You can password protect files and folders in Mac OS X by using a trick with disk images. Here’s how it works; by placing files inside of an encrypted disk image, that disk image will work like a password protected folder and require a password before it’s mounted, preventing unauthorized access to all of the contents.

How to Password Protect Files & Folders in Mac OS X with Disk Images

Do this along with general password protection for maximum effect.

• Launch “Disk Utility” located in /Applications/Utilities
• Click on the “New Image” button at the top of the app



• Name the disk image and set a file size that is appropriate for what you intend to store in there
• Click on the contextual menu alongside “Encryption” and choose either 128 or 256-bit encryption (256 is stronger)



• Click “Create”
• At the next screen you will set a password to access the folder – do not lose this password, you will not be able to open the disk image if you do
• Optional: Uncheck the box next to “Remember password in keychain” – only do this if you’re the only user on the Mac, otherwise anyone can open the image without the password



• Click “OK” to create the disk image

The encrypted disk image is now created. Now you need to locate the image, mount it which will require the password set in the creation process, and drag files and folders into the mounted image that you want password protected. The default location for new disk images is the Desktop, but if you saved it elsewhere, look there instead.

Once you are finished copying files and folders to the mounted disk image, eject it like any other disk and the contents will be safely protected within, requiring the password to access again. Because the files and folders have been copied, you’ll want to delete the originals so they aren’t visible to anyone else. Again, do not lose the password set or you will not be able to get access to the contents of the encrypted disk image.

This should not be considered a replacement for setting a general password for a Mac, and it’s always a good idea to lock down the screen when you’re away from the computer. Filevault also provides encryption and security features, but older version have some potential speed drawbacks that are particularly noticeable on non-SSD drives, this is mostly a non-issue for OS X Lion, however.

The root user is a special user account with high level system-wide access privileges intended for system administration, monitoring, and in depth troubleshooting purposes. By default, root user is disabled in Mac OS X for security purposes, but if you need to enable superuser, this guide will show you how to do so in OS X 10.7 Lion.

If you do not have a specific need to enable root, you should leave it disabled.

Enable Root User in OS X Lion

This process also sets a password for the root account.

• From the Mac OS X Desktop, hit Command+Shift+G to bring up Go To Folder and enter the following path:

/System/Library/CoreServices/


• Inside CoreServices folder, locate and launch “Directory Utility”
• Unlock “Directory Utility” by clicking the padlock icon and entering the administrator password
• Pull down the “Edit” menu and select “Enable Root User”
• Enter and confirm a password to set the root users password and to enable the account

Be sure to set a strong password for the root account. If you’re bad at picking passwords or you just want the security advantages of randomness, generate one randomly from the command line.

With root now enabled, the account can be used freely. It will not appear in the Users & Groups preference pane.

The root account can access, read, and write to all files on a system, even if they belong to someone else. Additionally, root can also remove or replace system files. This is why it’s a potential security risk to leave the account enabled aimlessly, or to use a weak password with the account.

The Directory Utility control panel can also be used to change a set root password through the Edit menu, or that can be done through the command line using sudo passwd, similar to changing the root password in iOS devices.

Creating a password protected zip file is easy in Mac OS X and does not require any add-ons or downloads. Instead, use the zip utility that is bundled with all Macs.

If you’re familiar with the command line, the syntax of the encrypted zip command is as follows:
zip -e [archive] [file]

If you’re not sure how to use that, read on to learn how to create zip archives encrypted with passwords. These encrypted zip files will maintain password protection across platforms, meaning you can send a protected zip file to a Windows user and they will still need to enter the password in order to view the contents.

Set a Zip Password in Mac OS X

You can create password protected archives of files and folders:

1. Launch the Terminal from the Applications > Utilities folder
2. Type the following command:

zip -e archivename.zip filetoprotect.txt

3. Enter and verify the password – don’t forget this

The resulting archive, in this case named “archivename.zip”, is now encrypted with the password provided. The file that was encrypted, “filetoprotect.txt”, is now inaccessible without entering that password.

Example: Zipping a Folder and Setting a Password
Here is an example of what this will look like from the command line, in this case we are compressing and password protecting the entire ‘Confidential’ folder located within the users /Documents directory, and the password protected zip is being placed on the users desktop for easy access:
$ zip -e ~/Desktop/encrypted.zip ~/Documents/Confidential/
Enter password:
Verify password:
adding: ~/Documents/Confidential/ (deflated 13%)

Notice the password will not display, this is normal behavior for the Terminal.

Opening the Password Protected Zip

Despite being created at the command line, you do not need to unzip the file from the terminal, it can be expanded from the Mac OS X Finder or within Windows using standard unzipping apps. Just double click on the file, enter the password, and it will decompress. You can also decompress the zip archive from the command line with:
unzip filename.zip

Here are some use cases for password protected zip archives:

• Password protecting an individual file or directory
• Sending a sensitive and encrypted file over an unencrypted network
• Emailing confidential data to a Windows user
• Adding an additional layer of security to a hidden folder
• Password protecting your own backups, outside of Time Machine

While this can provide some protection on a per-file or folder basis, it’s always a good idea to password protect the Mac in general with a login requirement on system boot, wake from sleep, and waking from the screen saver.

If you’ve been following the Carrier IQ brouhaha and ensuing fallout, you might be interested to know that it’s very easy to disable the Carrier IQ service, logging, and reporting on iPhone or any other iOS device:

• Tap on “Settings”
• Go to “General” and tap on “About”
• Tap on “Diagnostics and Usage”
• Tap on “Don’t Send”

If this was already disabled for battery saving purposes or whatever other reason, you should have nothing to worry about, if not, then this should prevent Carrier IQ from sending any data over to Apple.

For some background here, Carrier IQ is network diagnostic software that some cellular carriers have been installing on smartphones and tablets. Going beyond just gathering network diagnostics, Carrier IQ was found on some Android phones to be gathering personal and private information, including phone call logs, text message content, and even encrypted web searches, or, put simply, it’s a substantial invasion of personal privacy. Later, renowned iOS hacker chpwn found references to Carrier IQ in some versions of iOS, but it isn’t nearly as nefarious as what was discovered on Android, doesn’t track nearly as much personal information, and thankfully, it’s much easier to disable.

Keep in mind that Apple also told WSJ’s AllThingsD that they stopped supporting the feature in iOS 5 for most of their products, saying the following:

“We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”

We should expect an update to iOS in the near future to address this on any remaining devices.

If you are using a public Mac or are just concerned about things like keyloggers and other potentially unauthorized access to your keystrokes, you can enable a feature in Mac OS X Terminal app that secures keyboard entry and input into the terminal. According to Apple, this feature “prevents other applications on your computer or the network from detecting and recording what is typed in into Terminal“, making it a good additional security measure when such precautions are needed. Enabling it is extremely easy:

• Pull down the “Terminal” menu and select “Secure Keyboard Entry

Using a personal Mac likely makes this an unnecessary precaution since the risk is very low, but it’s a helpful tip if you’re using another untrusted computer or in a situation where you’d be concerned about another application capturing keystrokes.

Be warned that enabling “Secure Keyboard Entry” will interfere with most password managers and anything else that attempts to automatically type and interact with the Terminal for you.

Private Eye is a free real-time network monitor app for Mac OS X 10.7+ that is extremely easy to use. Launching the app, you’ll start to see all open network connections, and you can then filter connections by app, monitor all open connections, or watch only incoming or outgoing transfer.

Connections are reported by application, the time of the connection, and arguably the most useful, the IP address that is being connected to by the app. If you have any interest in networking, security, or you just want to keep an eye on what apps are connecting to the internet and to where, you should download this app.

• Download Private Eye now (direct link) or visit the developers home

This is a simple yet powerful tool without the complexity or the learning curves related to compiling and using the command line tools lsof, watch, open_ports, or wireshark. Highly recommended.

Well here’s a security flaw in iOS 5 that will quickly get patched: anyone with a magnet (or a Smart Cover) can bypass the iPad 2′s locked passcode screen and access whatever app was previously left open. The passcode bypass was discovered by 9to5mac, who recorded a video demonstrating the security breach (embedded below).

From a locked iPad 2:

• Hold down the power button until the the slider appears across the top
• Close the iPad 2′s Smart Cover or swing a magnet over the magnetic points around the screen rim, then remove the Smart cover or magnet
• Click “Cancel” at the bottom of the lock screen

You’re now at the iOS 5 springboard, but the biggest security threat is when users have left an app open with sensitive data, since the lockscreen is bypassed directly to it. This could mean

Protection Against the iPad 2 Lock Screen Bypass:
For the time being, iPad 2 users are encouraged to disable the “Smart Cover unlocking” feature found in Settings > General.

Here’s the video showing the password bypass:

We recently wrote about the dscl utility and how it allows a Mac OS X Lion user to change a password without knowing the existing password. The lack of required admin authentication has since been widely reported as a bug, and a small Security Update will likely be issued by Apple sometime in the near future. Nonetheless, if you’re paranoid about someone getting ahold of your Mac and changing the user password without authorization, you can manually change the permissions of the dscl utility yourself, forcing it to require administrative privileges in order to be run.

• Launch Terminal (located at /Applications/Utilities/)
• Type the following command and hit return:

sudo chmod 100 /usr/bin/dscl

• You will be asked for the current administrative password to confirm the permissions change, enter it and hit return

This is a simple permissions fix that likely mimics what an official security update will do. Using sudo chmod 100 states that only the owner (root) is able to execute the dscl command, which effectively prevents other non-admin users from accessing the directory services utility without using the sudo command, and thus the administrator password.

There may be some unintended consequences of changing those permissions, but it’s unlikely to effect most users. If you do encounter some problems you can always change the permissions back, which look to be set as 755 by default.

A big thanks to “Tjb” who left this tip in the comments!

Update: Jim T left the following recommendation in the comments, suggesting another chmod command to change the permissions:

Instead, do this:

sudo chmod go-x /usr/bin/dscl

That will -only- remove the execute permission on group and other, leaving the other permissions (read & write, and root’s full permissions) completely as was before the change. To reverse, do:

sudo chmod go+x /usr/bin/dscl

Only touch the stuff you need to touch!

His reasoning is that chmod 100 is too restrictive in that it changes the command to execute only, where as before the root user could read, write, and execute.

Renowned jailbreaker i0n1c, aka Stefan Esser, has put together a rather extensive presentation titled “iOS Kernel Exploitation” that explains exactly how jailbreaks work, ranging from how the exploits are found, how new code is injected into the iOS devices, how untethers work, and so much more. It was presented live at last months Black Hat security conference, but now the slides are freely available on the web for all to see.

The 97 slide presentation includes the following main topics and dives into very specific details:

• Introduction
• Kernel Debugging
• Kernel Exploitation
• Stack Buffer Overflows
• Heap Buffer Overflows
• Kernel patches from Jailbreaks

This is a fairly technical read with plenty of code samples, making it an extremely interesting look into the world of jailbreaking and iOS security. It’s pretty much a must read for anyone interested in security, development, iOS, Mac OS X, or just jailbreaking in general.

Download the presentation slides in PDF format here (.pdf) or check out the embed below:

These jailbreakers are a pretty smart group of people, it’s no wonder Apple and Facebook are busy hiring them!

Heads up to @pod2g and @i0n1c on Twitter, you can follow @osxdaily on there too.

FileVault 2 is the all new disk encryption method that comes with Lion, and it’s more secure than ever, using XTS-AES 128 encryption on your entire disk, as opposed to just the user directory as in past versions. The other huge change that came with FileVault 2 is the significant performance boost, where using full disk encryption barely makes a dent on system performance.

Just how fast is FileVault 2? See for yourself with these benchmark charts on a variety of SSD and traditional hard drive configurations.

Impressively, overall read and write performance is barely effected despite the drive being completely encrypted. Your data is truly safe, without much performance sacrifice.

If you want to read more from a hands on example, take a gander at ThePracticeOfCode’s FileVault 2 comparison on a 2011 MacBook Air vs a 2010 MacBook Air, which also the source of the two upmost graphs. That link is via Shawn Blanc, who sums it up nicely:

it’s likely you won’t even notice that [FileVault is] on. The truth is, the benefits of Lion’s disk encryption far outweigh the nearly insignificant drawbacks, especially if you’re talking about a new laptop with an SSD in it.

Those top two examples are SSD’s though, what about traditional spinning drives? Looking around, I came across Max Cho’s benchmarks, comparing the performance on a standard spinning 320GB Hitachi drive, and with the exception of a slower boot time, the results are practically identical, showing FileVault 2 is extremely fast on a traditional hard drive as well.

Max’s results are also on a Core i7 MacBook Pro, showing that Intels AES encryption instructions built directly into the 2010+ Intel Core CPU lineup are extremely effective at handling on-the-fly decryption and encryption while barely impacting performance.

Bottom line: if you have a Core i3, Core i5, or Core i7 processor, you’ll barely notice the impact of disk encryption, regardless of whether you’re using an SSD or traditional platter drive. Is a tiny performance hit worth the peace of mind of total data security? You’ll have to decide, but if you have sensitive data and a newer CPU on your Mac, it probably is.

If you want to enable FileVault 2 yourself, you can do so in the “Security & Privacy” panel of System Preferences. You can even store the key with Apple which can be retrieved by answering some standard security questions, making it virtually impossible to accidentally lose access to your own data if you forget a password or lose the encryption key.

Think you have a secure iPhone password? Check this list, you might be using one of the freakishly common passcodes out there, and if so, it’s time to change it. These were compiled by an iOS developer who anonymously captured the passwords through his app:

• 1234
• 0000
• 2580
• 1111
• 5555
• 5683
• 0852
• 2222
• 1212
• 1998

If you find yours on this list, you should do yourself a favor and change it. Make your code unique enough that it’s more secure, just don’t make it so confusing that you forget it and have to reset the passcode – resetting means you’ll lose all the data on your iPhone.

Another good security idea; Set your iPhone to erase all data on 10 failed password attempts. What are the odds you’re going to enter your incorrect password 10 times in a row? Slim, even if you’re extremely inebriated.

The common password list comes from an iOS developer who anonymously captured 204,508 passwords through the app called BigBrother Camera Security. The developer describes the problem of using one of the 4 digit codes from the above list:

Formulaic passwords are never a good idea, yet 15% of all passcode sets were represented by only 10 different passcodes (out of a possible 10,000). The implication? A thief (or just a prankster) could safely try 10 different passcodes on your iPhone without initiating the data wipe. With a 15% success rate, about 1 in 7 iPhones would easily unlock–even more if the intruder knows the users’ years of birth, relationship status, etc.

Are you one of the 1/7 iPhones? I’ll admit, I used 0000 for a long time as my password. Not because I thought it was secure, but because it was a small barrier to prevent random gazers from creeping around my iPhone, yet easy enough that I could quickly bypass it.

The iPhone is becoming more and more of a personal device. Everything from your emails, online banking, credit card processing, think about what you store on your iPhone and how you probably don’t want that in prying hands should you lose your phone. Best case scenario someone will return it to you if you set an “If found” note as the lock screen image or you setup Find My iPhone, or maybe someone will just buy a coffee and set a stupid Facebook status and move along, but there’s certainly potential for worse.

A little precaution now could prevent a big headache in the future. Heads up to MacGasm for the find, they also put out a random number generator if your creativity is stumped, check it out here.

A recent anti-malware Mac OS X security update was released that defaults to automatically downloading and maintaining an active definitions list of known Mac OS X malware threats. This list comes from Apple and is likely a very small file that is transmitted to your Mac, imposing minimal bandwidth usage.

For 99.99% of users, you should keep this option enabled and get the definition list automatically, it helps secure your Mac.

How to Opt-Out of the Updated Malware Definitions List in Mac OS X

This is not recommended and could expose your Mac to security vulnerabilities. If for whatever reason you do not want to automatically download the daily updated Mac malware definitions list from Apple it’s very easy to disable. After the Security Update is installed, do the following:

• Launch System Preferences and click on the “Security” panel
• Under the “General” tab deselect the checkbox next to “Automatically update safe downloads list” – note this may leave you vulnerable to future variations of malware

Some of you are probably wondering why anyone would want to opt out of receiving the definition list. Maybe it’s to test the affects of malware on a crash box, maybe you have limited bandwidth or connectivity options and don’t want to use any unnecessary data, maybe you don’t like automatic communications with the outside world, maybe you don’t care about malware at all because it’s really not that big of a problem, who knows.

Again, this is not recommended to opt out of unless you know what you’re doing, but it’s nice to know you have the option to if necessary.

Apple has released a Mac OS X software update labeled “Security Update 2011-003″ for Mac OS X 10.6.7 that includes a native malware removal tool.

The focus of the update is on the MacDefender malware scam and its variants, now referred to as “OSX.MacDefender.A”. Once the update is installed your Mac will be scanned for instances of the malware, which will then be removed and prevented from running. From there after, a list of variants will be updated daily by Apple automatically, and if you encounter MacDefender or a variation of it, you will get a dialog warning you to move the afflicted file to the Trash.

Download Anti-Malware Security Update 2011-003

You have two options to get the anti-MacDefender update:

• Users can download the Security Update via Software Update from the Apple menu
• Download directly from Apple (2.36 MB DMG file)

Apple recommends all Snow Leopard users install the security update, and it does not require a restart to install unless an infection is found. An abbreviated description of the update is as follows:

Security Update 2011-003 provides additional protection by checking for the MacDefender malware and its known variants. If MacDefender malware is found, the system will quit this malware, delete any persistent files, and correct any modifications made to configuration or login files.

Even without this software update MacDefender is easy to remove and avoid completely. Furthermore, release notes in the latest Mac OS X 10.6.8 developer build indicate that the malware protection will also be baked into the upcoming 10.6.8 update.

You can read more about this update on Apple’s Support page.

If you travel with a laptop often, do yourself a favor and install Prey, it’s free theft tracking and recovery software that really works. Prey is basically a tiny daemon that runs in the background on your Mac (or Windows or Linux PC) that does nothing until it receives a signal indicating the hardware is missing or stolen via the Prey website or an SMS… then the magic happens.

Once Prey is activated, it starts gathering the following information and enables these features:

• Current hardware location via GPS or WiFi triangulation, shown on Google Maps
• Force connections to nearby WiFi to transmit data
• Pictures of the thief via the laptops built-in camera
• Network information and IP addresses
• Screen shots of the desktop and application usage, to find out what the thief is doing on your computer
• Hardware status
• Remotely lock down the hardware, requiring a password and displaying a “STOLEN” message
• Remotely clear your saved passwords
• Remotely sound an alarm (think car alarm for your laptop)

All of this data is silently gathered unbeknownst to the perpetrator, allowing you to collect information to help law enforcement (or yourself) track down your stolen goods and return them to the rightful owner.

You can download Prey for free at PreyProject.com (Mac, Windows, Linux, Android compatible)

Installation is simple and there is practically no overhead, it just runs quietly in the background waiting to be activated. In addition to being free, the app is also open source so if you can check out the source code yourself if you’re into that sort of thing.

Here’s the most important part, Prey actually works to recover stolen hardware. You may have read about this recently when a popular tech authors MacBook Pro was stolen and he successfully tracked the machine down in and recovered it using Prey.

Check out this video of Prey in action, and then go install it yourself. It’s free, it works, there’s no reason not to install this if you have a laptop you care about:

Prey is almost fully cross platform compatible and installs in Mac OS X, Windows, Linux, and Android, there’s just one noticeable exception for now, no iPhone and iPad version. I’m guessing the lack of iOS support is because iOS won’t allow the installation of background daemons without a jailbreak, but nonetheless Prey Project says they’re working on it, so cross your fingers and we’ll keep you updated if an iPhone version comes available.

Finally, if you’re an enterprise customer or you want to protect multiple machines with Prey, that’s when a fee starts kicking in, but for most users with just one computer to track, it’s free, which can’t be beat.

A new malware threat has been identified for Mac users, the app is called MACDefender and it disguises itself as antivirus software for Mac OS X. The malware attempts to install itself through hijacked websites, and the threat level is considered low, nonetheless all Mac users should be aware of the potential threat and take steps to avoid a potential problem.

2 Simple Steps to Protect Against MACDefender

There are two easy ways to avoid being affected by MACDefender:

1) If you see the above “MACDefender Setup Installer” wizard at any point while browsing the web, do NOT click to install the application

2) Disable Automatic File Opening in Safari
If you use Safari as your default web browser, be sure to disable automatic opening of safe files after downloading:

• Open the Safari menu and pull down to Preferences (or just hit Command+, to launch them)
• Look at the bottom of the General tab and uncheck the box next to “Open ‘safe’ files after downloading”

If you’re concerned that a Mac has been infected by MACDefender, here is how to check for and remove the malware:

Check for and Remove MACDefender Malware

You can check to see if you have been infected with the MACDefender malware, and remove it, by doing three things:

1. Launch the task manager tool Activity Monitor (located in /Applications/Utilities/) and click to sort processes by ‘Name’ and look for MACDefender or MacDefender.app – if this process is running, select the process and then kill it.
2. Open System Preferences, click on Accounts, and select the “Login Items” tab, now look for MACDefender or any unusual entry in the list. If something is found, select it in and press the “-” button to delete it from the login item list.
3. Open your applications folder (/Applications/) and look for MACDefender or MacDefender and delete the application

In the odd event that you have MACDefender and the above three steps did not remove the app, follow this guide to track down all login and boot scripts and applications, it may be hiding elsewhere although there are currently no reports of this.

If you’re curious, you can read more about MACDefender and how it masks itself as antivirus software at Intego’s blog, they discovered the malware and they also happen to make genuine antivirus software for Mac.