6 Replies Latest reply: Dec 8, 2008 8:29 AM by AndyO
Artsy Sue Level 1 (75 points)
My husband is about to load Leopard onto his Mac Mini / Intel.
He would like to partition it so one partition can "surf the net",
and one partition will have our finances/personal data/private
sorta stuff on it.

Are we right to assume that while on the Internet, no one can
"see" the other "private" partition? [We use Airport Extreme.]

Thanks in advance!

iMac Leopard, Mac OS X (10.5.5), AirPort Extreme
  • AndyO Level 6 (17,050 points)
    Are we right to assume that while on the Internet, no one can "see" the other "private" partition?

    Strictly speaking, no that's not right.

    A partition is just a division of the hard drive, and to the system, it will appear as a separate hard drive, so you'll see your primary (boot) partition at the top-right of the desktop, and the secondary (private) one below it. There's nothing to prevent anyone who can access your computer from seeing the contents of the secondary partition. For you, the user, to see the contents, it's permissions would have to be set for you to do so, and if you are also logged into the system as the user, that means anyone gaining access to the system can see what you see. As such, there's not much difference in creating a second partition as simply creating a new folder in the primary partition.

    The question therefore is whether, when you are surfing the net, that means you are vulnerable to anyone 'out there' being able to access your system. The answer is that in MacOS, no, you are not. Or at least not in any sense to the same degree as if you were using Windows, because MacOS is inherently more secure than that.

    To my mind, the question to ask here is in what way are you concerned that anyone could gain access to your hard drive when browsing?
  • Artsy Sue Level 1 (75 points)
    Thank you, AndyO. We thought that would be the case.

    We've always felt our Mac's were safe in a way that Windows
    was not, but we've kept our business/finances/correspondence
    stuff on a non-surfing computer over the years, so now when
    we're considering surfing with that computer, we just wondered...

    [and by "surfing" I mean actually connected to the Internet vs. not
    being connected in any way]]
  • Artsy Sue Level 1 (75 points)
    I had another thought! Per your question...

    To my mind, the question to ask here is in what way are you concerned that anyone could gain access to your hard drive when browsing?

    Because we have our financial info on the hard drive. Why should we expose that to hackers? [There may not be scores of them out there attacking Macs -- yet. But still, that's the concern.] I guess that's where we're coming from. Maybe the answer is to buy a laptop for finances, and surf with something else. (??)
  • Rockdoctor Level 1 (40 points)
    Why not put all your finance stuff on an external hard drive (these can be obtained very cheaply, depending on size). Then you can simply switch off or unplug the drive whenever you are surfing - there's no virus capable of jumping an air gap!

    Personally I think you shouldn't worry. I've been surfing for years, and all my finances are online. The only scams I've fallen victim to all turned out to be out in the real world - my wife's card was cloned in a hairdresser's and used for multiple cashbacks in supermarkets across south london. We got our money back from the bank.

    Online I've never had a problem.
  • Artsy Sue Level 1 (75 points)
    Oy! Why didn't I think of that! Thanks!

    An external hard drive..... Yeah!
  • AndyO Level 6 (17,050 points)
    I would certainly not be an advocate of ignoring the risk - quite the opposite - but I think it is useful to ensure the issue is viewed with some perspective, and an acknowledgement that even though the weakest link in the security of almost any system is the actual user, much can be done to secure systems from hacking (meaning unauthorized access as opposed to mistakenly downloading malware) that can reduce the risk of data loss to as close to zero as possible.

    Part of the problem here is that even with an external hard drive, if that drive is running when you are 'hacked' your data is just as vulnerable as ever. As such, while it's certainly more secure to use an external, it is only so if it is off. A more thorough solution is to follow a few basic principles to secure the system against prying eyes in the first instance.

    First is the realization that due to the architecture involved, MacOS (and particularly, the latest versions of it) is considerably more resilient to hacking than Windows. A hacker cannot simply take control of the OS and gain access to the system as a whole.

    Even so, it is better to prevent a hacker from even finding your system in order to attempt access to it, and the first and most significant step is to add a hardware firewall with network address translation (NAT). While that sounds quite complex, it's actually a feature of almost every router, even those intended for domestic use. That way, the ISP's public IP is not assigned to the system but to the router, and private IPs are used 'inside' the network. Hackers might be able to discover the router, but finding systems behind it is then much harder. To obstruct those who manage to find your system even so, switching on the in-built software firewall in MacOS also helps (in Leopard is in the Firewall tab of the Security preference pane), and setting restrictions on which applications can then access the internet, along with restricting incoming connections adds limitations on what they can manage to do - at least without giving some indication to the user. On top of that, a good third-party firewall such as Little Snitch can add a degree of additional security, while still being very easy to set up and use.

    Setting Safari not to automatically open safe files on downloading (in the general tab of Safari's preferences) will help avoid malware from gaining unobstructed access to the system, and using the freeware ClamXav set to monitor email, document and download folders, along with any others that are sensitive to the individual will help protect against the potential for future malware.

    It's also possible to do things with folders and user accounts that help hide data. http://www.tuaw.com/2007/09/17/secure-your-mac-crouching-user-hidden-folder/ for example gives a couple of good starting points that would help keep data away from prying eyes.