Joined the Dark Side: Any Pointers?

[DenCo]

Preface: My Dell Studio XPS 16 became deathly ill sometime in early January. Symptoms being random hardware lockups, occurring at an increased frequency until it became unusable. Diagnosis was a bad HDD, which was replaced... only to have the exact same problem present itself a mere two months later! Diagnosis this time? Bad drive controller. So my options were presented as: get new laptop; replace motherboard at a cost of $500, and cross fingers; replace HDD every 6 months and deal with the occasional, random lockup.

I chose option one... Ding Dong, the Dell is DEAD.

After much deliberation, and after a lifetime of using mostly Windows machines, I decided to go with a Macbook Pro.

This is where you come in! I would be ever so freakin' grateful to anyone who can point me in the right direction so I can educate myself on the use of this new tool/toy of mine!

Also, I hope this thing actually lasts more than two years, as opposed to the StudioXPS 16 and Pavilion dv6729 that preceded it.

[BRealistic]

Weird you decide to go Mac when Mac is now Intel.

I hope it serves you well.

[O_G]

I would be ever so freakin' grateful to anyone who can point me in the right direction so I can educate myself on the use of this new tool/toy of mine!

1. If you don't have a specific need for Java, don't install it. Known Mac malware uses Java pretty much all the time. Apple stopped including Java with Lion, but it can be installed. I wouldn't, unless you really need it for something. Anti-virus companies routinely try to scare people with articles about how OS X is so terribly vulnerable to a deluge of malware, but these articles usually cite two or three Java malware bits that users have to authorize.

2. macupdate.com is very useful. Check out the most popular downloads to get an idea of what software people are finding compelling on the platform. Most software is cross-platform now, but there are exceptions. You may also find macintouch.com useful for support questions.

3. Be careful if you shop for games, because some of them have not been ported to Intel and will not run in Lion. Some of the older ones, like SimCity 4 Rush Hour, were never updated beyond a beta port to Intel and will not run reliably in Lion because their PPC code is the only code that's stable. If you want to play that game you have to roll back your OS to Snow Leopard (assuming your machine will run it) or set up Windows in a bootcamp partition. OS X 10.6.x and earlier will run PPC code, while Lion will only run Intel code. In OS X 10.6.x (Snow Leopard) you have to install Rosetta to run PPC code, but that's not difficult to do.

4. If you install a 3rd-party SSD you will want to enable TRIM by finding the 3rd-party Lion TRIM hack via Google, particularly for certain drives that don't have garbage collection that substitutes for it. Despite many many posts saying garbage collection in Sandforce drives makes TRIM unnecessary in OS X, I've seen one site's tests that found that the current generation of Sandforce drives needs TRIM to maintain good performance. You will need to update the firmware for certain SSDs by connecting them to a Windows box, and Bootcamp will not work. This was true in the past for OCZ drives like the Vertex 2. I updated mine when I got it in my home-built Windows box and then installed it into my Macbook Pro and enabled TRIM. However, I think OCZ may have finally released a Mac-compatible firmware updater. Other companies may not have OS X firmware updaters for their SSDs. The SSDs Apple sells don't need the TRIM hack.

5. Go through the System Preferences thoroughly. You'll see that there are a lot of settings that can be changed and a lot of functionality available. Also, check out the Utilities folder in Applications for useful things like Grab. TextEdit will open Word documents and is useful as a lightweight word processor. You can create a PDF of pretty much any document by going to the Print menu command and choosing preview -- then saving the PDF that OS X generates.

6. Virtual Box lets you run Windows in emulation, but it's slow when compared to Bootcamp. The nice thing is that you don't have to reboot the computer to use Windows. But, it's too slow for 3D gaming and such.

7. Making the user library folder visible is helpful for certain esoteric tasks. Apple chose to hide it in Lion, but you can get to it by using the Tinkertool software (free download) to make hidden files/folders visible and then making an alias of the folder. Once you make the alias, go back to Tinkertool and re-hide the normally hidden files/folders to reduce clutter.

8. Wear an anti-static wrist strap if upgrading stuff inside the machine.

9. Find Any File is a useful shareware app. Disk Utility is a helpful program for dealing with hard disks, such as erasing them. Toast is useful software if you deal with a lot of optical disk burning. XLD is useful software for batch processing audio. The built-in dictionary is handy. The calculator has built-in conversions for a lot of things, like currencies and units.

10. You can see file extensions for files by going to Finder -- Finder Preferences -- Advanced. To change file permissions, right-click on a file and choose Get Info.

11. Column view is very useful for navigating directories. List view is good for text documents often. Icon view is the most useless.

[Jader Pack]

My first suggestion would be to make a separate admin account, and demote your current account to mere "standard" status. A new computer is a good opportunity to start practicing this very good security habit.

My second suggestion would be never to install the Adobe Flash plugin. Pretty much every attack vector on the Mac is either through Flash or Java. If you need Flash for certain sites, I suggest installing Chrome (either as your main browser or as a backup for viewing sites that need Flash). It has Flash built-in but always up-to-date and well-contained within the browser.

Coming from Windows, you may find "RightZoom" (click to download latest version) to be useful. It makes the green button maximize windows to take up the whole screen. Otherwise, there's no telling what it'll do.

You'll also want "Perian" to play basically any kind of video using the native Quicktime app. Alternatively (or complementarily) "VLC" opens god damn everything.

Not installing Java is a good security tip (mentioned above), but one argument in favour of installing it is "GlimmerBlocker". It's an ad-blocker that basically sets up a software proxy to filter out ads. The upshot of doing it this way is that it works with every version of every browser, so you don't have to update it with your browser like other adblockers.

µTorrent and Transmission are the bit torrent apps of choice. I use the former but the latter is great too.

I suggest buying "Totalfinder" (not a download link). It adds tabs, as well as cut & paste, to the Finder. Well worth it in my opinion.

"DropBox" (referral link) is great on Windows, but it's also great on the Mac. If you don't have it, you should get it. It watches a folder on your computer, uploads everything in it automatically, and downloads it to any other computer. Even if you have only one computer, it's fantastic as an up-to-the-second backup solution to complement Time Machine (which only backs up every hour and only if you're connected to your backup disk).

There's an app on the Mac App Store called "Unarchiver" that is free and does a great job of decompressing basically every kind of file out there. Your computer can do .zips and a few others by itself but this one is good for .rar and a bunch of others that the default install has no app for.

7. Making the user library folder visible is helpful for certain esoteric tasks. Apple chose to hide it in Lion, but you can get to it by using the Tinkertool software (free download) to make hidden files/folders visible and then making an alias of the folder. Once you make the alias, go back to Tinkertool and re-hide the normally hidden files/folders to reduce clutter.

You can still get to the ~/Library folder by holding "option" while clicking on the "go" menu in the Finder. Better than hiding and un-hiding it.

10. You can see file extensions for files by going to Finder -- Finder Preferences -- Advanced. To change file permissions, right-click on a file and choose Get Info.

Number one on your list should have been "don't f*** with permissions, it always ends in tears."

[Jader Pack]

Another few suggestions:

There are some very effective ways to fully lock down a Mac from a security perspective. I think a lot of them are just plain common sense.

First, every Mac with Lion has a recovery partition. This is nice for fixing disk problems, but even if you have a password on your account anyone with access to your computer could quickly boot up in recovery mode (hold down command-R at startup) and either erase your whole computer or make a full copy of your hard drive to another disk.

A very simple measure to prevent this is to boot into recovery mode yourself, then go to the Utilities menu and choose the Firmware Password utility. Use that to set a firmware password. Now, whenever anyone tries to boot your computer using any startup disk other than your main volume, it will require a password.

Of course, anyone with physical access to your computer could also gain access to all your files by taking the hard drive out and plugging it in elsewhere. That's why I recommend turning on FileVault 2 in the Security & Privacy section of the System Preferences app. This encrypts your whole disk with AES-128 (unbreakable for the foreseeable future) so that there's no way to get at your files without your password. If you're worried about law enforcement or US customs decrypting your s***, don't give Apple the recovery key when it asks. [/paranoia]

These settings, combined with an immediate or 5 second delay before it asks for your password after sleep (also in the Security & Privacy section of System Preferences) make your computer unassailable. Don't forget to encrypt your Time Machine backups too, or it's all for naught. Use a different password for the backup for maximum security.

There are also great ways to transfer or save files securely. For other Mac users, putting files in an AES-256 encrypted disk image is bulletproof. TrueCrypt has a Mac app as well as versions for many other OSs. The Mac Mail app has very good S/MIME support for secure emails, as well.

Lock that s*** down. Far too many people are too relaxed about computer security.

[DenCo]

Thanks for the replies guys :thumb up:

The last two days have been insane work/schedule wise, so I haven't had a chance to do much. I'll read through this in detail and probably do much of this in the next couple of days. Still getting things set up right now... and trying to recover the Dell, which freezes without fail within 5 min of boot at the moment.

Getting used to the new OS much easier than I thought I would... granted I had worked on older Mac Minis on campus as a student, so it's not like OS X or the Mac are completely foreign to me. Speaking of which, I see a Mac Mini replacing the ancient relic of a Gateway desktop in the not too distant future, for the sake of simplicity...

[O_G]

My first suggestion would be to make a separate admin account, and demote your current account to mere "standard" status. A new computer is a good opportunity to start practicing this very good security habit.

Not necessary. The root account is the real concern.

Not installing Java is a good security tip (mentioned above), but one argument in favour of installing it is "GlimmerBlocker". It's an ad-blocker that basically sets up a software proxy to filter out ads. The upshot of doing it this way is that it works with every version of every browser, so you don't have to update it with your browser like other adblockers.

Not worth the additional risk of having Java. Safari and Firefox, at the very least, support Ad Block and Flashblock (Click2Flash for Safari). Not installing Flash is overkill. Just use Flashblock to stop unwanted Flash from opening in your browser and stick to reputable sites for Flash. It can also be used in conjunction with Ad Block and BetterPrivacy (Firefox)/Safari Cookies (Safari) to stop tracking junk from building up. You can set up some browser add-ons that block automatic loading of Flash to favor loading videos with HTML 5 over the Flash format if you want to further avoid loading Flash content.

Things have gotten a bit muddier lately because the latest version of Safari doesn't work with the old-style Webkit add-ons, but I doubt it will be too difficult to find equal alternatives that use the new extension format. I don't use Safari much anyway. I think Firefox has gotten to the point where it's a very nice browser. It also does a better job playing some streaming video, even with Perian installed.

There's an app on the Mac App Store called "Unarchiver" that is free and does a great job of decompressing basically every kind of file out there. Your computer can do .zips and a few others by itself but this one is good for .rar and a bunch of others that the default install has no app for.

Overrated and buggy in my experience, but it may be better now. I like Zipeg fairly well.

You can still get to the ~/Library folder by holding "option" while clicking on the "go" menu in the Finder. Better than hiding and un-hiding it.

Clunkier than simply making it permanently visible with an alias, particularly for someone who is unlikely to remember the option key trick.

Number one on your list should have been "don't f*** with permissions, it always ends in tears."

I have run into plenty of instances where manually changing permissions is necessary and did not lead to problems. Disk Utility's permissions repair doesn't do everything, unfortunately.

[O_G]

If you want to be obsessive about security you can also use a bios/efi/firmware password. Otherwise it's possible to bypass the administrator password with a few commands when booted into single user mode, or when booted from the OS X disc.

[andycooper]

... or you could actually make it useful and use Bootcamp to install Windows 7

[Das Pike]

Some good advice I was given when I first got mine:

Go with the flow. If you normally have your iTunes organized by directory and sub folders, etc -- just let it import them and manage them the way it wants. Same with iPhoto. Let it do what it wants and things will generally be smoother in the long run.

Couple apps to checkout:

- TinkerTool, sort of like TweakUI for OSX.
- Alfred, what Spotlight should have been
- Skitch, powerful screenshot app

Oh and be sure calibrate your display using the utility in SysPrefs. I found my hues and tints to be a little on the weakside right out of the box.

[Jader Pack]

Not necessary. The root account is the real concern.

Admin account is a security concern as well. It has more permissions than are needed for 99% of nearly all users' normal tasks. For example, an Admin account can modify /Applications and /Library without further authentication, can modify all system settings (including "hidden" or non-GUI settings, and can perform various functions via the terminal that simply won't work or require authentication in a Standard account.

It's a basic principle of computing security that you run with the least possible number of permissions. That means not using an Admin account as your main account. In this case, there's no reason not to as there is next to no drawback.

Not worth the additional risk of having Java. Safari and Firefox, at the very least, support Ad Block and Flashblock (Click2Flash for Safari).

Up to the user. I was just suggesting it.

Not installing Flash is overkill. Just use Flashblock to stop unwanted Flash from opening in your browser and stick to reputable sites for Flash. It can also be used in conjunction with Ad Block and BetterPrivacy (Firefox)/Safari Cookies (Safari) to stop tracking junk from building up. You can set up some browser add-ons that block automatic loading of Flash to favor loading videos with HTML 5 over the Flash format if you want to further avoid loading Flash content.

Those are also good options. For me, the combination of not having to deal with Adobe's s***ty Flash implementation and having a universal adblocker that works on all browsers much more easily than all the individual ad blockers (Safari adblockers are especially difficult to manage for the reasons you mentioned) and in my virtual machines makes the way I suggested worth it. Again, up to the user.

Overrated and buggy in my experience, but it may be better now. I like Zipeg fairly well.

Never had a single issue with it. Your mileage may vary.

Clunkier than simply making it permanently visible with an alias, particularly for someone who is unlikely to remember the option key trick.

For a folder users generally have no business being in, I like my suggestion. To each his own.

I have run into plenty of instances where manually changing permissions is necessary and did not lead to problems. Disk Utility's permissions repair doesn't do everything, unfortunately.

Disk Utility only corrects permissions for the system and anything installed with an installer or from the App Store. It doesn't touch your user folders.

I'm not sure what you're doing that would ever need you to mess with permissions, but it will never work 100% in large part because various apps require custom permissions and because you can't modify the ACL properties of any file through the GUI. If you are having issues with files in your home folder, a better option is to boot into recovery mode, type "resetpassword" into the Terminal, and then use the utility that pops up to reset your home folder's permissions AND ACLs to default.

[O_G]

It's a basic principle of computing security that you run with the least possible number of permissions. That means not using an Admin account as your main account. In this case, there's no reason not to as there is next to no drawback.

There are a basic principles of computer security that aren't necessary to follow to the limit, too. Apple feels the admin account, which is not root, is OK as the default.

Never had a single issue with it. Your mileage may vary.

It did. It didn't expand files properly sometimes and Apple's utility did. I was a bit mystified over the praise for it because I had problems with different versions of it after giving it another try. I just have Stuffit Expander and Zipeg and those do a decent job. If I have a particularly troublesome RAR then I use WinRAR in my virtual machine. Perhaps the bugs are fixed now with it, but the utilities I have do the job.

I'm not sure what you're doing that would ever need you to mess with permissions, but it will never work 100% in large part because various apps require custom permissions and because you can't modify the ACL properties of any file through the GUI. If you are having issues with files in your home folder, a better option is to boot into recovery mode, type "resetpassword" into the Terminal, and then use the utility that pops up to reset your home folder's permissions AND ACLs to default.

I've never needed to do that, but thanks for the tip. Using the GUI or BatChmod has worked for me.

[Jader Pack]

There are a basic principles of computer security that aren't necessary to follow to the limit, too. Apple feels the admin account, which is not root, is OK as the default.

Running as root would be idiotic.

I agree that running as admin isn't idiotic and probably okay as long as malware remains rare on Mac OS. However, given that running as a standard user is a painless precaution that is in line with standard practice on every other OS, there really isn't any reason not to. That Apple makes admin accounts the default isn't evidence of the security of that practice more than it is evidence of the convenience of that practice.