© 2005 Lawrence I. Charters
Washington Apple Pi Journal, Vol. 27, no. 3, May-June 2005, pp. 13-18.
Note:
Physical security
Mental security
Spiritual security
Prelude to a storm
Over the past several years the issue of computer security has left the cloistered realm of computer science and computer user group publications and entered the mainstream, with front-page stories in newspapers large and small, lengthy reports on the evening TV news, and full-page ads (from Microsoft) in newspapers and magazines. Even USA Today, infamous for avoiding big words and news stories longer than a sound bite, devoted two massive two-page, illustrated, well-written spreads to computer security last year.
Virtually all of these stories, with good reason, focus on the various flavors of Microsoft Windows. Individually and collectively, the jumbled versions of Microsoft Windows are by far the least secure operating systems you can use. In several tests with “honeypots” (the term was picked from “Winnie the Pooh” stories, where Pooh can resist anything but a pot of honey), default installs – no customization at all — of Windows 2000, Windows XP, Red Hat Linux, Solaris, and Mac OS X were made on stock computers and then the computers were placed, unprotected, on the Internet. Hackers (usually automated hacking programs) took over the Windows computers within minutes; the fastest documented compromise was 18 seconds. None of the Macs, by the way, were compromised at all.
All this attention and publicity, while warranted in the Windows world, has distorted the issue in the minds of Mac users. So consider computer security in three different realms:
- Physical: physical security is protecting the physical and electronic components of your computer, including physical access to your machine.
- Mental: mental security can be summed up as “don’t do dumb things.”
- Spiritual: most computer users have no idea what happens once they connect a computer to a network, including a simple network of one computer to one printer. Spiritual security is protecting your computer from those unseen, unsuspected demons and things that seem to come into your machine from nowhere at all.
In the Windows world, the threats to a computer are, in order of most likely to least likely:
- Spiritual: it is almost impossible to run a Windows computer and avoid having unseen demons creep into it.
- Mental: with Windows computers, mental errors are far more common and more likely.
- Physical: Windows computers are just as vulnerable to physical security issues as Macs.
In the Mac world, the threats are essentially reversed:
- Physical: Macs are just as vulnerable to physical threats as Windows computers, and most problems with Macs come from poor physical security.
- Mental:
while the Mac interface has been derided by (non-Mac-using) critics as “coddling,” such pampering does help keep the user from making poor choices. But mental errors are still the second most likely way for Macs to come to grief. - Spiritual: without doubt, Macs are far, far better protected from alien possession and demons than Windows computers. But they aren’t invulnerable.
Since physical security is the most pressing problem in the Mac world, and since few of the flood of articles and newscasts mention it, we’ll begin there.
Part I: Let’s Get Physical
There are an endless number of ways to physically kill or damage a Mac, or the information stored on the Mac. Some of them are obvious, but just because they are obvious doesn’t mean people don’t routinely ignore the obvious.
Solid foundations: furniture
For many people, a Mac is their first computer. And, much like first parents, the owners find themselves ill-prepared. Instead of lacking cribs and car carriers, first-time computer owners lack proper computer
- Dining room tables: most people use computers as magic typewriters, writing letters, books, E-mail messages, iChat messages, etc. To type comfortably, you should use a table that is the height of a typing table, which has a surface roughly 26 to 27 inches off the ground. By comparison, the surface of a dining room table is roughly 30 inches or more off the ground. The added height makes your arms tire faster. Office desks are also higher than a typing table. While you may not like the bother of getting special furniture, getting a computer desk with a typing-table height keyboard tray or surface is a very good idea.
- Card tables, TV trays: these are also popular and inappropriate places for a computer. Card tables and TV trays are designed to be inexpensive and portable, not stable. Every day, dozens of computers plunge to their deaths from such unsteady platforms.
- Chairs: if at all possible, get an adjustable chair to use with your computer. While some chairs allow you to adjust everything except the force of gravity, the three most important adjustments are chair height, back tilt, and seat tilt. Never, ever put a computer on a chair, even for a moment; people sit on chairs, and someone will sit on the computer.
- Floors: don’t put a computer on the floor. Floors are for walking. A laptop on a floor is an invitation for it to be stepped on. Even tower computers should not be placed directly on the floor. Raise them up at least two inches to improve circulation and reduce the amount of dust sucked into the machines. You can get special skateboards for tower computers to raise them up, complete with wheels, or place them on low, solidly-made carts or tables.
- Food, drink: food and drink should be placed on an entirely separate surface from that holding the computer. If either are spilled (and of course they will be spilled), neither should spill onto the computer, monitor, keyboard, etc.
- Size, sturdiness: furniture should be sized so that it adequately holds the equipment. A monitor perched precariously on a desk or table will, eventually, get bumped off. Keyboards and mice perched on the edge will fall to their doom. If you have pets (cats, dogs) or children (anyone under about 80), or live in an earthquake zone, keep in mind that equipment can be moved unexpectedly, even if you didn’t plan on it moving at all.
Cables, cords and bricks
When you buy a computer, you get cables and cords. As you add additional capabilities and peripherals, you add more cables and cords, plus the ubiquitous power bricks that go with them. Not only do these cables, cords, and bricks bring things together and power them, they are also among the top killers of computers. Keep in mind this simple rule:
Never, ever move or store a computer or peripheral with attached cables and cords. Unplug everything, from everything. Every time.
Inside your computer (or peripheral), the cables attach to a fiberglass motherboard. While fiberglass is reasonably strong, it is still fiberglass. When you try to move a computer with a cord or cable attached, you run a great risk of putting a strain on the connection, and that strain could damage the motherboard. “Damage” in this case means “break,” which means “buy a new computer or peripheral.”
The most common explanation for moving or storing something with the cords and cables attached is laziness: the individual didn’t want to take the time to unplug everything. Obviously, this is a poor excuse for killing your computer. The second most common excuse is one of confusion: the individual is afraid they will never figure out where the cables and cords need to be plugged in.
To address the second problem, Apple carefully labels all
However, returning to the laziness theme, many people simply cannot see the symbols, either because they are printed very small, or are not printed so much as molded into the plastic, or most commonly because they aren’t wearing required glasses when plugging things in. The solution: go to Staples or Office Depot or your favorite office supply company and get a labeler, and make your own labels in lettering large enough for you to easily see.
Labels are also critical for power bricks. These ugly things tend to look pretty much the same, but plugging a 3.3 amp power brick into a device that needs 7 amps will probably damage the device. Plugging a 7 amp power brick into something that requires 1.5 amps may actually start a fire. So: label your power bricks, and eliminate the ambiguity.
The final problem with cables and cords: they get in the way, and people tend to string them in awkward ways. Running a network cable across an aisle is a great way to damage two or more computers. Running cables under tables or chairs in such a way that they can be snagged by legs, feet, vacuum cleaners, pets or children can also be quite expensive, and not just to those people and pets that are snagged.
The body electric
Perhaps the most obvious need for a healthy computer is a steady supply of electricity. But “steady” means more than “it works most of the time.” “Steady” should also mean it is at the proper voltage.
- Make sure your wall sockets are properly grounded. Some power strips and UPS units check for grounding. You can also buy a device that checks
grounding at a Radio Shack store. - Make sure the power is steady. Again, you can buy a device that checks this at Radio Shack. If you buy a multimeter, you can check both grounding and voltage with one device.
- Make sure no high-draw equipment is on the same circuit as your computer. Heaters, air conditioners, vacuum cleaners, arc welders, soldering irons, hairdryers, microwave ovens,
and other high-draw appliances and tools should never be on the same circuit as your computer equipment. - Do not overload the circuit.
- At the very least, plug your computer and peripherals into a good (name brand, over $25) surge suppressor.
Since the East Coast is prone to frequent thunderstorms, most users should forgo a surge suppressor in favor of a UPS (uninterruptible power supply). When using a UPS, your computer actually runs off a battery in the UPS unit, and current from the wall socket constantly charges the battery – until there is a power failure. At that point, your computer runs off the battery, giving you a chance to properly close up files and shut things down. A close lightning strike might fry the UPS unit, but your Mac should emerge unscathed. Some things to consider:
- The UPS should be larger than you think you need. Most of the manufacturers have on-line configuration charts to figure out the model you need. Make sure you get nothing less.
- Repeating the first point, just because Macs are famous for using less power than Windows equivalents, that doesn’t mean you should skimp on the UPS. If you fail to get one with enough power, your computer may not even boot.
- Buy a UPS that will not only power the computer, but also your monitor and any critical peripherals you might have. For example, if you have a flat-panel monitor, an iMac G5, an external FireWire hard drive, an iSight, and a hardware firewall, you want a UPS at least twice the size needed to power the iMac G5 alone. And remember: you may add something else in the future.
- If you are running Mac OS X 10.3 or greater, definitely look into getting a UPS with a USB port. Mac OS X 10.3 (and presumably Mac OS X 10.4) has built-in software (configured via the Energy Saver preference pane) that allows the Mac to monitor the UPS via a USB cable and check on its status, as well as shut down both the Mac and the UPS, unattended, if power is lost.
Once upon a time, UPS units cost thousands of dollars and used auto and truck batteries that gave off an unpleasant, sulfuric smell. Those days are long over. You can now get a low-end UPS for under $100, and the sealed lead acid batteries give off no odor at all.
Finally: be careful when you turn your computer off. If you want to reboot your computer, use the Reboot menu function; do not simply kill the power. If you do power your machine (or any other peripheral) down, leave it turned off for at least a minute or three before turning it back on. The switching power supplies used in computer equipment should be allowed to “drain” before being turned back on; if you turn them off and on too quickly, you could destroy them. In fact, blown power supplies are one of the most common problems with Windows computers, and almost all the failures are caused by not waiting a minute or three before turning the power back on.
Cleanliness is next to data longevity
Over the years, Washington Apple Pi has seen an amazing variety of “things” that have found their way inside people’s computers. Here is a short list (and none of these are good for a computer):
- Dust. In fact, dust so thick that, when the cover of the computer is removed, the computer retains its shape: it is a solid mass. Dust, in addition to being dirty, is an insulator and prevents the computer components from properly cooling.
- Insects. Not just one or two strays, but vast colonies of cockroaches, flies, bees, moths, etc. Needless to say, computers act a bit buggy, too, when you add real bugs.
- Feathers. And in one case, a small bird, badly desiccated.
- Rust. Computers, generally speaking, are not prone to rust. But if you take your computer to the seashore, and leave the window open for cooling, there is an excellent chance salt-saturated water vapor will enter the computer. This is bad.
- Small animals. Including mice, voles, gerbils, chameleons, and snakes. One snake was still alive.
- Food. Not only will you find food all over keyboard and mice (you don’t want to even touch some keyboards without gloves), but you’ll also find coffee and other drink stains on top of computers, not to mention smears of catsup, mustard, and other things not so easily identifiable. Inside – you really do not want to know what these machines looked like inside.
- Don’t store your data – tapes, diskettes, CD-ROMs, installation masters – near electrical devices or sunlight, and keep them as dust-free as possible.
As mentioned earlier, you want to keep all food and drink on a surface separate from the computer, and positioned so that any spills will not fall on the computer. Get a can or two of compressed air at a photography store (make sure it is nonflammable) and periodically use the compressed air to blow out the keyboard. Periodically, and only after shutting everything down, open up your computer and blow out the dust from inside. Your computer will be happier, and a happy computer helps make for a happy user.
And a special note on makeup: fingernail polish remover (and several other makeup aids) will damage or destroy computer keyboards, mice, cases, and in particular LCD panels.
Wear a seat belt
When the first personal computers came out, they were too complex and bulky to transport. Today, not only are laptops quite transportable, but even desktop machines are fairly easy to lug around. And moving computers is a great way to break them.
- If you travel by car, keep the computer snuggly housed in a computer case or the original shipping container.
- If possible, buckle up. A seat belt around a computer may sound funny, but broken computer pieces strewn throughout your car will not be funny in the least.
- For laptops, get a good computer case. Most people believe “good” means “thin and lightweight,” but thin and lightweight means “broken.” If you have a laptop, you will bump it into a
doorjam , drop it, or have someone drop it for you. So get a computer case with high-density foam padding covering all outside walls of the case. - Remember that cords are hazards. If someone trips over your
powercord while you are using your laptop at the airport, your joy at finding an empty wall socket will quickly evaporate.
Operating a computer outside a home or office offers additional hazards not found indoors. For example, wind: a gust hitting a laptop screen can easily blow it off a picnic table. And water: when the park department turns on the sprinklers, they are probably unaware your laptop is resting on the grass they want to water. And motion: if you go on a cruise and take a laptop, remember that ships pitch, and roll, and vibrate. So do airplanes.
Let there be proper light
Since a computer comes with a big light – the monitor – many people tend to ignore the subject of proper lighting. There are three major considerations:
- Proper lighting of the work area: while some people have bat-like tendencies and can both see in the dark and navigate by sonar, most are not so gifted. If the difference between looking at the lighted monitor and your unlighted notes, books, magazines, and other work causes strain, adjust the lighting. Position
monitors so there is no glare from sunlight or indoor lighting. - Sunlight: most people enjoy working in sunlight. But a bright, sunshiny day will wash out a PowerBook screen to the point of uselessness. If you work indoors and have a monitor in front of a window, the contrast between a brightly lighted sky and your monitor will also cause grief.
- Ionization: for those who insist on operating their computer outside, or next to a big, bright window, keep in mind that the largest source of ionizing radiation within a hundred million miles – the sun – not only provides light, but is also perfectly capable of erasing CD-ROMs, DVDs, floppy disks, tapes, and other magnetic media. Store your magnetic media in light-proof boxes, away from windows and sunlight. That transparent plastic box of backup CD-ROMs won’t do you much good if the CD-ROMs are unreadable.
Locks and doors and Web pages
In computer security courses there is a constant emphasis on “locking up your servers in a controlled [meaning locked] space.” This same theme applies to the home or office. Protecting your computer from various environmental harms will do you little good if some thief finds it easy to simply enter and walk off with it.
Most people don’t want to bother with adding security cables and locks to their home computers. But if you live in a dorm, or share an apartment, you don’t have complete control over access to your living quarters, so a security cable and lock might be a good idea.
Less obvious, but just as dangerous: windows. The vast majority of computer thefts from homes or offices involve computers that can be seen through windows, including windows in doors. It takes just seconds to break a window and carry off a computer. One apartment in Northern Virginia recently suffered a rash of computer thefts but from only one side of the building. It turns out the thief lived in an adjacent building, and used binoculars to look into the apartments across the street and do a little window shopping before visiting when people weren’t around.
Personal Web pages can also be a threat. If you are proud of your computer system and plaster photos of your multiple monitors, multiple CPUs, high-end sound system, scanners, etc., all over your Web site, you are essentially telling the world that “I have all this stuff.” Having done so, it is fairly easy to find your street address on the Internet, and soon a thief might have your stuff.
They’re out there
It doesn’t take any great effort to improve the physical security of your computer. Proper furniture, proper lighting, and cleanliness will make you just as happy as the computer. Protecting the equipment from electrical dips, surges, and outages is also easy to do, and inexpensive. Remember: physical security lapses are the most common threats to Macs. Apply some common sense and appropriate paranoia, and you should do fine.
Next up: mental and spiritual threats to your Mac.