Slashdot Mirror

← Back to Stories (view on slashdot.org)

Prevent Insecure Booting Of Your Mac

Posted by pudge on from the just-do-not-lose-your-password dept.

maxphunk writes "So you can boot anyone's Mac using a CD or (for newer machines) mount the hard drive using target disk mode. Therefore, your machine isn't secure, right? Stock, yes; otherwise, no. Apple has a neato utility described here that eliminates this problem and more, using Open Firmware Password Protection. I have installed it on my iBook (late 2001) and I am definitely pleased with the results." It requires Mac OS X 10.1 or greater, and prevents things like starting up in single user mode, verbose mode, resetting PRAM, and more.

3 of 51 comments (clear)

  1. Good, Basic Protection by Spencerian · · Score: 5, Insightful

    For the record, I'm an Apple Service Technician, so I'm not quite talking out of the side of my face.

    Open Firmware protection has been around since the Blue & White G3 (maybe the original G3) but wasn't really endorsed by Apple until now. I think they really wanted to make a formal way to configure it. Before this, users had to boot into OF and enter some arcane commands.

    Basically, all Macs made since late 1999 work with this, but original and Blue & White G3s as well as early iMacs (made in 1998 and 1999) don't qualify. That doesn't mean you can't attempt to use the OF password features available on these systems, just that you may not be able to use Apple's utility to configure it since the firmware versions don't match.

    As someone already said, all bets are off when a hacker has physical access to the computer. But, combined with physical deterrents such as locks and proper security (rlogin off, password on screen saver, proper admin and user accounts, etc.), this really helps teachers and other sysadmins who need to keep kiddies or college kids from overriding the system's security and installing or copying stuff.

    Apple hardware has really needed this for a long time, and I couldn't endorse it until Apple did since it's a CYA thing.

    --
    Vos teneo officium eram periculosus ut vos recipero is.
  2. Re:wow, cool... by DustMagnet · · Score: 2, Insightful

    This type of security is more usefull than it sounds. If you combine it with a physical lock down, you have a machine that can be safely setup in a public lab.

    --
    'SBEMAIL!' is better than a goat!!
  3. laptop theft by tomdarch · · Score: 2, Insightful

    My PB was stolen a while ago, so this has been on my mind recently. How sophisticated are the people who fence stolen mac laptops. I'm sure that there's a sophisticated network for turning around stolen PCs, but Macs are a bit more obscure. In my case, the stupid theives took the laptop, but not the $80 power cable. I'm sure that the battery ran down in a few days in sleep mode, so to show that it's working to sell it or wipe the drive with a bootable CD would require a specific power cord. Are there 'resale channels' with those kinds of resources? Back to the topic, an OF password would help to some degree by preventing simply booting off a CD. Are there Mac specific fences who would know how to get around that? It's been a couple of months since the theft, and I still suspect that I may get a call one day: "Uh, I, uh, found a laptop that has your name on the screen and asks for a password...." I can always hope, can't I?