'Steam' - Enabling 'Access for assistive devices'

That setting is a normal part of the Mac OS, and does not pose a security risk. Just because a search with those same terms also pulled up a keylogger page does not mean there's any relation between the two.

As to Steam, it's a perfectly safe app for buying and playing games. If you don't actually want that, then you can certainly delete it.

Turning on access for assistive devices enables Apple's built-in Mac OS X accessibility features, which are available in all standard Mac OS X applications once you turn on this setting. "Assistive software" for persons with disabilities takes advantage of these accessibility features. So, if you have difficulties with vision, you turn it on so you can use VoiceOver. If you have motor control difficulties, you turn it on so you can use pointing devices and associated software to take the place of the mouse and the keyboard. And you leave it turned on, of course.

In addition, many applications that are not targeted at persons with disabilities use the accessibility features to control other applications in useful ways. For example, Apple's own "GUI Scripting" AppleScript technology lets you write scripts that control other applications' menus, buttons, and so on, even if they are not scriptable in the normal AppleScript fashion. There are many third-party application examples. All of them require you to leave access for assistive devices turned on.

I've had it turned on on all of my computers for about 10 years now (Accessibility was introduced in Jaguar).

Apple has always left the default setting at "disabled" because there is a theoretical risk. If somebody sneaks an application onto your computer that uses the accessibility features, it can control other applications on your computer without your knowledge. So, if you don't need it, it makes sense to leave it turned off. But if you pay attention to what you install on your computer, I believe the risk is quite small. In the end, you have to make a decision like that for yourself.

bpbpbp wrote:

His reply surprised me - "it has taught me to never store my personal information on any computer".

Revealing - and helping me to become even more concerned.

Plays well on TV, but really you can reduce that expression to what they taught spies in the OSS back in the 1940s:

"Never keep a record of any information"

Computers, per se, haven't got anything to do with. It follows logically that any storage device from paper to disk drive to your brain must be accessible in order to function as a storage device, just as a safe must have a door and a lock. For that reason, all such devices are inherently breachable by some means or other (easiest way to get into information in your brain is for someone to threaten you or someone you value more highly than the information you are keeping).

The trick is not to stop storing information, on computers or elsewhere, but to learn about the vulnerabilities, know the risks of what you do, and take steps to minimize them.

You seem pretty rational and intelligent to me and computers aren't really that difficult to master once you get through the hype. Indeed, they are in one sense very simplistic in their logic, it's just that there's a lot layers upon layers that make undersanding them not a little like peeling an onion. You have to go down one layer at a time.

Back to practical rather than philosophical matters, the steps you need to take against protecting yourself and your data online are fairly straightforward on a Mac - assuming, that is, that you're not being targeted by the CIA (in which case your computer is probably the least of your worries...).

1. Don't run your Mac from your Admin account. Set up a Standard user account for general stuff, especially browsing the internet.

2. Make sure you've turned on Firewall here:

 > System Preferences > Security > Firewall

3. Don't use simple passwords for any online accounts, gmail, hotmail etc. Best advice with passwords is use a password manager like 1Password to generate and save unmemorable 16 character (or more) passwords for you. Use an acronym of some phrase or book title that's meaningful to you combined with some symbols or numbers (not a year, as there's only 2012 of these for a brute force algorithm to run through) for your master password to 1Password.

4. Make sure that in Safari > View menu you have

Show Status Bar

turned on, and always inspect a link's address in the status bar before clicking on it (EDIT: YOU do this by letting the cursor arrow hover over the link without clicking. The link's real address will be shown in the Status bar at the bottom of Safari's window). This will give you some idea of whether the address shown on the link is really the address that it is going to.

5. Use something like SafariAdblocker to reduce your exposure to irritating (but sometimes persuasive) ads that link to dodgy websites.

6. Never ever download MacKeeper or other so-called 'performance' or 'utility' software for your mac. They are all scamming you in one way or another.

7. Whenever you're unsure of what you're doing, don't do it. Post in these forums for advice first.

8. Maybe a personal one this, but avoid all online banking services. Too much to risk for too little benefit of 'convenience'.

9. Never download anything without first doing a google search with 'review ' first. That includes App store stuff. Read and research what you let into your computer environment.

10. Don't let your nephews pwn your computer 😉

Hope some of this helps (and I was only half-joking with the last one 🙂 ), and don't worry so much. 🙂

A couple of basic ones I forgot:

11. Turn off java. In Firefox, you do this by going to the Tools menu in the menu bar, then

Add Ons > Plugins > Java Plug in for Mac

and hit the 'disable' button.

12. Restrict Cookies.

Best security is to forbid cookies, but that will also make your web browsing laborious. A good compromise it to block 3rd party cookies. More information here:

http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies

Back to the previous list:

1. Yes, I agree, but it's useful for web browsing if nothing else. If you enable fast-user switching here:

 > System Preferences > Users & Groups

Down at the bottom of the pane you'll see something called 'Login Options'. Click on it (you may need to unlock the padlock below it first, if it's not unlocked already), and enable 'Fast User switching'.

then you'll be able to switch between user and admin accounts quite easily by clicking the user name up in the top right of your screen.

2. 🙂

3. Click on the blue text that says '1Password' in my previous post. It'll take you to their site where you can read about it. It's paid software I'm afraid. I don't have any connection with them, I only recommend it because its the only one I've ever used. I beleive Ffx has a pwd manager to, but it's not quite as sophisticated. If it meets your needs though, fair enough.

4. Yes, Ffx has this feature, though I've been unable to find out where it's turned on. Hopefully someone else will be able to chime in for that one!

5. 🙂

6. The FreeMemory app is fine.

7. 🙂

8. 🙂

9. Yes, I just meant use the term 'review' in a search.

10. 😁

Yes, if you find you need it for some specific site, you can just enable it in the same place, then switch it off again after you're done with that site.

bpbpbp wrote:

This sort of information should be in a short Mac101 training video or something.

Not strictly about security, but a lot of people aren't aware that Apple provide a free 'Mac 101' manual here:

http://www.apple.com/support/mac101/

I agree on all the things softwater says and this information is really helpful for newbies as bpbpbp puts it, and should be taught in IT classes in elementary schools. =))

For (1), just to support the advice for the newbies visiting;

I've always been kind of a semi-power user on both Windows and Mac for almost 10 years; and never had any serious trouble or lost time while using via a standard user*. In fact, I almost never had virus or trojan troubles, or threats, possibly thanks to that. If it asks for my password for the admin account for something, now and then, I review it, if OK, put in the pass; if hesitate, I do the quick research. =)) That is probably the best advice one should give to a new computer user.

And it's pretty easy to use the computer that way, don't think it's inconvenient.

Cheers!

*The only time I have trouble is with Skype, I can't update it, and till this day I still can't sort it out; I always have to delete and install the app back again onto my mac OS. =D

I just upgraded to Mavericks and loaded up Steam (couldn't play Borderlands 2 co-op when I first loaded it in Lion last year). Now, the prompt asks to enable Universal Access, but the Pref Panel is labeled Accessibility and I don't see any check boxes to enable it.

So, how do I enable Universal Access now?