August 18, 2008

Paranoia and OS Security

This blog entry from ZDNet bemoans the fact that Apple employees ask you for your administrator password when you bring them your Apple computer for service or assistance. I agree that this is a bad practice in that they should never ask you for your administrator password. However, I think it's perfectly reasonable, if you're asking them to troubleshoot your computer, that you give them administrator access - because if you don't, essentially you're asking them to either spend the time and resources to break into it or to skip software troubleshooting and data preservation entirely and just reformat the hard drive.

There are options, people.

One: FileVault. I know it's been put down and bitched about, but generally, it's a good option in this case. You should configure a master password (so that someone else can't set FileVault and lock you out) as well. If you've done this, the only way that someone with administrator access should be able to gain access to your data is by changing your login password, so at least you'll have warning if they try.

Two: Encrypted Disk Images. If you're really worried about this, create (using Disk Utility) an ecrypted disk image and store your private data there. Don't put the access code in your Keychain. If you do this, even if someone has administrator access to your Macintosh, they won't be able to open your encrypted image no matter whether they copy it off the computer or try locally (unless they crack your password, of course).

Essentially, while I think it's a bad policy on Apple's part to try to get their users to hand over an administrator password to their current image, let's not get overwrought - it's not a good idea to ask someone to troubleshoot your machine without giving them access as well.

If your hard drive has gone bad, or is going bad, you should be able to format it before bringing it in - if you can't, it's unlikely anyone else is going to recover data off it either. In any case, if you're bringing in the machine for a flaky drive, then you should be wanting them to nuke/replace it.


Posted by jbz at August 18, 2008 10:54 AM | TrackBack

Post a comment

Remember personal info?