MacSTAC was founded on April 1, 1978 as an Apple II MUG. We are a community group with members from all walks of life, careers and levels of ability. We welcome all Mac users to improve their knowledge and, in turn, share their Mac knowledge with others.

Saturday, December 13, 2008

Anti-theft options for Mac portables

Mac portables have always been attractive to thieves, and can be sold quickly on eBay or other sites. Over the years, many users have inquired about the best ways to secure their laptops. Although there are many solutions for users to consider, here are a few recommendations:

Hardware solutions:

Key/combo locks. The most popular solution is to take advantage of the Kensington security slot that's available in most MacBook computers. Users can purchase a number of locking devices that are compatible with lock slots, with options available to suit the user's convenience. Laptop locks generally come in two varieties: Keyed and combination, each which have their advantages and drawbacks.

Keyed locks Although they are recommended over combination locks, some designs of key locks can be easily broken into. A few years ago, news headlines and YouTube videos showed how easy it was to break into some round-key locks by using the housing of a ball-point pen. As such, if given the option it is recommended to avoid round-key locks.

Combination locks Combination locks provide convenience, but with a set number of combination possibilities users should consider the environment in which the computer will be locked before going with a combination lock. If users plan on leaving their computers in the same place for extended periods of time (such as a dorm room or office cubicle), then a keyed solution might be better than a combination lock. Considering 10,000 possible combinations for a standard 4-digit lock with 10 numbers per digit, a determined thief could get through all those combinations in under 3 hours in total. This means combinations could be tried in intervals until the lock is broken.

Lock Recommendation: Kensington Microsaver DS

Bracket/Tie-Down locks For the super-paranoid, some companies make bracket locks that clamp around the whole laptop body, and then chain or bolt it to a desk or other immovable object and hold the laptop securely in both the closed and open positions. While a little more pricey than standard laptop locks, these solutions are definitely more robust and might provide more of a visual deterrent. Unfortunately they're not so portable, but may be useful for some computers that do not have kensington key locks, such as the MacBook Air.

Recommendation: "Computer Security" solutions

USB alarms Although locks are the best way to secure a computer, another measure in conjunction with locks would be to use a USB alarm system. Users can plug these devices into a USB slot and set them either with a software password or with a device key so if the computer is moved or the device is unplugged, it will sound a loud alarm. The drawbacks of this type of system is users will need to be nearby, and as such is probably only good if someone is going to be away from the computer for a few minutes at most. There are also relatively few of these devices available.

Recommendation: Belkin F5L013 Security Alarm

Software Solutions

"Lo-jack" software packages Several companies provide software "lojack"-like solutions for tracking stolen computers. While this is not a deterrent from theft, users can hopefully use these software solutions to locate stolen laptops. They have many features including faking hardware malfunctions so the thief might try getting the computer serviced, at which point the computer attempts to notify the service center about the theft. Additionally, they can take advantage of the iSight camera to take pictures of the thief.

Recommendations: "Undercover" by Orbicule"iAlertU" by SlappingTurtle

Built-in security measures While there are no real theft-deterrent features built into the OS, Apple does provide a relatively robust method for securing user data and passwords; however, by default the system is set up to be relatively open. This default allows users to seamlessly access their files and passwords by only providing one instance of authentication credentials at login, then managing most other authentication through the keychain. This feature is very convenient for users, but leaving a laptop unattended can give unauthorized access to anyone who sits down at the computer.

There are a couple of ways users can ensure their files are secured from unauthorized access. The first is to manually lock the screen before leaving the computer unattended. To do this, open the "Keychain Access" utility and in the preferences choose "Genera" and enable "Show Status In Menubar". This will make a small lock menu available which will allow users to lock the screen or keychain on-demand. Alternatively users can set the option to require a password to be woken from sleep or screensaver, and when leaving the laptop just close the lid. The key to this type of security is habit, and it is recommended that users get into the habit of locking their screens when they leave their computers. A skilled thief can easily get files and passwords if people leave their computers in an unlocked state.

Beyond the options that require users to actively lock their systems, OS X has several features to increase security behind the scenes. The first is to enable FileVault on the system which secures the user's home folder in an encrypted disk image. In the event of theft, with FileVault enabled there is virtually no way for thieves to access sensitive data. If users are concerned about the drawbacks of FileVault, such as the need to log out for it to work with Time Machine, or data access in the event of a crash, users can store sensitive files in a dedicated encrypted disk image which can be created in Disk Utility. MacFixIt previously outlined this procedure. Dedicated disk images can be set to open at login, and will prompt users for passwords that are separate from those stored in the keychain and other parts of the system. Therefore, even if a thief dissects the computer and removes the hard drive for access to files, the disk image will still secure the files.

Lastly, Apple provides some extra security features in the "Security" system preferences pane, which further help lock down the computer if users are fearful that someone could access their files. It is recommended to at least turn on the option to disable automatic login, so unauthorized users will not be able to access files on a locked computer just by restarting it.

No comments:



Blog Archive