How To Make MAC more Secure

How to Make Your Mac More Secure

Apple already has a lot of security features baked into the Mac. From its strong, well-tested Unix foundation to the built-in privacy features of OS X, it’s one of the most secure operating systems available to consumers. A lot of users, however, make mistakes in their daily usage that can severely compromise the security of their Mac. We’ll show you these pitfalls and help you lock down your Mac to make your privacy, digital information, and even your hardware less likely to be compromise, covering everything from user accounts to the physical security layer of your computing workflow.

Securing Your User Accounts

It has been said that a computer is only as secure as the user. That’s why we begin our journey of making your Mac more secure here: if the user level of your Mac is left unsecured, then you are vulnerable to unwanted access to your machine. Let’s look at how we can make this part of your computing workflow safer.

Setting Passwords

The first line of defense in any computer system is to secure your user account with a strong password. When someone has access to your user account, they have access to all of your files, your browsing history, your applications, and sometimes even your online accounts and passwords (if they are not stored securely). This is why it is very important to create good passwords and rotate them frequently. 

Rotating (or changing) your passwords ensures that if someone were to get your password, it will not work once it has been changed. For system account passwords, we recommend changing them anywhere between every six months to a year. 

If you have never set a user account password in OS X, then your system can be easily accessed by just specifying your username. This can be fixed by setting up your password for the first time. To do this, open System Preferences by going to the Apple menu and selecting “System Preferences.” Next, navigate to Users & Groups > Your User Account > Password. Once there, click on the “Change/Set Password” button. 

In the dialog that appears, enter your old password (if there is no old password, then leave this field blank), then type in your new password and verify it. You can optionally set a password hint, but ensure that the password hint only jogs your memory about the password you’ve set and does not include any information about the content of your password. 

When you’re ready to secure your account, click on the “Change Password” button. Remember this password, as you’ll need it to log into your computer and to make changes to your system. 

Enabling FileVault

Setting a password is essential, but there’s another oft-forgotten piece of the puzzle: your hard drive. Even though you’ve got a password set on your account, it controls only your login and access to your account. Files in your account are still written to the hard drive in plain sight. If someone is able to get physical access to your Mac, then they can easily read the files from the internal drive by connecting it to another machine while your Mac is in Target Disk Mode, or by removing the drive and placing it in another computer.

To solve this, Apple introduced FileVault. This feature of OS X encrypts your entire drive, files and all. This means that if someone were to gain access to your hard drive, they would not be able to read your files. The only way that the drive can be unencrypted is if someone had access to your OS X user password or had access to the recovery key. 

Setting up FileVault to encrypt your Mac is an easy process. To enable it, visit System Preferences > Security & Privacy > FileVault. Once here, click the “Turn On FileVault…” button. After doing this, you will be presented with a “safety net” passcode. Write down and keep this passcode in a safe place. If you forget your user account password, this passcode can be used to decrypt your Mac’s hard drive. 

On the next screen, you have the option to store your recovery key with Apple. If you choose to store your password with Apple, then you will be able to contact Apple to retrieve the passcode should you forget it in the future. This added level of safety means that you can still access your files, even in the worst-case scenario. After selecting your options and filling in the security information, you will be prompted to restart your Mac. This will begin the encryption process. 

Upon restarting, your Mac will begin the lengthy process of encrypting your hard drive and all of its files. This process can take quite a while, so you may want to start this in the morning and let it run all day. Depending on the size of your drive, it can take upward of 12 hours or more. The wait is worth it: your Mac will be better protected once the encryption process has completed. 

One difference with your Mac that you will notice is the startup: on the Apple boot screen, you will now be prompted to sign into your Mac’s user account. This is due to the fact that your Mac must now decrypt the hard drive before booting into OS X.

Securing Your Web Browsing

Obviously, web browsing is one of the biggest uses of modern computing. We shop online, listen to music online, and even communicate with friends online. Most online vulnerabilities on the Mac come from social-engineering tactics designed to make you believe something is legitimate, even though it’s not. We’ll walk you through ways to battle these tactics and remain safe online. 

Disabling Java

The Mac has had very few bouts with viruses or trojans/malware (applications designed to look like something they’re not), but those that have sprung up have often originated from Java running in a web-browser environment.

IN SAFARI: To prevent Java applets from executing on pages when browsing the web in Safari, simply head over to Safari > Preferences > Security, and uncheck the box labeled “Enable Java.”

IN CHROME: Google makes disabling various plugins easy with Chrome, as well. To start, open Chrome, and type in “about:plugins” into the Omnibox (address bar). From the page listing all of the installed plugins, locate the plugin called “Java” that has a description of “Java Plug-In 2 for NPAPI Browsers.” Click the Disable link and Java will be disabled in Chrome.

IN FIREFOX: In Firefox you’ll need to navigate to Tools > Add-ons > Plugins. Once there, locate the plugin called “Java Embedding Plugin.” Click it, and then select the Disable button that appears. Depending on the version of your browser, there may also be a plugin called “Java Plug-In 2 for NPAPI Browsers” that will also need to be disabled.

 Java is a programming language that has been all but phased out by many mainstream websites, but the Java Applets (small web programs) that Java executes in the browser can pose a security risk as websites could install malware or other harmful pieces of software onto your Mac. After disabling Java, any applets that try to load a Java-based program in the browser will be denied access. You can always re-enable this feature for trusted websites, but it’s best to leave it off for normal web browsing.

Downloading Files

Before downloading any file, it’s important to keep two rules in mind: first, always check the address bar of your browser to ensure that you trust the site you’re downloading the file from. 

The next rule of thumb is to not download software via torrent websites. Doing this can greatly compromise the security of your system. In fact, one of the main causes of Mac malware is sites offering downloads of pirated software. With torrents, you cannot verify the validity of the source, and can therefore not trust the download. 

Maximizing Privacy

When browsing the web and entering your personal information, it’s always a good idea to know how to maximize your privacy and security. Just remember that anyone, in any location, can easily set up and operate a website. This is both good and bad: good because it allows a free market where anyone can express their creativity, but bad because social engineers can take advantage of that to create fake or fraudulent sites that can steal your information. Here are two ways to greatly increase your privacy and security when browsing sites. 

HTTP vs. HTTPS

Before entering any personal or confidential information (credit card info, social security numbers, etc.) on a site, you should always look to the address bar in your browser. 

If the address begins with HTTP, then this means that your browsing session with that particular server is not secured. However, if the address begins with HTTPS (HTTP + Secure), then your connection is encrypted end-to-end. Usually banks and online stores operate over HTTPS because they transmit sensitive information, such as account numbers. You should never submit sensitive information over an HTTP connection.

Invalid Certificates 

With HTTPS traffic, websites must install an SSL (secure sockets layer) certificate that promotes encryption and decryption of information sent to and from the server and your web browser. These certificates are given out by a certificate authority after the website owner has been verified. 

Safari (and other browsers) include checks to make sure that the SSL certificate that a website presents over an HTTPS connection is valid and not expired. If the certificate has expired, you will be alerted. When a certificate has expired, it is usually a good indication that the website you are trying to browse is fraudulent, except in rare cases where the website owner forgot to renew the certificate. Either way, you should never submit sensitive information to a website with an expired certificate.