Sharing is a good thing when you’re in kindergarten – or when you’re trying to stick it to the RIAA. But not when your personal data is involved.

Sharing can be unintentional. Perhaps your MacBook could be picked up by a stranger while you’re out and about. Maybe your Mac Pro is in a public place where others could have physical access to it; maybe you share use of your iMac with someone else. Or perhaps you just aren’t sure if your Mac is safe from attacks on your home or business network.

Any of those situations could lead to unwanted access of your personal documents. Most Mac enthusiasts will be quick to point out the platform’s UNIX-based security, and it is secure – but not impenetrable. Luckily, there are a few simple settings and techniques that will help keep peoples’ hands off of your stuff, whether your digital guests are invited or not.

A caveat: Security, even Mac security, is a topic large enough to warrant a series of articles (not to mention a series of books). This is by no means an exhaustive overview but rather a starting point for some of the built-in protections not all Mac users will be aware of.

Also, this article assumes that you are using Mac OS 10.4.

First Stop: System Preferences

System Preferences is usually the first stop for system settings, and for security, there are three basic panes to know about: Software update, Sharing, and, well, Security.

The first is simple. Run Software Update regularly to get the latest security patches from Apple. In the preference pane, you can have your computer automatically check for updates, and you should. Sharing is easy too. Just keep all services off – unless you absolutely need them for something – and keep the firewall turned on. Check out the advanced options for the firewall as well, in case you want to take advantage of them.

The Security pane takes a little more explanation.

One easy way to protect your work when you leave your desk is to check “require password to wake this computer from sleep or screen saver” in the security pane. Then, put the computer to sleep or turn on the screen saver when you leave your desk. Prying fingers and eyes won’t be able to examine your data while you’re away because they’ll need your password to get into the computer.

You’ll also want to check “disable automatic login” to prevent people from seeing your stuff simply by turning on your computer. Just be sure you know your username and password – you’ll have to enter them every time you start up your computer.

The other options are for the slightly more obsessive. FileVault will encrypt all of the files in your home folder when the computer is not in use, which basically protects you from someone ripping the hard drive out of your computer and copying its contents (think about the chances of that happening). “Secure virtual memory” will encrypt the temporary files your Mac creates while it’s being used – files that can include things like your login password (so you should turn it on).

“Log out after so many minutes of inactivity” is really a personal preference, especially if you have a password on your screen saver. Likewise, “require a password to unlock each secure system preference” will keep unwanted visitors at your desk from changing settings without your knowledge, but if you already have a password for sleep or screen saver mode, it will be tough for unwanted visitors to get in anyway.

So, a simple checklist for the basics:

• Run Software Update regularly.
• Turn on your firewall.
• Turn off all file sharing services except when needed.
• Turn off automatic login.
• Require a password to wake the computer from sleep or screen saver – and turn one of these on when you leave your desk.
• Use secure virtual memory, and if you’re really paranoid, turn on FileVault.

Macintosh: User-friendly Hacking Since 2001

Besides security, ease of use is the other pillar of Mac usage. All that user-friendliness, though, comes with a price. You see, hacking into a Mac can be as easy as pressing a certain key combination at startup.

Well, it’s easy as long as you know your way around a UNIX command prompt – or if you happen to have an OS X install disc in your back pocket. (Pressing Apple+S on startup gives the user root access, which is full administrative access to the computer. And pressing “C” or “option” to boot from the OS X install disc can let anyone access a reset password utility to change the password for any user account – great when you forget your password, not so great when someone else decides to change your password for their own purposes.)

But protecting your Mac from the errant UNIX nerd is almost as painless:

• Get your OS X install disc (you know you still have it) and open it in the Finder.
• Copy the “Open Firmware Password” application from Applications\Utilities on the disc to the Applications\Utilities folder on your hard drive.
• Start the application, set a password, and reboot your computer.
• Remember your password for all time. No kidding.

Now, all those bootup commands will be disabled, with one exception. Pressing “option” will still allow you to choose a disk to start up from – after you’ve entered your password.

Note, though, that sometimes those startup commands are used for troubleshooting, resetting the PRAM, or other good things. For more information, check out Apple’s support document on firmware passwords.

Limiting Users’ Access

If you want to – or simply have to – let others use your precious Mac, there are ways to limit what they can get their paws on.

Go to System Preferences and open the Accounts pane. Create a new user account for this intruder – ahem, user – if you haven’t already. Click on the account in the list on the left and then choose “parental controls” from the buttons at the top of the screen.

The options for Mail, iChat, Safari, and Dictionary are indeed parental controls to limit kids’ access. But the holy grail of user security, be it for child or adult, lies in the Finder & System option. Click the Configure button, and bask in the glow of all the possibilities.

“Simple finder” is the strictest mode, and “some limits” can give the user a little more freedom. In any case, the options are self-explanatory. Click away to decide what your computer buddy(ies) can and cannot do.

Encrypt your DMGs

Say someone somehow makes it through your firewall and your password protection to have unbridled access to your computer. There’s another digital lockbox that can still prevent them from accessing your most important files. It’s also good for storing files on thumb drives and external hard drives, which are easily misplaced due to their portability.

Most Macintosh enthusiasts are familiar with .dmg files – the virtual disk files that, when double-clicked, appear in the Finder like any other drive. Not only can you create your own .dmg’s, but you can also make them password-protected.

It’s a tiny option that may go unnoticed. Open Disk Utility (found in the Applications folder under – you guessed it – Utilities). Type a name for the file, and at the bottom of the window, choose whatever disk size you need. Before you click Create, though, change one more thing: choose “AES-128” from the encryption drop-down menu. Then click Create.

After you do, you’ll get another window to create a password. Type it twice, and usually you’ll also want to uncheck the box to remember the password in your keychain. (Otherwise, what’s the point?) Disk Utility will go through its motions, and the virtual disk will appear on the desktop. Copy your files to it just like any other drive, and then drag it to the trash.

Now, when you double-click to access your virtual disk, you’ll be asked for your password. The disk image contents are encrypted, too. Nifty, huh?

Really Removing Deleted Files

While in Disk Utility, check out one more setting. This one will prevent people from accessing your files that don’t exist any more.

You see, when you empty the trash can the files aren’t completely wiped from the hard drive (unless you use the “secure empty trash” option in the Finder). Instead, they’re just marked as dispensable by the computer so they can be overwritten later when that extra hard drive space is needed. Until then, the files are still technically there and usually retrievable, albeit with some effort.

To prevent someone from retrieving your trashed files, click on your hard drive in Disk Utility’s list to the left, and then click on the Erase button across the top. Click the Erase Free Space button, and choose whichever one of the three resulting security options you wish. Finally, click Erase Free Space, and watch as your files go into true digital oblivion.

This technique is most important – nay, absolutely critical – if you are selling or giving away your computer. In that case, erase the free space, or securely erase the entire disk drive(s), so your data can’t fall into the wrong hands, whether you know the person receiving your computer or not.

In Conclusion

The level to which you use these techniques will depend on your particular needs: Is your computer used by more than one person? Is it in a public or private area? Is it an easily-misplaced laptop or a hard-to-lose-track-of desktop? It’s up to you to decide what makes the most sense for your situation.

Whatever you do decide: remember your passwords. Many of these tips are contingent on password-protection, and sometimes the password is tough – if not impossible – to recover when lost or forgotten.

Happy – and safe – Mac-ing.