Macs are fairly secure out of the box. In general, you don't have to worry about viruses or hackers like you do with Windows, were this is a realistic fear. However, MacOS X is based on UNIX, and UNIX can be cracked, if you're talented and/or ethically challenged. Security guides for other kinds of UNIX like Linux, Solaris, FreeBSD, and IRIX are widely available on the internet, and OS X is no exception. OS X avoids many of the mistakes of UNIX-like operating systems of the past, like running services by default after install, and OS X has had a good security track record since it was introduced – no major virus outbreaks or worms and very few cracker tools.
However, if you are in certain industries in the United States, such as Health Care, a publicly traded corporation, or a government agency, the United States has laws like HIPPA and Sarbanes-Oxley that regulate how maintain your computers. If so, computer security is something you need to take seriously.
Law or no law, security is mostly common sense and not being ignorant. A nicer way to say it is that computer security is a good way to learn to be less superstitious about computers.
Here's a few places to start for Apple-specific security:
The NSA - yes, the U.S. National Security Agency - has a series of free guides to help the public secure their computers and networks. Their advice ranges from the basic steps to extreme measures, with the idea that you can and should pick and choose what advice you want to follow in locking things down. Look under "Operating Systems" in the menu on the left and download the guide for 10.3 Panther or 10.4 Tiger, depending on what you are running.
Apple touts their security features here in brochure format. Their Product Secuirty Page has email and phone contacts for security, as well as their PGP key, mailing lists, security certifications, where to find security updates, and web server security issues. An introductory article for programmers and web developers describes basic UNIX security and links to more resources on the web. The security guide for Tiger is available as a PDF.
FreeBSD is the operating system OS X is based on, for the most part. When people say "OS X is based on UNIX" FreeBSD is the UNIX it is based on. Learning FreeBSD is a great way to learn UNIX and to understand OS X at the same time. Any security guide for FreeBSD, in general, will be helpful for OS X too. By "in general" I mean "sometimes" and "kinda sorta". Start with the Documentation, which is very professional. Books on FreeBSD are easy to find at any bookstore, i.e. Borders / Barnes & Noble, Amazon.com, or your local library.
The SANS Institute report on OS X is kept up to date with the current version. SANS is a clearinghouse and nexus for security information on-line.
SecureMac is a website devoted to Apple and OS X security. They have links to security and anti-virus utilities for OS X. MacGeekery has a basic guide, but NSA Security Guide is more complete and just as straight-forward.
Princeton University also has a guide for teachers and students to lock down their computers. Many colleges offer such guides to curtail the spread of viruses, cut down on the number of phone calls they get, and put the onus on the teacher/student to be responsible for their computer(s).
Most people I've met who worry about security worry that someone has "broken into" their computer or connects to it over the internet, especially if they have broadband. This can be very stressful because it's easier to suspect your computer has been cracked than to prove that it hasn't been. That kind of thinking will drive you crazy, even if you have reason to think you might be right.. Here are some tools I recommend to people with those fears:
For most people, the NSA Guide is good starting point, especially if you aren't an expert. Follow the basic suggestions in the NSA Guide, you should be fine.
Send in your questions! Email them to
