Mac OS X 10.4 'Tiger' in depth
Part three: Mail, Safari and security
Tiger's version of Apple's Keychain Access application, the OS' one-stop shop for password and other sensitive data storage, now links to a new app, Certificate Assistant, which allows you to create root certificates to authenticate files shared within workgroups. Keychain Access has been given an "iTunes-like" facelift, making it easier to navigate than it has been in the past. And you can use a smart card to authenticate both the System and your own keychain, though you'll need an external card reader, of course. I haven't so I couldn't try it out, alas. According to Apple, 10.4 will support smart cards compliant with US government security standards, in particular GSCIS.
Apparently, memory pages swapped to the hard disk by 10.4's virtual-memory manager are encrypted against prying eyes, too - an offshoot, no doubt, of the on-the-fly encryption and decryption system, FileVault, Apple introduced with 10.3. You set it in the Security pane in System Preferences. I've yet to notice any performance degradation from the encryption overhead. Jobs sent to shared printers can be encrypted too, apparently, though there's nothing in 10.4 to stop anyone getting to the office laser ahead of you.
Other tweaks to Mac OS X's security provisions include the addition of an Advanced... button on the OS' firewall System Preferences pane which allows you to log firewall activity if you're worried someone's trying to sneak past it, and to set it to operate in stealth mode and ignore unexpected requests for information.
Speaking of the System Preferences app. There's a nice module linked through from a number of panes, called Password Assistant. It chooses passwords for you according to a couple of criteria: length and type. The latter range from memorable suggestions to keys compliant with FIPS-181, the US Federal Information Processing Standard for such matters. A coloured bar indicates how secure the Password Assistant reckons the suggested word to be.
You can type in your own passwords, too, and it's fun - not to mention chilling - to see just how secure - or not - they are.
To be continued...