Mac OS X 10.0.4

Mac OS X 10.1

Mac OS X 10.2 (Jaguar)

Chapter: 18, Securing Mac OS X
Section: Various (see below)
Page: Various (see below)Mac OS X 10.2 (Jaguar) introduces still more changes and additional security issues:

1. Section: Physical Security, Page 357-359

Manual login is now enabled through the "Accounts" System Preferences window.

The "Screen Saver" System Preferences window is now called "Screen Effects."

2. Section: Safe Surfing, page 362

The Mail app now includes a number of secure e-mail features, such as encryption through Secure Sockets Layer (SSL) and outgoing mail authentication through SMTP.

3. Section: Mac OS X's model for securing services, page 364

You now create accounts using the "Accounts" System Preferences window.

4. Section: Securing Mac OS X Services, pages 365-370

New services include Windows File Sharing, Apple Events (added under Mac OS X 10.1) and Printer Sharing. It is especially important to keep Windows File Sharing disabled (which it is by default) unless absolutely necessary. Since Windows file sharing is one of the most often-hacked services on the Net, if you need to enable it, be sure to use a personal firewall to restrict access to only those users who need it.

Mac OS X 10.2 also includes the new iChat application. iChat enables simple chatting (instant messaging) with other 10.2 users as well as with anyone using the AOL Instant Messenger application.
Communication over iChat should be considered as insecure.
Additionally, any files exchanged could well contain viruses.

5. Section: Viruses, page 371

Apple now includes McAfee's Virex anti-virus protection as part of a .Mac (previously iTools) account.

6. Section: Personal firewalls, pages 371-374

A very basic user interface to Mac OS X's built-in ipfirewall functionality is now included as a tab in the Sharing System Preferences window, providing an easy-to-use built-in firewall solution. This solution provides no logging capabilities, however, making it impossible to detect and respond to most security threats. It also does not provide the ability to block (or allow) access by specific IP addresses. In most cases you will want to look at one of the many alternative solutions available.

7. Section: Just say No to FTP, page 377

Since Windows File Sharing is now included in the Sharing System Preferences window, it is now even easier to avoid the use of FTP for file sharing.

8. Section: Home Networking, page 378

NAT gateway functionality is now included through the "Internet" tab in the Sharing System Preferences window, letting you easily share an Internet connection with other machines on your home network.

9. Section: Wireless Networking, page 378

Full support for administrating AirPort base stations is now included. Access to AirPort networks in available through an icon in the menu bar, as well as through the Internet Connect application.

10. Section: Internet Security at Work, page 379

Mac OS X 10.2 now includes built-in VPN capabilities, through an option in the Internet Connect application. Currently only the PPTP protocol is supported.

Chapter: 18, Securing Mac OS X
Section: Various (see below)
Page: Various (see below)

Mac OS X 10.1 introduces some changes and additional security issues:

  1. Section: Physical Security, Page 357. ALERT!! IDISK UNDER MAC OS X 10.1 IS SIGNIFICANTLY LESS SECURE THAN UNDER PREVIOUS VERSIONS OF MAC OS X. In Mac OS X 10.1 your iDisk is accessed using the WebDAV protocol (see "Other alternatives" in chapter 14) rather than AFP. Like AFP, WebDAV is supposed to not send your password over the Internet, so in that respect it should be as secure as AFP. However the implementation of WebDAV in Mac OS X 10.1, as used with iDisk, violates the WebDAV specification and sends your password in a way that makes it easy for hackers to discover. USING IDISK UNDER MAC OS X 10.1 COULD EASILY RESULT IN DISCLOSURE OF YOUR PASSWORD AND FULL ACCESS TO YOUR IDISK BY OTHERS. NOTE: This problem is fixed in the Mac OS 10.1.1 update. IF YOU ARE GOING TO USE IDISK, BE SURE TO INSTALL THE 10.1.1 UPDATE.

  2. Section: Client Overview, Page: 351. Mac OS X 10.1 implements access to AppleShare servers, through the "Connect to Server" menu item, over AppleTalk as well as TCP/IP.

  3. Section: Client Overview, Page: 352. Mac OS X 10.1 additionally includes an SMB client, allowing the Mac OS X machine to connect directly to Windows machines running the Windows built-in file sharing, or to Windows servers. See "Windows machines" in chapter 17.

  4. Section: Services Overview, Page: 355. Mac OS X 10.1 includes Program Linking capabilities, over TCP/IP only (not over AppleTalk). Program Linking is enabled through the Network System Preferences window.

  5. Section: Wireless networking, Page: 378. Mac OS X 10.1 includes full support for administering AirPort base stations.

Chapter: 18, Securing Mac OS X
Section: Personal firewalls
Page: 374

With Mac OS X 10.0.4, the built-in ipfirewall software protects the Classic environment as well as native Mac OS X. So any personal firewall based on ipfirewall (such as Brickhouse or Norton Personal Firewall for Mac OS X) should protect Classic with this and subsequent releases of Mac OS X.