Many troubleshooting articles focus on how to get yourself out of some troubleshooting jam. In this article, I instead want to look at the other side of the table: How to keep yourself out of trouble in the first place. I will not be covering here any of the oft-cited maintenance routines (such as repairing permissions or running cron jobs). Instead, I will be covering even more basic advice that is also, in most cases, even more simple to do. Despite this, it is advice that is too often ignored...at the user’s peril.
1. Back up. Back up often.
Sure...you've heard it before: It’s important to back up. But it bears repeating. No matter what problem you have, you can avert complete disaster by having your files backed up. The death of a hard drive that has not been backed up is the computer equivalent to having your house burn down. A lifetime of treasured documents could be lost forever. But with a computer, you have a huge advantage as compared to your house: For very little money, you can maintain a duplicate of the contents of your drive. If your hard drive dies, nothing of value is lost at all. To accomplish this feat, all you need to do is make sure you have a recent backup of your data. That’s why backing up is at the top of my list.
How and exactly what you back up can vary as a matter of personal preference. You can use the Finder to just save the important files in your Home directory. Or you can use any one of a number of utilities (such as SuperDuper or Data Backup) to make a bootable clone of your entire drive. Or anything in between. It depends upon exactly what you feel is critical to save, and how much time you are willing to invest in doing it. Just make sure you do it. Personally, I maintain a copy of my entire drive on a separate external FireWire drive. In addition, I periodically burn critical data to a CD.
Whatever method you choose, back up your data to a destination that is not simply another partition or folder on your startup drive. The point is to have a backup in case the drive fails.
2. Use Command-S...on autopilot.
Making periodic backups of your data may not help much if you lose a file that you just created in the last few hours. That’s why the most important thing you can do when working on a document is save it! Press Command-S as often as possible. I can't tell you how many times I have had a conversation that goes like this:
"TextEdit just froze on me. I don't want to Force Quit it because I want to save the document I was working on. What can I do"
"Had you saved the document recently?"
"I don’t think so. It still says Untitled at the top of the window."
"And how long were you working on this document?"
"Oh, about an hour."
"Well, you can kiss that hour of your life good-bye, as well as the document you were working on."
Yes, there are a few possible rescues here: taking a screenshot of the visible window can help save a brief amount of text; having previously installed a program that records keystrokes may also facilitate some text recovery. But nothing is better than having saved the document.
I typically name and save a document before I even begin working on it. I then hit Command-S every time I pause, usually every couple of minutes or so. It's as automatic as breathing. That way I never lose more than a few minutes work.
3. When in doubt...use Save As.
What if a document you are working on suddenly starts displaying some odd symptom, such as a few lines of text that suddenly vanishes? Should you save the document at this point? No! The document may be corrupted. Saving it now may overwrite the last uncorrupted version of the document that you have. Instead, select Save As (Command-Shift-S) and save the document to a different name. The older, hopefully still functional, version of the document remains and is out of harm’s way. You can now safely work on trying to fix the problematic version of the document. Even if you destroy the document in the process, you still have the prior version as a backup. Even better, also create a duplicate of the possibly corrupt version before you go any further. Now you have backups of both versions of the document.
4. When in doubt, move files, don't delete them.
Suppose you have a preferences (plist) file that you believe is corrupted. Or perhaps you have some fonts that you want to delete because it looks like they are causing an application to crash. Rather than deleting them, remove them from their Library folder. This effectively disables them. If they were causing a problem, the symptoms should now be gone.
Similarly, when replacing presumably corrupted files with clean versions, save the original (perhaps corrupted) files to a different location, rather than overwriting them.
The advantage of all of this is that, if it turns out that disabling the files has no beneficial effect, you can return the original files to their prior location. This can save you the time and hassle of locating back-up copies and/or redoing custom changes to various preferences. If you trashed the files, you have no alternative but to start over. You can always delete the files later, after your troubleshooting is done.
5. Stay out of where you don't belong: Don't even move files without using caution.
There are some locations, such as the /System folder or the various invisible UNIX folders, where even moving a file to a different location can wreak havoc with your Mac, including preventing you from a successful startup. If this hapens, getting things working again may require mucking around in single-user mode, booting from another drive, and/or even reinstalling Mac OS X. To avoid such hassles, don’t casually modify the contents of places that you don’t really belong. The contents of the /System folder, for example, is not a place for “I was just curious to see what would happen” type of experimentation.
If you were specifically instructed to go to one of these “out of bounds” folders by someone whose judgment you trust, or if you have the skills to trust your own judgment, then go ahead. Otherwise, experimenting here is tantamount to a new homeowner trying to install kitchen cabinets with a hammer and nails. It’s not likely to work out well.
6. Don't install updates too soon or do too many at once.
When a vendor, including Apple (some might say especially Apple) releases an update to their software, don’t be in a hurry to be the first on your block to install it. Instead, wait a few days. Check the MacFixIt home page and/or the user comments on VersionTracker for reports of problems. Then assess whether or not you should risk installing the upgrade now or wait for the next upgrade to come along. To take one example, there was a recent upgrade to Mac OS X that, during installation, could destroy the contents of a mounted external FireWire drive. Why risk something like this when, by waiting a few days for the solutions to be determined and posted online, you can prevent any chance of disaster?
Similarly, don’t upgrade several programs all at once. If you do, and problems occur afterwards, it makes it harder to determine which newly installed software is the culprit. Instead, go in smaller steps, checking after each upgrade or two that all continues to work well.
7. Be careful when giving your email address online.
With secure and reputable sites, such as Amazon.com, there is not much risk that, by entering your email address into a form, it will fall into the hands of evil-doers. But there is some risk. Despite this, if you want to order items from sites like Amazon, you must enter a valid email address; so you don’t have much choice.
However, even here, be careful to select not to receive any unsolicited email, if and when you are given a choice. Otherwise, you are opening yourself up to getting spam.
Be even more cautious with sites that you are less certain as to their secure or reputable status.
Even more risky is when you enter your email address in locations where it gets posted publicly (such as in some Forum discussions). Spammers can now harvest your email address, even without the knowledge or permission of the site where your address is posted. I try to avoid ever doing this, even going so far as using a false email address (if the site requires me to enter one). Failure to protect yourself here is an invitation to start getting dozens of spam messages a day.
Spam filters are good to have. But minimizing your spam in the first place is even better.
8. Be wary of email scams.
I am sure you’ve heard about the variety of scams and hoaxes lurking on the Internet. I want to especially alert you to one type, typically called “phishing.” What happens here is that you receive an email that appears genuine and comes from a place you use, such as eBay. It claims that there is a problem with your account and that you need to re-enter your account info to have it be updated correctly. There is a link to click to go to a Web page to do this updating. If you go to the page, it looks equally legitimate.
The problem is that it is all a hoax. Any information you enter, especially passwords or credit card numbers, will be used by the perpetrator to part you from your money.
My policy here is simple: NEVER enter any confidential data on a Web page that is accessed from an email link. Ideally, don’t even click the link at all. Instead, go to the vendor’s Web site by entering its home page URL in your browser and access your account information as you normally would. Or simply ignore the questionable email altogether. If the email warning is legitimate, you will find out soon enough (such as if your account stops working, at which point you can telephone the company to get the matter cleared up). However, every email like this I have gotten has proved to be a scam. So ignoring them has proven to be the best course of action. There are ways to ascertain if a Web page link is legitimate or not, but simply ignoring any ones that seem questionable is easier and quicker.
9. Look before you leap: Read warnings before clicking OK.
When maneuvering around Mac OS X, you will periodically confront warning messages that ask you to click an “OK” button — or an alternative negative button — before proceeding. Sometimes, the same message appears so often that you start to ignore it, just clicking OK on auto-pilot. For example, it may be a message that pops up whenever you fill out a form on the Web, warning you that the data you are about to send is not secure.
I am not recommending getting obsessive-compulsive here, and pondering each instance of such messages. But it definitely pays to hesitate a bit — to check whether you are stepping off a curb or jumping off a cliff. Here’s one drastic example: When you mount an iPod via iTunes on a computer other than the one that contains the iPod’s Music Library, you get a message essentially asking whether you want to replace the iPod’s contents with the contents of the current Mac’s Music Library. If you are one of those people that typically dismisses all warning messages with a quick “OK,“ you will wind up wiping out the contents of the iPod. And if the current Mac is a new Mac with no songs in its Library, the iPod winds up “empty” — which is probably not what you wanted.
10. Know where to find important stuff (such as manuals and CDs).
I do a decent amount of troubleshooting over the phone. Too often, clients make this more difficult by not keeping track of where their stuff is. I can’t have the user boot from the Mac OS X Install disc, so that they can run Disk Utility to do repairs, if they have no idea where the disc is — or even if they still have it. I can’t have the user completely reinstall Photoshop, if they can’t locate the needed serial number.
Because the needed material is missing, a quick and simple troubleshooting fix can turn into a protracted series of phone calls that takes days to resolve. A word to the wise: Keep a list of all your passwords and serial numbers in a safe place. And keep important manuals and CDs handy.
This is a very old thread but still very useful advice.
Time Machine has been working beautifully for us. But I also make backups of some directories to CD at useful intervals. My husband got on external 1 terabyte hard disk for Christmas, did a complete backup of all our computers, and took it to work so that we have an off-site backup.
But burning your most important stuff to a CD is something everyone can do.
If you are in the habit of shutting down your Mac, considering using a utility every now and again like Onyx, which can run the default UNIX maintenance scripts all at one time. They are generally known as Daily, Weekly, Monthly, and a default install of OS X has them scheduled to run at around 3 AM local machine time. Make sure that you have the latest version of the utility for your system, they can be found at MacTracker or VersionTracker. But it's good to be careful, excepting for the above named scripts, others can cause you to make a whole lot of resets to your system prefs. Some stuff in the parameters is pretty harmless, and useful, like enabling the Develop(er) Menu, or changing the arrows in Safari. These are hidden defaults, which can be enabled by using the command line in Terminal, but who wants to get that geeky?
The best saver, which Ted's article mentioned, is to have a recent back-up. For OS X I am a fan of SuperDuper! which can save an entire disc to another drive or to an image, and even over a network to a disc image. (freeware/shareware with more features enabled when registered.) I've heard that CarbonCopyCloner has also made great strides, freeware. Of course, if you're running Leopard, TimeMachine is always available. I haven't tried it yet, since some of my stuff doesn't work in Leopard, and besides, I like to make backups when I have things humming, but that's just me.
If you don't install and test a lot of stuff, TimeMachine's hourly backups should suit most folks just fine.
Free space only becomes a serious issue under MacOS X if you run down a drive to less than 10% free space. There's a problem with HFS+ (the default for MacOS X) that can result in filesystem corruption if a drive is greater than 90% filled.
If you want a quick way to map out your volumes and find the biggest space consumers, consider tools like: OmniDiskSweeper, Filelight, GrandPerspective, and Disk Inventory X.
17GB is more space than most HDs had out of the box just 5 years ago. Unless you're doing a lot of video editting (for which an eMac isn't really suited anyway), you've got plenty of space.
That being said, if you have applications you'll never use (the MS Office test drive is a good example), just drag them to the trash. However, if you're not sure what something is, especially stuff in /Applications/Utilities, just leave it where it is. Also, unlike Windows, you can get rid of IE, again by just dragging it to the trash.
CoryCooper wrote: 11. Stay away from Internet Explorer.
Use Safari, Firefox, Mozilla, Netscape...anything but IE.
IE is my problem, prefer Safari. Should I 'get rid' of IE, or is that possible? Thanks for your help and '10'! question: how do I delete 'stuff' from my emac to acquire more GB..am down to 17 GB? Thanks much.
Thanks Joel - That was a very interesting article. It cool of you to post information like this that can help the avg Mac user. I think I can speak many of us here - thank you for helping a lot of people in this Forum.
Here is an Article I came across years ago that's for the IT Administrator/Security but it has many points for anyone that uses a computer. Even though it came from a Microsoft Security Group the most of the information relevant to any OS platform.
The Ten Immutable Laws of Computer Security
Here at the Microsoft Security Response Center, we investigate thousands of security reports every year. In some cases, we find that a report describes a bona fide security vulnerability resulting from a flaw in one of our products; when this happens, we develop a patch as quickly as possible to correct the error. In other cases, the reported problems simply result from a mistake someone made in using the product. But many fall in between. They discuss real security problems, but the problems don't result from product flaws. Over the years, we've developed a list of issues like these, that we call the Ten Immutable Laws of Security.
Don't hold your breath waiting for a patch that will protect you from the issues we'll discuss on the following pages. It isn't possible for Microsoft - or any software vendor - to "fix" them, because they result from the way computers work. But don't abandon all hope yet - sound judgment is the key to protecting yourself against these issues, and if you keep them in mind, you can significantly improve the security of your systems.
1). If a bad guy can persuade you to run his program on your computer, it's not your computer anymore.
It's an unfortunate fact of computer science: when a computer program runs, it will do what it's programmed to do, even if it's programmed to be harmful. When you choose to run a program, you are making a decision to turn over control of your computer to it. Once a program is running, it can do anything, up to the limits of what you yourself can do on the machine. It could monitor your keystrokes and send them to a web site. It could open every document on the machine, and change the word "will" to "won't" in all of them. It could send rude emails to all your friends. It could install a virus. It could create a "back door" that lets someone remotely control your machine. It could dial up an ISP in Katmandu. Or it could just reformat your hard drive.
That's why it's important to never run, or even download, a program from an untrusted source - and by "source", I mean the person who wrote it, not the person who gave it to you. There's a nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn't - it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you'll usually be safe.
2). If a bad guy can alter the operating system on your computer, it's not your computer anymore.
In the end, an operating system is just a series of ones and zeroes that, when interpreted by the processor, cause the machine to do certain things. Change the ones and zeroes, and it will do something different. Where are the ones and zeroes stored? Why, on the machine, right along with everything else! They're just files, and if other people who use the machine are permitted to change those files, it's "game over".
To understand why, consider that operating system files are among the most trusted ones on the computer, and they generally run with system-level privileges. That is, they can do absolutely anything. Among other things, they're trusted to manage user accounts, handle password changes, and enforce the rules governing who can do what on the computer. If a bad guy can change them, the now-untrustworthy files will do his bidding, and there's no limit to what he can do. He can steal passwords, make himself an administrator on the machine, or add entirely new functions to the operating system. To prevent this type of attack, make sure that the system files (and the registry, for that matter) are well protected. (The security checklists on the Microsoft Security web site will help you do this).
3). If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
Oh, the things a bad guy can do if he can lay his hands on your computer! Here's a sampling, going from Stone Age to Space Age:
He could mount the ultimate low-tech denial of service attack, and smash your computer with a sledgehammer.
He could unplug the computer, haul it out of your building, and hold it for ransom.
He could boot the computer from a floppy disk, and reformat your hard drive. But wait, you say, I've configured the BIOS on my computer to prompt for a password when I turn the power on. No problem - if he can open the case and get his hands on the system hardware, he could just replace the BIOS chips. (Actually, there are even easier ways).
He could remove the hard drive from your computer, install it into his computer, and read it.
He could make a duplicate of your hard drive and take it back his lair. Once there, he'd have all the time in the world to conduct brute-force attacks, such as trying every possible logon password. Programs are available to automate this and, given enough time, it's almost certain that he would succeed. Once that happens, Laws #1 and #2 above apply
He could replace your keyboard with one that contains a radio transmitter. He could then monitor everything you type, including your password.
Always make sure that a computer is physically protected in a way that's consistent with its value - and remember that the value of a machine includes not only the value of the hardware itself, but the value of the data on it, and the value of the access to your network that a bad guy could gain. At a minimum, business-critical machines like domain controllers, database servers, and print/file servers should always be in a locked room that only people charged with administration and maintenance can access. But you may want to consider protecting other machines as well, and potentially using additional protective measures.
If you travel with a laptop, it's absolutely critical that you protect it. The same features that make laptops great to travel with - small size, light weight, and so forth - also make them easy to steal. There are a variety of locks and alarms available for laptops, and some models let you remove the hard drive and carry it with you. You also can use features like the Encrypting File System in Windows 2000 to mitigate the damage if someone succeeded in stealing the computer. But the only way you can know with 100% certainty that your data is safe and the hardware hasn't been tampered with is to keep the laptop on your person at all times while traveling.
4). If you allow a bad guy to upload programs to your web site, it's not your web site any more.
This is basically Law #1 in reverse. In that scenario, the bad guy tricks his victim into downloading a harmful program onto his machine and running it. In this one, the bad guy uploads a harmful program to a machine and runs it himself. Although this scenario is a danger anytime you allow strangers to connect to your machine, web sites are involved in the overwhelming majority of these cases. Many people who operate web sites are too hospitable for their own good, and allow visitors to upload programs to the site and run them. As we've seen above, unpleasant things can happen if a bad guy's program can run on your machine.
If you run a web site, you need to limit what visitors can do. You should only allow a program on your site if you wrote it yourself, or if you trust the developer who wrote it. But that may not be enough. If your web site is one of several hosted on a shared server, you need to be extra careful. If a bad guy can compromise one of the other sites on the server, it's possible he could extend his control to the server itself, in which he could control all of the sites on it - including yours. If you're on a shared server, it's important to find out what the server administrator's policies are. (By the way, before opening your site to the public, make sure you've followed the security checklists for IIS 4.0 and IIS 5.0).
5). Weak passwords trump strong security.
The purpose of having a logon process is to establish who you are. Once the operating system knows who you are, it can grant or deny requests for system resources appropriately. If a bad guy learns your password, he can log on as you. In fact, as far as the operating system is concerned, he is you. Whatever you can do on the system, he can do as well, because he's you. Maybe he wants to read sensitive information you've stored on your computer, like your email. Maybe you have more privileges on the network than he does, and being you will let him do things he normally couldn't. Or maybe he just wants to do something malicious and blame it on you. In any case, it's worth protecting your credentials.
Always use a password - it's amazing how many accounts have blank passwords. And choose a complex one. Don't use your dog's name, your anniversary date, or the name of the local football team. And don't use the word "password"! Pick a password that has a mix of upper- and lower-case letters, number, punctuation marks, and so forth. Make it as long as possible. And change it often. Once you've picked a strong password, handle it appropriately. Don't write it down. If you absolutely must write it down, at the very least keep it in a safe or a locked drawer - the first thing a bad guy who's hunting for passwords will do is check for a yellow sticky note on the side of your screen, or in the top desk drawer. Don't tell anyone what your password is. Remember what Ben Franklin said: two people can keep a secret, but only if one of them is dead.
Finally, consider using something stronger than passwords to identify yourself to the system. Windows 2000, for instance, supports the use of smart cards, which significantly strengthens the identity checking the system can perform. You may also want to consider biometric products like fingerprint and retina scanners.
6). A machine is only as secure as the administrator is trustworthy.
Every computer must have an administrator: someone who can install software, configure the operating system, add and manage user accounts, establish security policies, and handle all the other management tasks associated with keeping a computer up and running. By definition, these tasks require that he have control over the machine. This puts the administrator in a position of unequalled power. An untrustworthy administrator can negate every other security measure you've taken. He can change the permissions on the machine, modify the system security policies, install malicious software, add bogus users, or do any of a million other things. He can subvert virtually any protective measure in the operating system, because he controls it. Worst of all, he can cover his tracks. If you have an untrustworthy administrator, you have absolutely no security.
When hiring a system administrator, recognize the position of trust that administrators occupy, and only hire people who warrant that trust. Call his references, and ask them about his previous work record, especially with regard to any security incidents at previous employers. If appropriate for your organization, you may also consider taking a step that banks and other security-conscious companies do, and require that your administrators pass a complete background check at hiring time, and at periodic intervals afterward. Whatever criteria you select, apply them across the board. Don't give anyone administrative privileges on your network unless they've been vetted - and this includes temporary employees and contractors, too.
Next, take steps to help keep honest people honest. Use sign-in/sign-out sheets to track who's been in the server room. (You do have a server room with a locked door, right? If not, re-read Law #3). Implement a "two person" rule when installing or upgrading software. Diversify management tasks as much as possible, as a way of minimizing how much power any one administrator has. Also, don't use the Administrator account - instead, give each administrator a separate account with administrative privileges, so you can tell who's doing what. Finally, consider taking steps to make it more difficult for a rogue administrator to cover his tracks. For instance, store audit data on write-only media, or house System A's audit data on System B, and make sure that the two systems have different administrators. The more accountable your administrators are, the less likely you are to have problems.
7). Encrypted data is only as secure as the decryption key.
Suppose you installed the biggest, strongest, most secure lock in the world on your front door, but you put the key under the front door mat. It wouldn't really matter how strong the lock is, would it? The critical factor would be the poor way the key was protected, because if a burglar could find it, he'd have everything he needed to open the lock. Encrypted data works the same way - no matter how strong the cryptoalgorithm is, the data is only as safe as the key that can decrypt it.
Many operating systems and cryptographic software products give you an option to store cryptographic keys on the computer. The advantage is convenience - you don't have to handle the key - but it comes at the cost of security. The keys are usually obfuscated (that is, hidden), and some of the obfuscation methods are quite good. But in the end, no matter how well-hidden the key is, if it's on the machine it can be found. It has to be - after all, the software can find it, so a sufficiently-motivated bad guy could find it, too. Whenever possible, use offline storage for keys. If the key is a word or phrase, memorize it. If not, export it to a floppy disk, make a backup copy, and store the copies in separate, secure locations. (All of you administrators out there who are using Syskey in "local storage" mode - you're going to reconfigure your server right this minute, right?)
8). An out of date virus scanner is only marginally better than no virus scanner at all.
Virus scanners work by comparing the data on your computer against a collection of virus "signatures". Each signature is characteristic of a particular virus, and when the scanner finds data in a file, email, or elsewhere that matches the signature, it concludes that it's found a virus. However, a virus scanner can only scan for the viruses it knows about. It's vital that you keep your virus scanner's signature file up to date, as new viruses are created every day.
The problem actually goes a bit deeper than this, though. Typically, a new virus will do the greatest amount of damage during the early stages of its life, precisely because few people will be able to detect it. Once word gets around that a new virus is on the loose and people update their virus signatures, the spread of the virus falls off drastically. The key is to get ahead of the curve, and have updated signature files on your machine before the virus hits.
Virtually every maker of anti-virus software provides a way to get free updated signature files from their web site. In fact, many have "push" services, in which they'll send notification every time a new signature file is released. Use these services. Also, keep the virus scanner itself - that is, the scanning software - updated as well. Virus writers periodically develop new techniques that require that the scanners change how they do their work.
9). Absolute anonymity isn't practical, in real life or on the web.
All human interaction involves exchanging data of some kind. If someone weaves enough of that data together, they can identify you. Think about all the information that a person can glean in just a short conversation with you. In one glance, they can gauge your height, weight, and approximate age. Your accent will probably tell them what country you're from, and may even tell them what region of the country. If you talk about anything other than the weather, you'll probably tell them something about your family, your interests, where you live, and what you do for a living. It doesn't take long for someone to collect enough information to figure out who you are. If you crave absolute anonymity, your best bet is to live in a cave and shun all human contact.
The same thing is true of the Internet. If you visit a web site, the owner can, if he's sufficiently motivated, find out who you are. After all, the ones and zeroes that make up the web session have be able to find their way to the right place, and that place is your computer. There are a lot of measures you can take to disguise the bits, and the more of them you use, the more thoroughly the bits will be disguised. For instance, you could use network address translation to mask your actual IP address, subscribe to an anonymizing service that launders the bits by relaying them from one end of the ether to the other, use a different ISP account for different purposes, surf certain sites only from public kiosks, and so on. All of these make it more difficult to determine who you are, but none of them make it impossible. Do you know for certain who operates the anonymizing service? Maybe it's the same person who owns the web site you just visited! Or what about that innocuous web site you visited yesterday, that offered to mail you a free $10 off coupon? Maybe the owner is willing to share information with other web site owners. If so, the second web site owner may be able to correlate the information from the two sites and determine who you are.
Does this mean that privacy on the web is a lost cause? Not at all. What it means is that the best way to protect your privacy on the Internet is the same as the way you protect your privacy in normal life - through your behavior. Read the privacy statements on the web sites you visit, and only do business with ones whose practices you agree with. If you're worried about cookies, disable them. Most importantly, avoid indiscriminate web surfing - recognize that just as most cities have a bad side of town that's best avoided, the Internet does too. But if it's complete and total anonymity you want, better start looking for that cave.
10). Technology is not a panacea.
Technology can do some amazing things. Recent years have seen the development of ever-cheaper and more powerful hardware, software that harnesses the hardware to open new vistas for computer users, as well as advancements in cryptography and other sciences. It's tempting to believe that technology can deliver a risk-free world, if we just work hard enough. However, this is simply not realistic.
Perfect security requires a level of perfection that simply doesn't exist, and in fact isn't likely to ever exist. This is true for software as well as virtually all fields of human interest. Software development is an imperfect science, and all software has bugs. Some of them can be exploited to cause security breaches. That's just a fact of life. But even if software could be made perfect, it wouldn't solve the problem entirely. Most attacks involve, to one degree or another, some manipulation of human nature - this is usually referred to as social engineering. Raise the cost and difficulty of attacking security technology, and bad guys will respond by shifting their focus away from the technology and toward the human being at the console. It's vital that you understand your role in maintaining solid security, or you could become the chink in your own systems' armor.
The solution is to recognize two essential points. First, security consists of both technology and policy - that is, it's the combination of the technology and how it's used that ultimately determines how secure your systems are. Second, security is journey, not a destination - it isn't a problem that can be "solved" once and for all; it's a constant series of moves and countermoves between the good guys and the bad guys. The key is to ensure that you have good security awareness and exercise sound judgment. There are resources available to help you do this. The Microsoft Security web site, for instance, has hundreds of white papers, best practices guides, checklists and tools, and we're developing more all the time. Combine great technology with sound judgment, and you'll have rock-solid security.
11) Only use the Administrative account for... administration.
A large part of Windows' vulnerability to malware is due to its default single-user security model -- the user is normally given complete control of the system. UNIX was designed from its inception as a multi-user system, and normal users are therefore not allowed to ruin things for other users. Take advantage of this model -- do all of your normal work in a non-administrative account, and any virus or trojan that might be targeted to the Mac will have a harder time getting its digits on crucial system files.