The special security risk for MacOS owners is complacency. Macs don’t get successfully attacked as often as Windows computers. This is partly because the OS is built on a solid Unix base, but it’s also that Macs are a smaller target. Relative obscurity doesn’t guarantee safety.
The Mac has the advantage that Apple controls not just the software but the whole package. This makes it less likely that computers will come with malware already on them, such as “Superfish” on Lenovo computers a few years ago. It allows faster fixes when problems appear, since they only have to be tested on a few models. Still, the amount of Mac-specific malware and the list of known security issues have grown significantly in the past few years.
Sometimes Apple has copied Windows’ mistakes. MacOS now hides file extensions by default, making it easier for malicious files to impersonate harmless ones. To undo this, open the Finder preferences, click “Advanced,” and make sure “Show all filename extensions” is checked.
Staying safe with Macs
The security measures are broadly the same as with any other operating system. Keeping the OS up to date will ensure that it has the latest security fixes. Installing only trustworthy software will avoid problems. All software needs be updated regularly.
The choice of system preferences makes the difference between a secure and a dangerously open computer. Conservative system preferences offer safety. Outside access should be enabled only when it’s really necessary.
- User and iCloud accounts should have strong passwords. The best way to make a password safe is to make it long, at least 10 characters, and hard to guess.
- Disable any Sharing options that aren’t necessary. This often means turning them all off. Sharing means letting the Mac give information to other machines; accessing the outside world from the Mac doesn’t require Sharing.
- Turn on the Firewall. In most cases, “Block all incoming connections” is the right choice. It actually doesn’t block all connections, but allows the ones needed for basic Internet services.
- Enabling FileVault encryption protects the computer from physical theft. Someone who steals a computer can put its drive in another machine and read it without knowing the passwords, unless the drive is encrypted.
- Enable browser security features. The details vary for each browser, but the major ones offer warnings against risky sites and features.
Keeping malware out isn’t quite the constant struggle it is on Windows, but using security software will make a Mac considerably safer. A good selection of software is available, and some of it is free.
The majority of attacks on desktop machines come through email and websites, not rogue applications. Staying safe at these points is vitally important, and it’s largely the same on any operating system.
Browser plugins are cross-platform software. Users shouldn’t install them indiscriminately, but should stick with ones that have good reputations and perform a useful task. Flash is inherently risky, and the latest versions of browsers discourage its use. The default setting is generally to allow it only with the user’s permission. Users should think twice before letting an unfamiliar site run Flash. Either keep Flash rigorously updated, or disable it.
Laptops are riskier than desktop computers, simply because there are more chances to steal them. FileVault encryption is practically a necessity on a MacBook, and strong passwords are even more important than on desktop machines.
In the Security & Privacy settings, under “General,” password entry should be required very shortly after the start of sleep or the screen saver, and automatic login absolutely has to be disabled.
A physical lock might not be a bad idea. You can lock the machine to a desk or other solid object when it’s in one place for any great length of time.
Don’t take security for granted just because you’re using a Mac. The risks aren’t as great as with Windows, but they’re still there. In 2017, alertness and care are necessary to keep any computer safe.