Security Through Obscurity On Mac OS X – Better Solutions

Sep 29, 2016

 

A look at how security through obscurity (hiding files) is doomed to fail in Mac OS X, plus a look at some easy ways to truly secure files on your Mac.

 

When someone wants to hide files on their Mac they typically use some variation of security through obscurity

 

The reliance on the secrecy of the design or implementation as the main method of providing security for a system or component of a system.

 

It's generally accepted that a security by obscurity model is not adequate, but let's take a quick look at how this approach is often implemented (and how it fails) on Macs.

 

Misleading Names

Often the first approach to hiding something is to give it a misleading name – a kind of "hide in plain sight" approach. It's kind of like taking the dust jacket from War & Peace, putting it on your diary, and then leaving the diary out in the open on your bookshelf.


hide-files-on-mac-with-misleading-names.png

 

The problem here is that Mac OS X is so good at indexing and searching not just file names but all text in a file. Imagine you are documenting your struggles with an evil stepmother and want to hide this journal from her. Even if you change the name of the file to something misleading, like "Boring Work Stuff", a search for the word stepmother will still find the document.

 

Weird Places

Another approach is to take the files you want to hide and put them someplace strange – some folder somewhere where you would not expect anyone to look. It's like taking the diary from the example above and hiding it some place you think (hope!) nobody would ever look.

This would, in most cases, prevent someone from stumbling across the files, but they would still be immediately revealed in a search as described above.

 

Hidden Folders

This starts to get more advanced and a little more effective as well. There are a lot of files and folders in Mac OS X that are generally not visible to the user. This is because Mac OS X, by default, hides any folder that starts with a dot (period). Better yet any file that is placed in a hidden folder inherits that "hide" attribute – it becomes invisible, and will not appear in search results.

Sounds easy. The trick is that, by default, Mac OS X won't let you put a dot at the start of a file name. You'll get an error message like this:

 

hide-files-on-mac-by-using-a-dot.png

 

You can force the dot by renaming the file/folder in terminal, but it's generally easier to just show all of the existing hidden files on Mac OS X. Just follow those steps – once you can see the existing hidden folders you can also create new ones by pre-pending the dot. If you try it now you'll get a caution that looks like this rather than an error.

 

how-to-hide-files-on-a-mac-by-adding-dot-to-filename.png

 

You can use this trick to create a hidden folder, and any files you put into it will also be hidden.

As far as security by obscurity goes... this is about as good as it gets. The files won't be visible by default, and they won't show up in a search. But there are drawbacks...

 

  • You will have to show hidden files on your Mac whenever you want to see the files.
  • Anybody else can show hidden files and see them.

 

The first part is just inconvenient for you (not everyone will relish the prospect of showing/hiding hidden files) but the second part is more serious. Go back to the diary example for a second – we're hiding it in a better place, but we're still just hiding it. If anyone finds it they get all the information.

 

Encryption

The only real security is to encrypt the data. This is like writing the diary in an unbreakable code that only you can read. Even if it gets found you have nothing to worry about because nobody will understand it.

There is a great Mac application for hiding and encrypting files and folders. It is called Hider 2, and it is easy to use and very affordable. There is more information in this post on how you can use Hider 2 to securely hide and encrypt files on your Mac.

If the information is sensitive enough that you are considering an ineffective security through obscurity approach it's worth securing the right way. Encryption is the only true security and Hider 2 makes it easy.

 

 




Related Content

How To Migrate Google Authenticator To A New iPhone

Instructions on how to move Google Authenticator to a new iPhone so you don't lose access to accounts with two-factor authentication enabled.

Why Have Security Questions After Password Authentication?

Asking security questions after password authentication is not just pointless, it actually makes things less secure.

Replace macOS Sierra Login Screen Image (Without Blur)

Simple instructions on how you can replace the macOS Sierra login screen/desktop image with one of your choosing, and without the blur effect.

Apple Remote Desktop: Fix "Authentication failed to" Error

Using ARD (Apple Remote Desktop) and getting an "Authentication failed to" error in Mac OS X? There is a very easy fix for Sierra, El Capitan & Yosemite.

How To Securely Hide (and Encrypt) Files On Mac OS X

How to hide/secure files on your Mac: An easy approach to protecting your data by securing, hiding, and encrypting selected files and folders in Mac OS X.

Showing Hidden Files vs Hiding Regular Files in Mac OS X

They might seem like flip sides of the same coin but the techniques used to show hidden files on a Mac are not the best solution for securely hiding files.

What Does Incognito/Private Mode Really Mean?

The incognito or private mode in your web browser can offer you some additional privacy but not as much as you may think, and you still need to be careful.

"Your Apple Device has been locked..." Another Scam

Does "http://www.alerts-safari.info" say "Your Apple Device has been locked, due to security reasons"? Don't panic, it's not – just don't call the number!

Short Guide to (Finding, Sharing, etc.) SSH Keys on Mac OS X

A short guide to SSH keys and Mac OS X: How to create, find, share and add SSH Keys (and deal with related SSH errors and warnings) on Mac OS X.

Open Safari Without Opening Windows From The Last Session

How to open Safari without automatically re-opening windows/tabs from the last session. This can save you if you ever run into ransomware.

Category List


Tag List


Tag Cloud



Archive