7 tips to help you keep your Mac completely safe

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44

Many users are worried about the security of their computers and ask the questions "How do I protect my Mac on the Internet?" or "Should I install different antivirus software?" These questions in one interpretation or another very often excite the minds of users. Most often they can be heard from people who have recently switched to OS X from Windows and have not yet managed to get rid of old habits of installing antivirus, spyware detection programs and other similar things in the field of security.

The easiest way, of course, is to joke and say that the safest computer is the one that is disconnected from the Internet or turned off altogether.

But seriously, what can you recommend to people who care about the safety and security of their data? We decided to look at this problem more broadly and consider it from all sides.

Instead of a prologue

I've spent some time searching for information and put together some helpful tips to help you keep your Mac safe and keep it running without fear of trouble when something goes wrong. These tips are neutral and do not contain any software recommendations, as I have no interest in it. And yes, I do not believe in the absolute invulnerability of a computer, no matter what platform it runs on. Some of the recommendations below are not directly related to malware, however, one way or another, they affect the security of your data in the event of loss, theft or damage to your computer.

In fact, the collapse of OS X security has been predicted for many years in a row, and as soon as news of any slightest vulnerability comes out, only the lazy one does not shout with foam at the mouth: “Look, look! I told you your Macs are no better than Windows computers!” Most of such articles on the Internet and blog entries are biased and more aimed at promoting various antivirus software and, in one way or another, related to its sales. All arguments usually boil down to the following: “Despite the fact that you have OS X, sooner or later it will have the same problems as in Windows. Therefore, you better be ready for this inevitable day in advance and buy our antivirus."

But the funny thing here is that the only serious security problem in OS X was the Flashback Trojan in April 2012, and oddly enough, no company selling antivirus software could make money on the wave of this "success", for the simple reason that no antivirus was able to detect it.:)

So what reasonable precautions should people take when they want to protect their computer and the safety of their data?

Tip # 1: Backups

Time Machine backups

Telling people to make backups is probably the same as telling them to start eating right or exercising. Everyone knows that they have to do this, many are planning to start from the next Monday, but almost no one gets to real action.

You can ignore all other tips, but please listen to this. Make backups! There is no excuse for not making backups in OS X. It includes Time Machine, perhaps the most convenient and simple tool for creating backups, and buying a second hard drive to store them is not that difficult and expensive. Time Machine at the first connection will prompt you to configure it, and in the future everything will happen automatically, even without your participation.

Using Time Machine is like using seat belts in your car, without them you can, but very dangerous.

Creating a disk image (clone)

Time Machine is great, but don't stop there. If you want to be completely safe, you must have a system partition image of your hard (or SSD) drive. It is an exact copy, in other words, a clone of it that you can use to boot your computer if your main disk gets damaged in one way or another. This can be done using Disk Utility as well as using third-party applications like SuperDuper or Carbon Copy Cloner.

Using Time Machine and a disk image can be compared to the seat belts in a car and good insurance covering all accidents.

Backup backup

If you look at things with even more skepticism, it is worth noting that keeping backups in your home may not make sense if you consider the possibility of theft along with the main computer or damage during a fire or other natural disaster. The way out of this situation is to store your backups remotely, which can be organized in several ways.

The easiest way is to create two backups and take one of them to a safe, remote location, such as work or your friend's home. Starting with OS X 10.8, Time Machine makes it easy to use multiple disks for backups, so this won't be a problem. This way you will have one local backup and, just in case, another in a safe place.

There is a certain disadvantage in this, namely that you will have to periodically update your backups, which, in turn, will create inconvenience with all this fuss with hard drives and their movement. A more elegant solution would be to use special applications or services for remote backup. For example, BackBlaze, CrashPlan, Mozy, Carbonite, JungleDisk or any other that will create remote backups of your data in real time.

Cloud for your most important files

In fact, clouds, for example, Dropbox, are not backup tools, but they can offer several interesting things related to the security of your data.

Firstly, as soon as you save any document in your Dropbox folder (or any subfolder), it will be immediately copied to the cloud. This means that after a few seconds (depending on the speed of the Internet) you will have a remote copy of the file you were working with. For example, if at 10:15 you typed a document, and at 10:20 you spilled coffee on your laptop, your work will not be lost and you can restore the document from the backup at any time.

Secondly, Dropbox will also help in cases where your computer may be damaged or those very important files may be deleted. Dropbox keeps a version of all changes for each of your files for 30 days. Therefore, you can easily compare versions of documents, find the latest uncorrupted version and save it using the web interface. In addition, there is one additional Dropbox feature with the eloquent name Plyushkin, available in a paid subscription, which allows you to restore different versions of files from Dropbox even after 30 days, which actually means storing them for an unlimited period of time (works as long as you pay for function).

Damaging files can be a more difficult problem than deleting them, so the ability to restore previous versions is actually a very important feature that helps a lot. In principle, Time Machine does the same thing and with its help you can restore previous versions of the files you worked on, but there is one drawback - it only makes backups once an hour, which can be catastrophically small if you are actively working with files and documents.

If you belong to the category of skeptics who tend to exaggerate the likelihood of a particular threat, using data encryption can be advised as an additional precaution. You can do this for free using native tools (Disk Utility) or use a third-party solution like Knox. And yes, instead of Dropbox, you can use any other cloud, be it Google Drive, SkyDrive, or anything else.

Tip # 2: Don't Install Everything

Now let's take a look at malware threats and how you can fight them.

Most often, all these worms, Trojans and other byaka get to our computer through our own negligence. Often we (or someone else) install them thinking that they are some other software. If I wrote a primitive Mac application with minimal functionality and convinced you to use it by entering your password, I could do a lot on your computer.

Once you find some high-quality and expensive application on torrents that you don't want to buy (or can't afford), it's very hard to resist the temptation to download and install it. As an excuse, we usually tell ourselves that we don't use it often enough to buy, or that we need to try it before buying. One way or another, the problem is that you simply do not know what exactly you are installing. It could be a “safe” version of a jailbroken app, or it could be an app that installs some malware on your Mac along with the one you crave. Thus, as soon as you start installing apps from untrusted sources, you are at risk. What to do in this case?

Use the Mac App Store, which Apple promotes as a safe place to buy and install apps. There are a lot of free applications here, and the price of paid ones is not so high in comparison with the possibilities they provide. We cannot say with 100% certainty that malware will never get into the Mac App Store, but there this probability is reduced to a very negligible percentage.

Use software from trusted developers. Along with the Mac App Store, the security of which is achieved by the many restrictions that Apple fetters developers, there are many decent and functional applications outside of it, precisely because of these restrictions. Nevertheless, I am constantly installing various third-party applications, doing so with complete peace of mind, as I take some precautions.

Starting with OS X 10.8 Lion, Apple introduced Gatekeeper, which is an additional layer of anti-malware protection. By default, Gatekeeper only allows you to install apps from the Mac App Store or from trusted developers who have paid $ 100 for a developer license and can sign their apps with a special cryptographic key to ensure they haven't been tampered with. In theory, an attacker could create malware and, by signing it, buying a license for $ 100, distribute it on their website. In practice, however, such a scenario is highly unlikely.

It is more likely that you will run into a situation when the application you need is unsigned and the system will warn you that it was created by an unaccredited developer. This is where things get tricky because the app can be good and built by a bona fide developer who didn't sign it for any reason. This may be an old application that was created before Gatekeeper was introduced. Or maybe the developer created his application in his spare time or for non-commercial purposes, not wanting to buy a license.

A reasonable person must weigh the implications and the potential for the application to be malware. Well, don't forget about elementary logic. Has it ever been reviewed by respected Mac resources? Is this really a famous app? Stay away from attachments that are distributed by email or posted on a page in the middle of a forum.

Tip # 3: Read First, Install Then

No, this is not about boring licensing agreements, as you might think. I would like to stress the importance of staying up to date with the latest Mac news, which will surely mention any vulnerabilities or malware if they appear, as this topic is always widely publicized.

This doesn't mean you have to update your RSS reader every 15 minutes or read a bunch of Mac sites. It will be enough to run a glance over the headlines once a day to stay in the know. Also, don't forget to read the reviews of the apps you intend to install. We try to review all popular applications and novelties, so you will only need to use the Macradar search.

And in conclusion to this point. As in the case of beta versions of the OS, do not rush to install new utilities or applications among the first. Let technical experts, columnists and journalists risk their computers. If you find something interesting, but still for some reason doubt whether to install this application or not, just add it to your bookmarks and check what the thematic resources have to say about it. In 99, 99% of cases, everything will be fine and these doubts will be in vain, but you do not want to be the same 0.01%, right?

Tip # 4: Do you need an antivirus?

My answer is no. Is it possible that in the future, Mac users will be forced to use constantly running antivirus and malware detection tools? Yes. How likely is this? Negligible. Unfortunately, real-time malware detection applications have proven to be ineffective. And, in fact, OS X does not have such an abundance of threats to defend against.

However, if you insist on the need for an antivirus for your Mac, you can try ClamXav or Sophos. But just choose one thing and in no case run both antiviruses at the same time, as this will do you more harm than good.

Just the next time you see a mention of an imminent threat to the security of your Mac and the need to use specialized antivirus software, check if the author of such statements has anything to do with the development or sale of that same antivirus and everything will fall into place.

Tip # 5: use built-in tools

Apple has earned itself a reputation for being very concerned about the security of its products and user data, but times seem to be changing and there are little shifts in that regard. We now have some security-related options, centered under the Protection and Security section of System Preferences.

In addition to the options for prompting for a password and encrypting the system drive, there is a Firewall and Privacy tab, which we are interested in:

• in the tab Firewall you can enable and configure it accordingly to block unwanted incoming connections from outside. He will also show which applications indulge in this. You can allow or suppress such attempts, as well as manually add applications here that you prohibit from accessing the Internet.
• in the tab Confidentiality you can track which applications have access to your contacts, calendars, accounts, etc. by a similar principle. And also set up access, limiting it to those applications that you do not trust.

Tip # 6: make Safari more secure

There are several options that you can change to make your online experience more secure. First, open the settings (⌘,) and on the General tab, uncheck the box Open secure files after downloading.

Also, keep in mind that Adobe Flash is often affected by security vulnerabilities. I am certainly not telling you to remove it completely (although it would certainly be better), but it is highly desirable to stop the automatic launch of various plugins on sites. This can be done in the settings, on the tab Security - Internet plugins - Customize website.

Another potential vulnerability in Safari is Java. I didn't notice that I use Java scripts a lot in Safari, so I decided to just turn them off. If you are a regular user, then you can most likely do the same. This is done on the same tab. Security in Safari preferences. Many will consider this to be an extreme, but since we are talking about security, it was worth mentioning.

I also recommend using the useful extensions ClickToPlugin and ClickToFlash, which will not only protect you from unwanted banner ads, but also save your Mac's battery, adding some half an hour or an hour to the total battery life. This way you can control the playback of the content yourself, it will be a more balanced and reasonable approach.

Tip # 7: Reasonable Defense

For those who have read to the end, I have one more piece of advice to help you protect yourself from malware. To understand it, you must have an understanding of how applications (and background daemons) are launched after you turn on or restart your Mac.

For example, as soon as you log into your account, some applications will immediately download and start working. Their list can be seen in the system settings, in the section Users and Groups - Login Items:

However, some small utilities and daemons that also start automatically do not appear in this list. OS X has several system folders where applications and utilities are placed that the system will automatically load at startup. Here they are:

• ~ / Library / LaunchAgents
• / Library / StartupItems
• / Library / LaunchAgents
• / Library / LaunchDaemons
• / System / Library / LaunchAgents
• / System / Library / LaunchDaemons
• / System / Library / StartupItems

I checked these folders on my mac and found about 400 files in there. This is not a cause for concern, since files are located there that are responsible for launching the installed ones I need, as well as system applications that do useful work. However, this is often where malware developers try to hide it.

What do we do when our computer starts behaving strangely? You will most likely reboot it, right? This is a very important point, because the first thing you have to make sure, whether you are the developer of some worm or virus, is that your "creation" will be loaded at system startup after a reboot or power-up. To prevent detection, the first time the malware is launched, it will not take any action, immediately after rebooting.

Why am I telling all this? The point is that there is a great way to keep track of everything that is added to startup and see what new applications and daemons have been added there. Obviously, you have no idea what the purpose of all those numerous files contained in the startup folders are, and which of them are malicious. Our poppies will do a lot of useful background work and you don't have to worry about a lot of daemons at startup. It can be compared to your basement or closet. You have a lot of all sorts of things stored there and until the moment you put things there, you do not care. But if someone else puts their stuff in there without your knowledge, you will want to know about it.

The guys at Computer Incident Response Center Luxembourg (CIRCL) have created a useful free utility that monitors any entry added to the startup list, be it an application or a daemon. After installing it, as soon as any application adds its files to the specified folders, you will receive a notification and even then you will be able to understand whether this application is useful or harmful, after which you can make a further decision.

However, keep in mind that absolutely all records will be detected, including useful, completely harmless applications. You don't have to worry about the decrease in the performance of your mac due to such monitoring - it will hardly be felt, since monitoring will only take place on a few folders, and not on the entire contents of your disk, as is the case in antivirus software. Again, this is not a 100% guarantee of protection, but a reasonable precaution to take advantage of.

Do not panic

Despite all the warnings about the "inevitability" of malware threats in OS X, this problem is more far-fetched and not true. I am not saying that you should ignore all the recommendations, but at the moment there are no critical threats. What would be nice to do right now is to take care of preventive precautions in the form of backups and, above all, be guided by logic and common sense.