How do I keep my Mac secure?

Keep your hands off my Mac! (laatste update: 11-03-2014)
The Mac is a secure machine. However, the reality of the security of a Mac depends how it's owner is behaving..

Instasize Online - Download Instasize for PC on instasize.org.

Some basic rules for working with the Mac in a secure way :
Rule number 1: keep yourself informed.
A virus build for Mac OS X will be world news. You can expect that news sources will easily adapt wrong or exaggerated stories about the Mac.
Instead of 'usual' news sites you better keep an eye on Mac specific news sites as Macintouch.com, Macworld.com or even IT news sites as Slashdot.org. For the relevant news about the Mac!

2. Advertisements who pronounce your Mac has to be cleaned or relieved from malware: all bullshit. Don't buy it!

An advertisement for our Windows friends...
2. Passwords:
Use different passwords for all the accounts you have like email, Facebook, Mac OS X, etcetera
NOTE: a well chosen password has also numbers and special characters a board.

Rule 3:

Don't let yourself be lured by advertisement who say your Mac needs to be cleaned. Here's a good website with facts about the 'dirty Mac' :http://www.thesafemac.com/the-myth-of-the-dirty-mac/
NOTE: MacMiep can't control the advertisements on this website. Without advertisements, this website cannot exist.

Rule 4:
Use legal software. The best ways to download your software securely are the App Store and Macupdate.com

Other rules

- In Safari, uncheck the box 'Open "safe" files after downloading' to prevent accidental downloading and starting files you didn't want.




- In Safari, at the Preferences, keep at Security the "Warn when visiting a fraudulent website" checked on!



- Never open unknown files you get through email.

- Never use an email to visit a link to a financial website (bank, PayPal, eBay, iTunes etcetera) or a website where you are supposed to log on to do a financial transaction.

- Keep your system updated through Software-update. This setting is also default setting.

- Keep your Mac recognizing well build software: Go to System Preferences=> Security & privacy
and be sure that 'Mac App Store and identified developers' is checked on.



- And finally: never enter your Administrator password without thinking first.
Do I need this?
- Only install Java when you explicitly need it (more about Java later).

SWITCH-TIP
Don’t panic
- This tip is for the Switchers: DO NOT PANIC! Don't think of a virus or Trojan when your Mac is in trouble. Also realize that even a computer as safe as a Mac is not totally on-vulnerable. Every program contains programing errors. That's because programers are human.

- Secure your Mac against attacks from the outside - the Firewall.

What is a Firewall?
A computer in a network communicates with other computers through so-called 'Ports'.
Every port has a number. Some port numbers are reserved to certain protocols and programs. Traffic on the Internet, for example, goes through port 80, Email port 25 and FTP port 21.
Ports who are not used (thousands) can be miss used by hackers and Worms. So it is obvious that you should close those ports. This is what a Firewall does.
A Firewall is a piece of software (or sometimes hardware) that lets the computer use only those ports its user approves of.

Firewall in Mac OS X
There's a Firewall in Mac OS X. Go to System Preferences => Security & Privacy. Turn on the Firewall at 'Firewall':




Editing the Firewall
Experienced users can edit the Firewall by clicking the + button. This can be useful to specific P2P programs or other server programs.

Get an insight in what's open
You also can see here what software needs what ports to be open. Most software 'calls home' to check on legality and updates.

Stealth mode

At' Advanced' you can choose to go Stealth:



NOTE: Most internet modems and routers do have a firewall a board. Often it can be configured through a webpage. Please read the user manual or your modem / router.
Malware: Trojans
Since Mac OS X was introduced in 2001, a few so-called 'Trojans' have been created.
A Trojan is software that secretly installs itself during a normal software installation by the User.
Most Trojans hide themselves in illegally aqquired software. You do need to give an administrator password at installation, and this way the Trojan gets into your Macs system. This way the name 'Trojan' suits. The Trojans opened the door and let the Greeks in themselves, remember!
More about Mac Trojans here:
http://www.macfreak.nl/nieuws/23786/alles-over-de-backdoorflashback-trojan/

Downloading thrustful software
Go to System Preferences => Security & Privacy.
At 'General' you can see three options at 'Allow apps downloaded from'. The safest way is to check 'App Store' only. But you can also choose 'App Store and identified developers'.
Apple gives out certificates to software makers. With this certificate they can show that their software can be trusted.



As soon as you download software that isn't certified, you'll get this pop-up:


'Anywhere'
Only use this setting in case you know exactly what you're getting your Mac into!


Downloaded software popup
As soon as you start up a downloadedd program, Mac OS X will give you notice that it's a downloaded program. So you can check whether you really want this program. Are you in doubt? Don't open the software and check your sources!



App Store is always ok
You should download as much software as you can through the App Store. This is not only easy, but also secure.
The same goes for certified developers, although a certificate is only 99 dollars and can be mis-used. But in that case, as soon as Apple finds out, the developer's certificate is kicked out.

Other good download sources
Better use well known download sites as MacUpdate.com to get your software.

Malware notification

It might be possible you get a popup like this:



Mac OS X found Malware on your Mac. Throw it away immediately and empty your Trash also immediately !



Malicious websites
Apple's technicians keep an eye on what websites are malicious. This information is automatically updated to your Mac, als long as you keep the default settings of Software Update on..

NOTE: Please realize that there always is some time between they find out about a bad website and the update.

Also Google warns you for malicious websites:




Scareware (= just to make you scared)
It might be possible that some day you enter a website and get popups like this:








They assure you that something's wrong with your Mac and keep insisting when you want to leave the webpage... oh oh...
Off course the website offers you nice software you can use to clean and repair your Mac. Well, that sounds really sweet... but are they really that nice and is my Mac really infected or damaged??

NOPE.

Don't buy this kind of crap. It's all fake and their only goal is to make you scared and run their program and then get your credit card data and so on.
People who do this should be spanked!

Malicious websites, part two
It doesn't need to be the website itself that is malicious. Sometimes a banner can contain malicious software, or the website was hacked without the owner knowing this.

NOTE: Most of the time this kind of malware is aimed at our Windows friends. But beware, the increasing popularity of the Mac also makes us vulnerable.

Pay attention!

Scareware or ransomware
You could also get a message like this. It's fake! Do not pay attention to it and leave the page or quit Safari.




Phishing

Regularly, I get emails that ask me to check my bank account, take part in a security update, log in into iTunes or PayPal... blah-blah-blah. Sometimes the Dutch is very bad, sometimes the email looks as real as if it came from my bank.
These kind of emails are called ‘Phishing mails’. The link(s) in these emails lead to a fake website that looks like it's the real one. DON'T GET FOOLED BY THIS.

Download Android Emulator Genymotion for free http://android-emulators.com/genymotion.php for PC (Windows).


WARNING
Never use a link in an email to visit the website of your bank, PayPal, iTunes, or any website that has to do with logging in and paying money.


Tips against fake internet addresses in Safari
-
Never use a link in an email to go to a website
- Pay attention to the address at the top of your browser. .
- Check if the site's name is in green characters in the address bar with a key chain included.



NOTE: This key chain means that there's a secure connection between your Mac and the bank. It's called a HTTPS connection. This way, your communication can't be read by someone else. NSA excluded...

- When you are sure that you are at the right website, make a Bookmark. From now on, always use this bookmark to visit the site. Now you are sure that you'll end at the right website (at least when you did it right the first time).

Extra security software
ING distributes a program called Trusteer Rapport against Trojans and other Malware. It's a browser plug-in that monitors your website connections and warns you if anything's not right.

Anti-virus software
MacMiep never has used a anti-virus program since Mac OS X was introduced (2001). As there still are no viruses (spontaneous spreading malware with no need of user aprovement) for Mac OS X, she wouldn't advise one too.
What kind of software MacMiep does use, you read as a TIP.


TIP
Other kinds of security software
Since the launch of the first Mac Trojan software, MacMiep uses Little Snitch.

What does Little Snitch?

Little Snitch keeps an eye on all your in- and outgoing network traffic. There's no program or other thing that Little Snitch doesn't see. It will immediately tell you about the attempt. Then it's to the user to refuse the connection or allow it. And this you have to do often, at least in the beginning!



And this is also the reason MacMiep wouldn't recommend this program to beginners. Because Little Snitch sees it ALL. And because most pop ups are not clear what or why this connection is being asked, it's not for newbies. Automatically clicking 'Allow' isn't a good idea.

TIP
Java

This is a language in which certain operating system neutral programs are being written.
Problem with Java is, that it contains a lot of security issues. So only install Java in case you can't use another program. Download Java from Java.com

TIP
Turn off Java in Safari

During surfing the internet, most of the time you don't need Java (Java is NOT the same as JavaScript!!). It's wise to turn it off. Go to Safari menu=> Preferences => Security.



TIP
Turn off Java

Go to Applications => Utilities => Java-preferences.

Removing Java
https://www.java.com/nl/download/help/mac_uninstall_java.xml

TIP
Heavy duty security for your Mac
There is a way to completely close your Mac for others. This goes deeper than the login system of Mac OS X. It's the Firmware password. With this, you make your Mac unusable for anybody who doesn't know the password. You have to login even before Mac OS X is booting up. This is because the password is stored into a chip on the motherboard. In the hardware of your Mac.
Lost your password? No help available.


TIP
Installing Firmware password on a Mac

Boot from the Recovery partition*.
Choose in the Utilities menu => Firmware Password Utility.
*This is explained in the HELP! chapter.



Without a firmware password, your Mac won't work at all.


What if my Mac get stolen?
Let's be honest, a Mac is a favorite for thieves. A program that might help you in case your Mac gets stolen, is Undercover from the Belgium company Orbicule. They can trace your stolen Mac, but also let the build in webcam make pictures of the thief. Eventually, the Mac is made in-usable and the thief has to take it to a dealer to get it repaired.
Undercover is also available for iPhones and iPads.



Lock your Mac

All Mac's have a special hole in them where you can attach a computer security cable. This won't prevent your Mac being stolen, with blunt force a cable like this won't stand, but at least the Mac will be damaged at the outside. It will be clear that the Mac has been stolen.


Take a cat!
Cat's are very protective regarding their owner's Macs. And they are armed!
Tippy is watching over his Grandpa's MacBook...

More about Privacy in Mac OS X

Disclaimer: MacMiep is independent. This means she writes what she wants, based on 20+ years of Mac-experience. She doesn't get paid for stories (positive or negative) on this website.