Startup Security
Digital Specter
Email: support@digitalspecter.com
Web: www.digitalspecter.com
Cost: $19.95 per single user license.
What is Startup Security?
With a recent update to the Macintosh firmware, Apple has included security features compliant with the IEEE1275 Security Specification. What does this geek-speak mean? It means that if you install the latest firmware version (4.1.7 or higher), you can use this utility to access those features, providing greater security for your system.
For Mac OS 9, we have included the ability to secure your system through the use of an Extension and the ability to prevent the shift key from disabling extensions at boot. While there are other security programs that do these things, none are integrated with the Open Firmware security to provide the most complete, unified Mac OS 9 security solution. One application and password can be used for setting all relevant parameters. Note that these features are not necessary on Mac OS X, as the OS has built-in security via the Login Window and file permissions. Also, please be careful with these settings; please do not attempt to use them if you are unfamiliar with what they do. Continue reading for more detail about these features.
What does Startup Security require to run?
Startup Security should run on any Power Macintosh running Mac OS 9.1 or later, including Mac OS X (use the "Startup Security X" application on Mac OS X). You will also need to make sure you are running the latest firmware for your Macintosh, at least version 4.1.7 or higher. These firmware updates can be obtained from Apple's site, or at these locations:
iMacs:
http://www.versiontracker.com/redir.fcgi/kind=1&db=mac&id=342/iMac_FWUpdate_4.1.7.smi.bin
iBooks:
http://www.versiontracker.com/redir.fcgi/kind=1&db=mac&id=8149/iBook_FWUpdate_4.1.7.smi.bin
G4 Towers:
http://www.versiontracker.com/redir.fcgi/kind=1&db=mac&id=8148/G4_FW_Update_4.1.8.smi.bin
G4 Cubes:
http://www.versiontracker.com/redir.fcgi/kind=1&db=mac&id=10224/G4_Cube_FWUpdate_4.1.8.smi.bin
Older Macintoshes (Beige G3s, PowerBook G3s, etc).
Unfortunately Apple has not offered any firmware updates for these machines. However, the startup security extension for Mac OS 9 should still function, you just will not be able to use the Open Firmware security provided in the firmware updates. This means that while you can prevent others from starting your machine without a password, they will be able to circumvent the security by booting off another partition or bootable device (such as a firewire drive).
How do I use Startup Security?
Simply launch the application! On Mac OS X, you will be forced to authenticate yourself as an administrator of your machine. This is probably the password you use to log in to the system, although this is not always the case. On Mac OS 9, you will required to enter the old password (if you have previously set one, otherwise leave it blank) before you can make changes.
Onec you have entered in the old password or authenticated, you simply set your desired security settings. These include a new password, and what security mode you prefer. You should choose a password that is not obvious, and one that is meaningful to you so you will not forget. Enter this password into both textfields.
Now, choose a security mode. There are three possibilities:
(a) No Security: as you might expect, this mode disables the Startup security on your machine.
(b) Allow Boot Device Only: using this mode, users can ONLY boot off the device you have specified as your default booting device. For example, if you have two hard disk partitions -- one with OS9, one with OSX, and currently Mac OS X is the default boot disk -- enabling this mode will allow others to only be able to boot into Mac OS X, unless they know the password. This means they can't boot off of a CD or other external device and mess with your system in a malicious way.
(c) Full Security: This mode is not for the faint of heart, and requires that you are not scared of command-line prompts. With this mode selected, the machine will enter into the Open Firmware environment immediately, allowing the user of the machine to do absolutely nothing more until the correct password is entered. This essentially locks users out of the machine totally unless they know the password.
On Mac OS 9, you have two extra options. Mac OS X users who have a dual boot system should enable these features to prevent access to their data while booting into OS 9. The extra features are:
(a) Ask For a Password During Mac OS 9 Startup
This option will require you to enter your password on startup, but only if you have the 'Allow Boot Device Only' mode set. This can be used to prevent people from booting you Mac OS 9 system without your permission. They will not be able to bypass this dialog by booting off another device since you have set the 'Allow Boot Device Only' mode. You will not be prompted for a password if you have set the 'Full' security mode, because setting this mode will have already required you to have entered the password on boot, and therefore there is no need to enter it again. If you type the password wrong three times, the machine will automatically shutdown. Also note that if you reset your password as outlined in 'What If I Forget My Password?' below, the extension will not prompt for a password because the security mode will be automatically set to 'None' the next time you boot.
(b) Don't Allow Shift Key To Disable Extensions
If you activate this setting, you will not be able to bypass the extension (and any others) installed in the first option by holding down the shift key on boot. With this feature enabled and the security mode set to anything but "None", your will not be able to modify the booting of your machine at all without a password. Combined with a physical security solution to prevent access to the insides of your machine, such as a lock and cable, your Macintosh is virtually impenetrable, even if you have dual boot Mac OS 9 and X system.
How much does it cost?
Startup Security costs $19.95 per single user license. This helps us recoupe costs of distribution and development, as well as fund future development of products. We thank you for your support.
What if I forget my password?
Never fear, all is not lost. If you forget your password, you will need change your machine's memory configuration, and then reset the PRAM. To do this:
(1) Shutdown the machine.
(2) Add or remove a RAM DIMM stick. Moving a RAM stick to a different slot will NOT work. You must add or remove memory.
(3) Hold down Command-Option-P-R keys, and power on the machine.
(4) Hold the keys down until you hear the machine reset (you will hear the boot chime a total of two times).
You may be asking: if I can reset the password, then this password protection it is not fully safe from hackers. This is true. Without any measure of physical security, such as a lock and cable, your machine is definitely still vulnerable to attack by a knowledgeable person. So buy a lock and prevent access to the inside of your machine!
How do I contact Digital Specter?
For help or information about this application and/or Digital Specter, send mail to support@digitalspecter.com. You can also check out our web site at: www.digitalspecter.com.
Further Reading
If you would like to know more about the state of security on the Macintoch, visit our website for more information:
http://www.digitalspecter.com/security_detail.html
bomaszko