Protect your Mac!
Apple Macs are more secure than PCs but are not invulnerable. With a few simple measure you can make them even more resistant to malware.
The recent announcement of a new Mac malware called SpectraBlur has caused the usual hue and cry about how Macs are unsafe; Macs are no different from PCs when it comes to being compromised, etc. Don’t fall for it.
The Mac OS has many default security and privacy measures built in, and Apple is constantly innovating and adding more. In addition, statistics of incidents show that Apple computers are far less likely to be infected by malware.
However, despite these advantages, Apple Macs are not invulnerable to malicious actors. If you are a Mac user, here are some simple and no-cost ways that you can improve your odds of not being a victim of malicious software:
Think before you click! All the rules about phishing emails apply equally to Mac and PC users. Be careful of any URLs you click to make sure that they lead to legitimate sites, never install applications from attachments that you are unsure of, and finally, don’t click on attachments in general if they are not expected.
Turn on your protection! Make sure that the protective features that Apple provides are enabled. The relevant ones are:
Having a complex password for all of your accounts on your Mac (and everywhere else for that matter - also never reuse passwords!). You can easily manage your complex website passwords using Apple’s built-in Keychain password manager. It will prompt you to create complex random passwords when you are creating accounts on new sites and will then autofill them in the future.
Make sure that you keep your Mac up to date. In Settings/Software Update, you can set your Mac to auto-download and prompt you to install both operating system and application updates.
Make sure FireVault (disk encryption) is turned on. With the latest macOS releases, this is now on by default.
Likewise with Gatekeeper. This used to allow you to disable it and install non-signed applications. Thankfully, this now restricts application installs to either Apple Store applications or Apple Store and identified developers.
Protect your admin rights! An easy way to harden yourself against malware on a Mac is to ensure you are not running as an administrator (which is the default if you are the only user and set up the computer yourself). Create a new user account, call it whatever you want other than “admin”, and assign it administrator rights. After doing that, log in using that new account and downgrade your existing account to a Standard user — reboot and then log in using your usual account. You should notice no difference, except you will now be promoted to use the admin account credentials whenever you are performing an operation that requires these privileges, such as installing new software. If you get such a pop-up in the future that you do not expect, it could be a sign of malicious activity, which you can then deny.
Add some extra protection! Patrick Wardle, through his foundation Objective-See, has been a leading researcher in macOS security for almost a decade and has developed numerous free and highly effective security tools that you can use to enhance Apple’s built-in security features. If you are willing to put up with some additional prompts and notifications, the ones I recommend considering are:
BlockBlock - monitors common persistence locations and alerts whenever a persistent component is added (an action most malware takes).
KnockKnock - which you can use to uncover already persistently installed software that might be malware.
LuLu - an outbound communication firewall that alerts you for approval when software makes new connections to external sites. This is initially noisy but will settle down once you tune it to your environment.
Patrick makes several other useful security tools, but these are the top ones I suggest, at least initially.
So, depending on how far you want to go, with a few simple steps, you can make the already strong macOS security even stronger. Items 1-3 are no-brainers. Go for 4 if you are more technically inclined.