Still using 10.5.8 - OK?

[Smithcraft]

Most of the built in security features can be found in (in 10.4 at least) in the Security and in the Sharing control panels. Do you have the firewall turned on? Is your computer set to not respond to random IP inquiries?

You can freely set up your router to use OpenDNS rather than the ISP DNS by following the directions at the OpenDNS website. By setting up the router, your whole network is protected. If you have a portable computer that you use on the road, then you would also want to configure that computer to use the OpenDNS servers to protect it while not on your network.

One other thing that I do is run a separate Admin account so that my regular user account is not an Admin account.

So, I contend that there are plenty of things that you can do to keep your computer secure even if it is vulnerable to the latest threat, by just following good sense and following good practices.

SC
_________________
Grumpy old man of computing.

[Desktop] G4 mini - 1.5Ghz 1GB 80GB HDD - Newer miniStack v2 500GB - 10.5.8

[Media System] Intel i5 mini - 2.33Ghz 8GB 500GB HDD - 4 x Hitachi 2TB HDD in a qBOX-SF - 10.7.5 (Thanks Phil!)

Make sure it has pins!

[strawbale]

Smithcraft, thanks a lot for your advice!

Looking at Security, Firewall tab:
4 apps are set 'block incoming connections': safari (which I don't use anymore), firefox (my default browser), dropbox and java preference; do no mentioning of chrome (that I use occasionally)
5 apps are set 'allow incoming connections': realplayer, itunes, skype, java (that's been disabled in all browsers), spotify
Should I set them, and possibly all/some other apps, at 'block incoming connections'?
PS: In 'Advanced' both Enable Firewall Logging and Enable Stealth Mode have been ticked.

Looking at Sharing:
Only File Sharing (with only access to another Mac in the house, Everyone set at 'no access') and Printer Sharing have been ticked

Where do set my computer(s) to not respond to random IP inquiries?

Re: OpenDNS
I've got a propriety router that comes with the Internet provider (contract), which is common/standard here in France, so don't know (yet) whether I can/could tinker with that. Also: we 'only' have 2 macminis connected to the router, so would settings security prefs in those 2 make OpenDNS superfluous?

What would I (you) use a separate Admin account for? Should I thereafter transfer some 'rights' to that account (and take them away from my user account)?

Apologies for all these questions; maybe I can find some answers on this forum or elsewhere on the net.

PS: like your avatar - my (home) country's best actor
_________________
Mac Mini mid-2007 2GHz 2GB 120GB

[Smithcraft]

You're welcome.

As I mentioned, I'm on 10.4 so it is most likely different in 10.5 since Apple likes to change things and put things where they don't make sense sometimes. So you'll have to look around in the control panels to see where the various security options are.

Not responding to random knocks on the door is the stealth mode.

If you are not allowed to change the settings on the router, then change them on all of the computers in the house. The security settings control what comes into the computer, where as OpenDNS protects you from exploits out in the interwebs by putting up a block, that you can bypass if you must, on bad domains/IP addresses.

The Admin account has quite a bit of control over the computer, and both Apple and MS think that the first user should be the Admin. They are right, but the first user shouldn't be a regular user like the owner of the computer. If your user account is compromised and it's Admin, you just let someone take over the computer! If your user account is compromised and it's just a user account, then only your account is compromised and the computer is safe, well safer. Also with a separate Admin account, you can have a super duper strong password, and just keep it on a post it note, but you aren't gonna want a super duper strong password on your regular account, 'cuz you aren't gonna wanna type it every time.

Glad you like Rutger!
_________________
Grumpy old man of computing.

[Desktop] G4 mini - 1.5Ghz 1GB 80GB HDD - Newer miniStack v2 500GB - 10.5.8

[Media System] Intel i5 mini - 2.33Ghz 8GB 500GB HDD - 4 x Hitachi 2TB HDD in a qBOX-SF - 10.7.5 (Thanks Phil!)

Make sure it has pins!

[strawbale]

Nogmaals bedankt (Thanks again), Rutger

I've got OpenDNS and the accompanying Dynamic IP updater installed on my macmini and will see how things are. If happy, then will put it on the (only) other macmini in the house.

Will work on setting up a separate admin account too.
_________________
Mac Mini mid-2007 2GHz 2GB 120GB

[strawbale]

Problem: its seems OpenDNS is preventing me from sending mail (but not receiving) with Mail.
Is that possible?
_________________
Mac Mini mid-2007 2GHz 2GB 120GB

[Smithcraft]

I doubt it, but anything is possible. I had no problems when I switched over, but you might wanna contact the OpenDNS people and ask them if there might be an issue.

SC
_________________
Grumpy old man of computing.

[Desktop] G4 mini - 1.5Ghz 1GB 80GB HDD - Newer miniStack v2 500GB - 10.5.8

[Media System] Intel i5 mini - 2.33Ghz 8GB 500GB HDD - 4 x Hitachi 2TB HDD in a qBOX-SF - 10.7.5 (Thanks Phil!)

Make sure it has pins!

[strawbale]

Had a look at the OpenDNS forum and it seems I'm not the only one with this problem with this ISP (and their propriety modem-router). But in terms of solutions it was more like 'find another ISP'...
Than had a look at the ISP forum and nobody has been able to solve it (for me) yet
Will see if I can get it working.

Anyway, thanks again.
I got rid off flash player, watch youtube (html5) occasionally in safari, and installed NoScript and a few other things in FF.

One other question though.
I use Preview instead of Adobe Reader for viewing pdf, but am reading that pdf's are getting more and more risky and that Adobe has to frequently patch Reader. Given that Leopard doesn't get updated anymore, Preview won't be updated either, I guess. So would it be safer (less unsafe) switching to Adobe Reader assuming that will get patches?

Strawbale
_________________
Mac Mini mid-2007 2GHz 2GB 120GB

[Smithcraft]

Computer security is like securing your residence. Like I said before a good defense is a good offense.

If you are worried about any possible issue, then you will never be safe. As crazy as it is, there are still buffer overflow errors, which has been the most popular way to attack a computer for the last few years. Why are programs still having this issue after years of notices at AV sites about it?

So, keep using Preview. Or use Adobe and it's bloatware. Or just be aware of what you are doing.

And again, I'm still using 10.4, so I've been left farther behind than you are in 10.5. Do I worry about Flash exploits? Nope. Do I worry about every attack vector? Nope. Am I aware of what I'm doing with my computer that runs 24/7? Sure am. Am I confident about the security on my computer. Sure am.

SC
_________________
Grumpy old man of computing.

[Desktop] G4 mini - 1.5Ghz 1GB 80GB HDD - Newer miniStack v2 500GB - 10.5.8

[Media System] Intel i5 mini - 2.33Ghz 8GB 500GB HDD - 4 x Hitachi 2TB HDD in a qBOX-SF - 10.7.5 (Thanks Phil!)

Make sure it has pins!