Everyday Mac Security Tips
We've written before about how Mac users shouldn't be complacent about security; the old adage that Macs 'Don't get viruses' is just not as true as it used to be. It is true that Macs have certain advantages over PCs when it comes to viruses, malware, trojans and spyware, but there is still some risk and it's naive to assume that it couldn't happen to you.
One rather graphic illustration of this occurred in February, when it was discovered that a bug in Apple's SSL encryption code meant that data sent via a shared and unsecured WiFi hotspot (perhaps a cafe or other public place) was not secure even if encrypted by your Mac. There is a patch for this (whether you are running Mountain Lion or Mavericks) so to check that this vulnerability is not on your machine by going to the Mac App Store and clicking 'Updates'.
What else could you do to make sure you don't become a cautionary tale?
Use your (free) Firewall
This is a built in feature and should be on. To check, navigate to 'System Preferences > Security & Privacy > Firewall' and make sure it's on.
Let Gatekeeper do its job
Another built in feature stops software written by developers that aren't approved by Apple being installed or run. We'd recommend that you use the strictest setting here and individually approve the apps that you want to run and are sure are safe. So navigate to 'System Preferences > Security & Privacy > General > Allow Applications Downloaded From > Mac App Store and Identifed Developers' to set up the protection. If you're 100% sure that an app is safe (and you can check by Googling "[app name] malware/virus/spyware/trojan/problems" or similar) then CTRL click and choose 'OPen' to approve the app.
Let XProtect do its job
XProtect is another built in feature that updates itself and scans your Mac automatically. If you get a warning that a download will "damage your computer" then don't download - delete the file. If you get a warning that a browser plug in is disabled, then don't enable it. This is because the most common way to compromise your Mac is by Java or Flash. To disable Java (or Flash), navigate to 'System Preferences > Java (or Flash) > Security' and uncheck 'Enable Java Content In The Browser'
Virtually all exploits are fixed by installing the latest OS or app version, so navigate to 'System Preferences > App Store > Automatically Check for Updates' and also check the three boxes underneath.
If you're on Mavericks, take advantage of iCloud Keychain
Keychain is a free tool in OSX that syncs across diffent devices running Mavericks and stores your different passwords, so that they can be auto-entered for online and offline services (for instance you can use this facility to lock your WiFi). If you create a code to access Keychain, then it will automatically backup all information in iCloud. To enable this feature, navigate to 'System Preferences > iCloud' and tick the 'Keychain' box, then click 'Use a Complex Security Code'. This will enable you to enter a phrase as your password - easy for you to remember, hard (if not impossible) to crack. Next enter your mobile phone number: any problems and security codes can be texted to you should you lose access.
Consider Antivirus Software
We've previously reviewed free antivirus software by Norton and Avast, and Sophos also have a free offering that is worth checking out. However, to now we haven't mentioned the rather excellent free app from Sourcefire VRT called ClamXav 2.
The trouble with many anti-virus apps is that they can be rather intrusive. They monitor your system constantly and run without your permission, kicking in when you go online, download files or check your email. This is very safe, but can be rather annoying too. ClamXav 2 does it rather differently; you can choose whether to scan on demand (and you can pause and resume the scan as you see fit), and you can choose specific folders, drives, or user accounts to scan. If ClamXav2 finds any suspect files it will explain the risk posed and offer you ways of dealing with the file(s). Its definition database is updated daily. Read more about the different ClamXav versions and download here.
back to Security