Security in Mac OS X?

[BusinezGuy]

Hey!

I'm a current Windows user with Windows XP. I have an old Athlon 500 running 128 megs and a Voodoo 3 processor. Needless to say, I'm in the market for a new computer.

Ever since the new iMac with the new OS X has been released, I have been seriously considering purchasing a Mac. It is just a beautiful operating system, and no doubt the iMac is a beautiful and sleek machine.

One of the things I like about XP, however, is the ability to change security settings on an individual file and an individual user. I understand that OS X is running on UNIX (something I know virtually nothing about). Does OS X have the ability to invidually control the security of an individual files and/or user? And, it this accomplished through the GUI interface?

 

[Steve Bosell]

yep

 

[theed]

Macs and unix think very much alike in terms of security, especially now that macs Are unix. Windows is the one that thinks different in terms of security.

Macs have 3 user levels easily accessible.

Normal user, can't install or delete apps from the apps directory. Will likely be able to do most anything they want inside their own directory.

Administrator, which could be considered a power user type of situation. He can do whatever he wants really, but if he tries to do anything weird he gets prompted for username verification. Hard to shoot your foot off by accident with this, but not the right power for a 5 yr old.

root, hidden by default but easily reinstated. Can do Anything and won't get asked twice. A scary account that causes more problems than it solves if used by the feeble minded.

Windows has many many levels of users, the distinctions blur in my mind. File permissions are similar. Windows has like 30 attributes regarding permissions of a folder, and files, and subfolders. The meanings and nuances escape me, and everyone else. Unix style permissions are the absolute minimum number of choices by which you can do everything you want to in terms of security. Macs are zen like this as well. It takes a different mind set to do all of the permissions you want between these two worlds, but all of the power is there.

 

[BusinezGuy]

Wow!

Both those answers were a lot of help. I greatly appreciate it!

I guess I should have asked this before:

What about file encryption? It is pretty easy with Windows. I'd assume that is also supported through the GUI interface for OS X?

 

[theed]

Here's the dilly, yo.

Apple supports AES encryption of it's disk images. AES is a new standard in encryption created with funding from the government to create a solid security encryption for future use.

My file system and user space are not encrypted, but I keep a diary on one disk image and all my passwords, unlock codes, and serial numbers on another. I can back up these virtual disks without fear of the information getting in the clear. I mount them to use them only when I need to, and then they are available to me just like normal mounted disks.

It's about as solid and usable as encryption gets.

 

[fryke]

It would be even more convenient, though, if Apple included encryption on a file basis, best in a contextual menu item in the Finder: Ctrl-Click on a file -> Encrypt with Password. A double-click on the file (wich a lock icon) would then ask for the password. This was a feature of Mac OS 9 that I liked, although at that time it wasn't THAT secure. I also wouldn't use this for _real_ security, but it keeps people from snooping around in private stuff. The disk image way is a way _around_ this feature of Mac OS 9 if you want that functionality.