We’re in the middle of a series of primers for new Mac users, to help ease the transition for those who have decided to take the leap, and serve as reassurance for those who may be considering it.

You’ll remember that in our last episode we discussed security, and the fact that not one species of malware (viruses, spyware, adware, Trojan Horses, keystroke loggers, etc.) has ever afflicted the operating system on your Mac, called Mac OS X, “in the wild”. What I mean by “in the wild” is the real world outside of a software “laboratory”. That’s over six years of immunity while Windows sufferers worldwide have endured and had to fortify against, oh, around 150,000 of the pesky intruders.

The reason for the Mac’s immunity is two-fold. Last week we learned that the very structure of Mac OS X, built upon the rock-solid and time-tested foundation of open-source UNIX, is resistant to intrusion. Mac OS X’s second line of defense is its UNIX-derived system of “permissions” that prevent unwanted entry. Here’s how it works.

There are three hierarchies of users on any Mac OS X based Mac. The “root” user can get deep inside and change the very core of the operating system. This deep core is what malware writers target, to, for example, penetrate a port and take over the functionality of an application (like sending spam porn email to everyone in your Outlook Express address book, which has been done in the Windows world).

A Mac wakes up for the first time with access to the root user turned off by default, and 99% of all Mac users never need to get access to the root level for anything. One reason early versions of Windows XP had so many security issues is its equivalent to root access was turned on from the get-go. Not good.

The next level of user is the system “Administrator” (or “Admin”, for short), who can approve/deny installation of software and assign permissions and access to ports and files to others on the network.

The third level of user is what I’ll call “individual” users. The system Admin can create multiple individual accounts and control each account’s access to files and other system services. This is handy if you have kids, or perhaps less computer-literate users in the household. For example, you can create a “Kids” user that can’t install or delete software, and only access files on the computer you want them to. Mac OS X also offers powerful Parental Controls over email, web surfing, etc., which you can apply to the Kids account as well.

So how does this apply to you? When you start up and log into your Mac for the first time, you become the system Admin. That’s why its very important for you to remember the username and password you selected during the registration process. This will become evident the first time you try to install new software on your Mac. A box will appear, pointing out that you are about to install an application, and ask for your password to proceed.

If you’re sure that you’re installing a “legitimate” application, proceed with confidence. However, let’s say someone sends you an email message with what appears to be an innocent JPEG photo file attached. However, the photo itself is not being displayed in the email message body. Since you know that Apple’s Mail program should display attached photos in the body of the email, you should become suspicious. If you double-click the photo file, and a box appears reminding you you’re about to install a program, DON’T. You have a part to play in security as well.