OS/X is based on BSD Unix and carries with it a long history of security. But, at heart, it’s a consumer operating system. The defaults are very trusting and open. Apple recognizes this and provides a very thorough document on securing OS/X.

Here are the basic steps to securing OS/X:

1. Set a firmware password. This is a password required to gain low-level hardware access. It’s set using the Firmware Password Utility on the Max OS/X installation disc (in /Applications/Utilities on the installation disc).

2. Turn off Auto-login. In the Accounts preference pane select the option to disable automatic logins.

3. In the Security preference pane you should require a password when waking the computer and you should require a password to access sensitive preference panes. In addition, you should activate secure virtual memory.

4. Disable the guest account or severely limit it using Parental Controls. The main reason why you would leave it enabled is if you have theft recovery software installed. Thieves will use the guest account, giving the theft recovery software time to work.

5. You should set an inactivity timeout on the screen saver and make the value relatively low. You do that in the Desktop & Screen Saver preference pane.

6. Make certain the firewall is turned on (in the Security preference pane) and is set to either ‘Allow only essential services’ or ‘Set access for specific services and applications’.

7. Ensure you always install security updates from Apple as they are released. Don’t delay.

8. Install anti-virus software. This is less for the security of OS/X then to ensure you don’t pass viruses on to other machines. ClamAV is the software bundled with OS/X server and is freely available for OS/X desktop. Install it and activate ClamAV Sentry to start on Login in the ClamAV preferences. Set the sentry to scan the downloads, desktop and public drop box directories. These are the primary locations for new files to be downloaded onto the computer.

9. Disable Java in the browser. There are very few Java applets in use and you can re-enable Java in the browser if you need it. Open Safari’s preferences and uncheck the “Enable Java” option.

These are the minimal steps to secure OS/X. Personal files are still accessible by a technically savvy thief if the laptop is stolen. This can be resolved if the user activates File Vault or installs a full-disk encryption program like PGP Whole Disk encryption.