups
How many apps are in your ‘Login Items’? Remove anything that is not absolutely necessary at start up time.
4. Have you downloaded MacKeeper or other Anti-virus software?
If so, remove it.
5. How recently did you upgrade to Lion and are you using Time Machine?
If you’ve only recently upgraded in the last day or so, or turned your Mac off not long after upgrading, perhaps Spotlight is still indexing (indicated by a dot in the middle of the ‘spyglass’, top right of your screen) or TM is still updating (indicated by the TM indicator spinning in the menubar). Either or these will eventually finish and return your system to (about) normal, but you should let your system run (leaving it in ‘Sleep’ mode will do the trick) for at least 24 hours if you’ve only just upgraded.
6. Did you repair system permissions after upgrading?
Even though the Lion installer should fix system permissions after an upgrade, if you then added any other 3-rd party apps or restore something from Time Machine, repairing permissions is always a good idea. Doing so is harmless, and rules out permissions as a possible factor of poor performance. Do Step 4 here. Unless any are indicted in red type, don’t panic about the permissions errors that come up in the ‘details’ window – many of these can be safely ignored.
7. Clear out your caches
Caches, in general, help to speed your computer up. However, if you’re a heavy internet browser and you’ve never cleared your caches or your history (I mean like in several months), then this is worth doing from time to time. You can clean out Internet caches in Safari or Firefox by choosing Safari > Empty Cache or Firefox > Tools > Clear Recent History > Everything. Your computer has other caches that can usefully be cleared out periodically, too: use OnyX to do so.
8. Is the system slow with just one particular program or while trying to open some particular window?
A couple of things could be going on here. If its your browser, try killing some of those extensions/add-ons – every one of them slows you down just that little bit, and many slow you down a lot. Another possibility is a corrupt ‘plist’ or preference file associated with a particular app. Curing this is a bit more tricky and requires knowing your way around the hidden Library folder. If you think this is your problem, leave a comment below to get further instructions.
featured picture Speedo ©2011 Phil Stokes
iCloud? Time Machine? Noooo……! We’re talking about the best way to backup your precious data, not the most convenient way…
What’s wrong with using the cloud? The fact that you need an internet connection, a password to be accepted, to act in accordance with the T&C of your cloud provider, the fact that someone – government, corporation, hacker – could interfere with your data, lose it or just add unwanted stuff to it. Also, if you want to backup your whole system then the various free storage offers are not going to be big enough to do the job, and you’re going to end up paying a lot more than if you backup your system properly.
How about Time Machine? Yes, it’s simple and convenient and pretty much automatic, but its not secure. TM has three major problems. First, it doesn’t allow proper archiving so anything you delete from your HDD will eventually get deleted from TM. Second, it doesn’t tell you what it’s doing before it does it, meaning you are at the mercy of its automated decisions. Third, it’s not bootable. If your whole system crashes or your HDD just fails, Time Machine won’t help you. You’ll have to restore the system or replace the HDD before you can use your machine again.
But there is a much better way, and aside from you providing the hardware (a couple of external hard disks), one that’s also free. The most secure system is to run an hourly or daily scheduled cloner on one disk, and a weekly cloner on the other. You can use SuperDuper or, my own favourite, Carbon Copy Cloner.
If you want to read up on and understand the various backup options and what they entail, you can’t do better than to read this superb post by Apple Discussions member ds store.