Skip to content


This is part four of this series on Securing Leopard. Privacy and protecting one’s information are key in today’s information age. The way we use our computers can sometimes work against us in that respect. In Mac OS X there are a few things we can do to improve our privacy.

The topics covered in this section include:

  • Spotlight
  • Time Machine
  • Secure File Deletion
  • Recent Finder Items
  • Encrypted Disk Images

Note: FileVault home folder encryption was covered in the previous section on Security, FileVault and Firewall.

Spotlight icon Spotlight

Spotlight is a gift and a curse all in one. It allows you to automagically find almost any file, no matter where on your computer. On the other hand, it allows anyone with access to your computer to automagically find almost any file, no matter where on your computer… and any other drives you may have plugged in!

In the Privacy tab of the Spotlight preferences pane, you can select which drives or folders should not be indexed, thus preventing anyone from doing a quick spotlight search on the data contained therein. Add drives or folders by dragging them into the list area, or click the [+] button.

Spotlight Privacy

Time Machine icon Time Machine

Similar to the way Spotlight indexes everything on your computer, if you use Time Machine it will make a backup of any file you’ve ever had on your computer. Even if you delete that file from your system, it will still exist in the Time Machine backup. To permanently delete all copies of a file:

  1. Open a Finder window, and navigate to the original folder of the file you wish to purge.
  2. Activate Time Machine by clicking its icon in the Dock.
  3. Go back in time until you find the files or folders you wish to purge.
  4. Right-click on those files/folders, or select them and click on the gears icon in the Finder window.
  5. Select “Delete all backups of <filename>” (see screenshot below) – and watch history get erased before your very eyes.

Time Machine Purge Backup

Secure File Deletion

When files are deleted on a computer, they are not actually removed from the disk. The disk space allocated to those files is marked as free, and gradually overwritten with other files. File-recovery programs rely on this fact, and if you ever accidentally delete a file (for which you don’t have a backup), you can pull the plug and use one of those programs to try and recover the file. This also means however, that anyone with access to your computer can also attempt to perform the same, in an attempt at recovering sensitive files.

Luckily Mac OS X has a built-in method of securely deleting files (two methods in fact). The first is as simple as emptying the Trash, but instead of selecting ‘Empty Trash’ in Finder menu, you select ‘Secure Empty Trash’. This will actually overwrite bytes of the deleted files on the disk – several times – to ensure that there are no remnants of them.

The other method for securely deleting files is by erasing the ‘free space’. This may sound nonsensical but bear with me. There are two reasons why you might want to erase overwrite the free space on your computer:

  1. Non-Secure Deletion: You may have accidentally deleted sensitive files without using the ‘Secure Empty Trash’ functionality outlined above. This would leave the data remnants of the deleted file on your disk.
  2. Defragmentation: By default, Mac OS X regularly defragments small files that are accessed, to optimize the way disk space is used. As such, if you are regularly using small files of a sensitive nature, remnants of those files may exist even if you’ve securely deleted the original.

Although these two issues will probably be of little concern to most users, Mac OS X can help by offering a nifty feature that overwrites the free space on a volume. If you open up ‘Disk Utility’ (found in /Applications/Utilities/), select the volume you’re interested in purging, and click on the ‘Erase’ tab, you’ll find the ‘Erase Free Space’ button.

Disk Utility - Erase Tab

Clicking on this button will being up three options for secure deletion. At this point it really comes down to your level of paranoia (or whether you work for a Government organization). The first and fastest option, zeroing out the free space, is sufficient for 99% of people who will be reading this (again, unless a lot of you happen to work for a Government organization, and also happen to handle sensitively-marked data). Zeroing out the free space will simply write a 0-bit to each bit of free space, and it will be near-impossible for anyone to recover – except perhaps for the more skilled security agencies of national Governments. If you’re still unsure, and really want to make sure the data is purged, you have the second option which overwrites the free space seven times, using a combination of zeroes and ones, and conforms to the US Government’s DOD_5220.22-M standard for data sanitization.

IF you are still paranoid and wish to make sure whatever information you are purging will never see the light of day ever again (barring some kind of technological breakthrough of epic proportions) – you may choose the third option. This 35-pass option uses the Gutmann Method for overwriting files.

Erase Free Space

It should be noted that erasing the free space will take time, depending on the amount of free space available on the volume. The 7-pass and 35-pass options will take significantly (proportionately) longer than the single-pass option.

Recent Finder Items

One feature of Mac OS X is that it remembers the last few Applications and Documents you’ve used. This items are put together under ‘Recent Items’ in the Apple () menu. This can naturally be cleared by using the ‘Clear Menu’ option, however there is a also a setting to control this entire feature. Found in System Preferences -> Appearance, it is possible to set the number of recent items – which can be set to None.

Recent Items Settings

Encrypted Disk Images

If you have certain files that you wish to store, backup or send securely, encrypted disk images offer a solution. An encrypted disk image is simply an encrypted container, or volume, into which files can be placed. These disk images are encrypted using the Advanced Encryption Standard (AES), and require a password to open. Whilst the disk image is mounted, the files within can be accessed and manipulated as normal. Creating encrypted disk images is already covered in a number of places so I’ll summarize the process here.

  1. To create a new image, open Disk Utility (in /Applications/Utilities/).
  2. Click on the ‘New Image’ icon to create an empty container – or – if you wish to create an encrypted disk image based on an existing folder select “New -> Disk Image from Folder” in the File menu.
  3. Configure your disk image:
    • Disk image name
    • Size: Maximum size of your image
    • Format: Mac OS Extended (Journaled)
    • Encryption: choose between 128 and 256-bit AES. 256-bit is fine for most purposes.
    • Partitions: Single partition – Apple Partition Map
    • Image format: sparse bundle disk image (or sparse disk image if you require this image to be compatible with Mac OS X 10.4 or lower)

    Creating an Encrypted Disk Image

  4. Set a strong password! Although AES is a strong encryption cipher, it is only as strong as the password you choose. There exist password-cracking tools for disk images, and if you use a weak password (especially a dictionary word), these programs will easily crack it. Follow the password tips outlined in Section 1: Creating and Managing Accounts. I also recommend unchecking the ‘Remember password in my keychain’ checkbox to ensure that your disk image cannot be automatically opened by someone who gains access to your computer.
  5. That’s it, your disk image is created and mounted. Simply put files inside, and then don’t forget to un-mount/eject it (by dragging the disk image on your desktop over to the Trash) when you are done!

Next: Securing Safari

Back: Security, FileVault and Firewall