Many would argue that Macs and the macOS operating system are already relatively secure. The general argument is that since there are far more Windows machines than Macs, hackers tend to focus on breaking into Windows more. Others might say that Macs are more secure because they are based on UNIX. But the reality is that Mac owners can become just as vulnerable to hacking as PC owners are.
A Brief History of Unix
First, the reason that Macs are more secure (but only in the general sense) is that macOS is based upon Unix. Unix was first developed by Bell Labs researchers Ken Thompson, Dennis Ritchie and other members of their team. It was originally meant for the company’s own systems, but eventually, AT&T decided to license Unix for use by third parties.
After selling the rights to Unix and selling off the business, control of the UNIX trademark was handed to The Open Group, an industry consortium for IT services. Unix is characterized as having a modular system design, where apps and tools are self-contained and run on top of what is called a “shell.”
The way that Unix is structured in regards to user control, administrative accounts, and general design make systems like macOS inherently more secure than Windows. However, that doesn’t mean that macOS is free from all problems. Although less common, Macs can still get malware just like Windows PCs.
Examples of macOS Malware
One example of malware targeted at Mac owners is a piece of software created by the infamous Milan-based HackingTeam. The virus installs HackingTeam’s Remote Code Systems platform, which lets the hacking team get remote access to your computer, enabling them to wreak havoc on your system. If this sounds familiar it is because recently the HackingTeam was hacked and had their personal dealings with shady governments posted all over the internet.
Kaspersky Lab has an article detailing ten examples of malware that have inflicted Macs over the years. The very first was called Elk Cloner and was released in 1982. Created by high school student Richard Skrenta, it infected 5.25″ floppy disk boot sectors and made a poem appear on the screen every 50 times a user started their computer. Although benign in nature, this virus paved the way for other malware to come.
Securing Your Mac
Whether you’re a privacy-conscious citizen or involved in whistleblowing and espionage, Mac security is for everyone, and it’s easy to get started.
Admin vs. Standard Accounts
This is beneficial for Windows users as well as Mac users. When you first set up a computer, you end up creating an administrative account. This is an account that has complete control over the computer, and since every computer needs one of these accounts, this will be the first account that is created when setting up your Mac.
On the other hand, standard user accounts can’t do as many things as administrative accounts, and this is a good thing. Even if you have extensive computer knowledge, everyone makes mistakes, and it’s easier to make mistakes under an administrative account. Therefore, a good way to keep your Mac secure is to use a standard user account for everything, and only use the administrative account for certain things.
Disable Automatic Login
By default, macOS enables a setting that automatically logs you in. The obvious problem with this is that it lets anyone who picks up your computer to start using it. You can find this setting and more under Settings > Users & Groups.
In addition to turning off automatic login, you could also display the login window as a name and password instead of a list of usernames. This means that if a person were trying to break into your computer, they would need to know your username in addition to your password. In contrast, if the login window displayed a list of users, the hacker would only need to figure out the password, as the username would already be posted.
Use a Firewall
The firewall built into macOS is fairly basic, but it still does a good job. All users should turn the firewall on, and there are additional settings as well. Under Settings > Security & Privacy, you can find the firewall options. A setting you will find, called Stealth Mode, is meant more for advanced users.
Stealth Mode can increase your network security. When turned on, your Mac won’t respond to standard network discovery requests like ping tools or connection attempts from closed TCP and UDP networks. It’s advisable to turn this setting on if you’re using an unsecured Wi-Fi network, but for most users, Stealth Mode isn’t really necessary.
Alternatively, you can search for other macOS firewalls, such as Little Snitch. As the website says, “A firewall protects your computer against unwanted guests from the Internet. But who protects your private data from being sent out?” The app has advanced features like giving you a dashboard of network traffic, a “Research Assistant” that gives you information about system processes, and a lot more.
Turning on FileVault should really be step one because you’ll be prompted to turn it on when you first set up your Mac. FileVault encrypts your Mac’s hard disk by using full-disk encryption (FDE).
When you turn on FileVault, you’ll be asked to create a password for the encryption. Be sure to store this password in a secure place, such as a password manager. If you forget this password, you will be unable to recover your data. The upside is that hackers won’t be able to break into your computer so quickly.
Additionally, turning on FileVault lets you use Apple’s Find My Mac feature that lets you remotely wipe your drive if your computer is stolen. Encryption takes a lot of work so when you turn it on, be prepared not to use your Mac for a while. Remember to keep your computer plugged in because once the Mac starts encrypting itself, it can’t stop.
Use Antivirus Software
It’s a myth that Macs can’t get viruses and other malware. Using antivirus and/or anti-malware software is important. Some great examples are:
- Kaspersky Internet Security
- Panda Antivirus
- Trend Micro
- Sophos Home
Camera & Microphone
For the über paranoid, there’s always the option of covering up your Mac’s webcam and microphone. Recently, a photo of Mark Zuckerberg was posted by him online, and astute viewers pointed out that he had taped up his webcam. You can use a piece of tape, special products that can be found online, or you can use a trick that I discovered a couple of years ago: AppleScript.
In short, AppleScript is a scripting language by Apple that is built into the Mac operating system. While not as powerful as a regular programming language, AppleScript allows users to carry out various tasks and create scripts. There are a set of default scripts available, like printing scripts and folder actions. But there is a script used to disable your Mac’s webcam on a system level, so there is no need to tape it up.
First, you can find the AppleScript Editor by typing it into Spotlight. Download the script, called iSightDisabler 5, from GitHub. Once the file is downloaded, just double-click on it to open the file. It provides easy one-click access to enable and disable your Mac’s iSight camera.
Once you disable it, confirm by opening up an application like PhotoBooth. You should see the message: “There is no connected camera.” If you change your mind or need to use a video chat app, just open up the script again to enable the webcam once again.
Computer security can be a lot of work sometimes, but in this day and age, it remains more important than ever. With banks getting hacked, governments hacking other governments, and hackers attacking governments, it’s imperative to keep your data and devices safe.