Daniel’s Mac Security Guide

Last update March 11, 2016

Mac / OS/X Security Recommendations

  • Keep your software up to date.
    • Always update your Apple software from the Updates section of the Apple App Store.  Click the Apple icon on the top left of the display, select “About this Mac” and click on Software Update.  Never update by way of a link on a webpage or an email.
    • Update non-Apple software from within the application or from the company’s web site.  Beware of extra or bonus software downloads during updates.  Oracle’s Java updates are notorious for installing unnecessary toolbars.  Less scrupulous companies are often the source of unwanted add-ons that can steal data or show unwanted ads.
  • Make Time Machine backups
    • Select the option to encrypt backups.
    • Keep at least two backups each at a different location and at least one disconnected.  See my article on The Dangers of Cloud Sync.
  • Install anti-virus software.
    • I have used  Sophos Home, a free AV program for Macs.  Sophos.com
    • Avast Business End Point AV is another great choice for small business with a cloud based dashboard monitoring feature.
    • Install anti-malware software
  • Set a login password for your Mac
  • Keep your Mac behind a good firewall.
    • Most home routers have build-in firewalls.  Make sure it is set up correctly and keep the router software up-to-date.  See The Easy Guide to Updating Your Router Firmware.  If your home router company stops publishing regular firmware updates it’s time to throw away the router.  Try to avoid ISP provided modem + Router + WiFi hardware.  A separate modem, router and WiFi are much easier to secure.
    • If your ISP only provides combo units, have them configure the device in “gateway” mode and don’t use their router or WiFi functions.
    • For better performance and protection consider a business grade solution such as pfSense from Netgate.  pfSense is available in a community edition as Open Source software.

General Internet Safety:

Most malicious software gets installed when you do something, not on its own.    Always remember that email can be forged.  Just because it says it is from someone you know does not mean that is is or that they sent it.   For example, if you get a mail message that says “From: Microsoft” and has a link to click that will update Microsoft Word, DON’T. Similarly for mail that appears to be from PayPal, eBay, or your bank.

If you’re browsing a web page and you get a popup window that wants you to update your Flash player, DON’T. (There are multiple fake updaters for Flash, some spread via Facebook.)  If you receive an email from your  bank with a low balance warning or any message that would cause you to want to login to the site NEVER click on any links in the email.  Always go to your browser and type the full URL of your bank – https://mybank.com.  Make sure the site is authentic by checking for the security lock icon in the address bar.

The most common attack I have seen during the last year is a browser hijacker.  A browser hijacker (sometimes called hijackware) is a type of malware program that alters your computer’s browser settings so that you are redirected to Web sites that you had no intention of visiting.  Browser hijackers are often installed together with other desired software as “extras” such as search or shopping toolbars.  Once installed they can be quite difficult to remove.  Some hijackers include very dangerous functions such as key logging or keyboard capturing, the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored.  A key-logger can capture website login names and passwords opening up online banking and other sensitive sites to the attacker.  Most just take you somewhere you don’t want to go to generate revenue for the attacker.

Once your browser starts acting strangely IMMEDIATELY stop using it.  The following links provide step by step removal instructions.

https://malwaretips.com/blogs/remove-mac-os-x-virus/

Another common cause of these symptoms is a DNS hijack.

Good detailed article about Mac malware from HowToGeek.com