+1 for Little Snitch, it's a bit overwhelming at first but totally eye-opening. After a few days you'll have a good ruleset going and it won't be as annoying.
I am a security professional and have thorough knowledge of macOS internals and the built-in security protections.
Almost all antivirus or security products on the Mac App Store should be treated with extreme skepticism. I recently saw that one of the top grossing apps was an antivirus product called Thor Antivirus. Looking under the hood, it was just ClamAV, and their claims about its protections were unsubstantiated. They probably made tens of thousands of dollars before Apple took them down in response to my report.
Several years before that, I audited SecureMac's MacScan[0], a once-popular antivirus app that had received accolades from MacWorld for years. It turns out it just checked file metadata such as modification times, and didn't even look inside.
Apple's app reviewers are not able identify bogus security products, and the result is that you might damage your system by allowing some half-baked program to run amok.
I don't run any third-party antivirus myself, but when I was investigating a piece of Mac malware, I discovered that Malwarebytes had beat me to the punch and published a great blog post on their investigation. I vaguely recall using their software to clean up a relative's Mac successfully.
By the way, at the time of writing, a program called Antivirus Zap - Virus & Aware is #6 on the Top Paid list of the Mac App Store. Antivirus VirusKiller is #41. I guarantee you they're both shit. (Antivirus Zap also uses ClamAV.)
My primary concern is someone physically stealing my Macbook or iMac. They are personal devices and the content on them would not be much of interest to others, foreign governments or other entities.
I have Prey[1] installed. On both devices, I have "admin" credentials taped to the back. The account is actually a locked down user-level account with very little authority, other than being able to get on wifi/browse the internet, etc. I suppose this would be a honeypot of sorts. My thought being if someone walks off with it, I want to be able to gather as much info on them as possible. I haven't given a whole lot of thought to this, so definitely curious if there are issues with this approach.
I more in the camp that if someone takes it, I write it off. I don't want to get my life dragged down in the minutia of "who took it, where is it". I just want to restore from (encrypted) backup and move on with my life.
Neat. I read once about someone who had their photo booth folder set with a folder action to automatically post photos to Instagram (or something). When their Macbook was nicked their feed got spammed with photos of the thief and their friends.
Wow that's a great idea to provide a fake admin account, so that you can get usage data. Could be useful even if you don't use prey if you have find my mac turned on.
Question - I used to use Prey and loved it, but stopped about 5 or 6 years ago because (IIRC) it didn't work with full disk encryption or something like that. Instead I ended up setting up a separate user and find my Mac (or whatever the apple one is called). Has this changed? If you have a couple of minutes could you tell me how you have it set up?! Thanks!
So I assume your threat model is exclusively keyloggers? It's certainly not physical access. Your fingerprints are all over the device's surface, so a determined attacker can easily duplicate them. (And to a non-determined attacker, Touch ID does not make much of a difference to passwords.)
Having your ssh key password protected would be a lot more annoying than having them touch id protected. The threat model would be someone using your Mac if you left it unlocked for a minute or something.
Little Snitch [1], 1Password [2], macOS Filevault, {BlockBlock, RansomWhere, OverSight, ReiKey} by Objective-See [3]
Few years back I was a big fan of Little Flocker, which now is part of F-Secure as XFENCE [4]. But haven't used it since its rebranding, anyone using it anymore?
What exactly is your threat model? Are you a developer of a very public software project? Are you a politician or a journalist? Or someone in HR? Or are you just an average Joe?
And what software do you use regularly? Do you pirate software?
These are important questions to answer, before you come up with how to secure your Mac.
That said, I'm just an average developer. I hardly run anything non-standard. I do make sure to not leave my laptop unlocked, but that's it.
We built a Slack bot [0] that shames (in good humor) people in the office who leave unlocked laptops unattended. We had a similar system at Twitter where we would tweet a certain codeword on unlocked laptops and it was very effective in stopping that behavior.
For me the most important aspect is the use of a VPN, security software, and the combination of multiple layers of authentication. These are of course just general good practices, but how you implement them is what's unique compared to Windows or Linux. A full list would be too long for an HN comment, but a few months ago I put together something of a reference guide listing the methods I apply to secure Macs in a roughly organized fashion. It's brief in most aspects, but but hopefully it can be of use to someone. It's licensed under Creative Commons, so feel free to redistribute it. I've uploaded it to iTunes[1], but if Freedom is a concern I can email[3] a PDF of it directly.
As others have mentioned, Little Snitch + Block Block is a powerful combination that lets you (1) see what is phoning home, and (2) know what crap apps are installing in the background.
I like to set up a lock screen message with your name/phone. https://support.apple.com/en-us/HT203580. Not "security" per say, but can help get your computer back to you if stolen.
If you're using Filevault, you may want to ensure you are not backing up your recovery key to iCloud. There's a terminal command (I think) to discover if it is.
You should also go in and show hidden files. In terminal:
"defaults write com.apple.Finder AppleShowAllFiles true"
While I strongly advise avoiding traditional "antivirus" software like Symantec, EtreCheck[1] if a wonderful diagnostic tool for checking your Mac's general health. Included in that health check is a full disk sweep for any known adware. I used it just this past year to help identify and remove some adware on my parents' computer just this past year, and would highly recommend.
Anti virus - Sophos home
Free & according to me the only real antivirus
Little snitch is excellent for severing unintended network connections
Search engine - startpage.com. This one has been excellent as I get privacy + search results same as Google
I use adguard... Very effective.
Dns 1.1.1.1 from cloud flare
I’ve been using hot corners for approximately 5 years I think. It works very well.
Just configure the top right corner to lock the computer (AFAIK it’s new in Mojave) or start the screensaver with an n-second delay for password prompt (configured separately under the screensaver tab). The delay is important because you will trigger it by mistake many times. The new lock option does not have a delay, which makes it a little less convenient.
Yeah I'm very happy with that shortcut :) others mentioned a shortcut with Ctrl-Shift-Escape, to force it to sleep. But doesn't seem to work in my case (I'm often using my MacBook in clamshell mode).
- Full Disk Encryption
- Use Little Snitch
- Don't use iCloud
- Disable SSH except for your account
- Turn off remote login
- Run developer software in Docker containers
How does FireVault work with Google cloud ?.
I have a google cloud folder which is synced with my local drive.
Now if I enable Firevault, it will encrypt all the data... but im not sure what will happen to the Google Drive folder on mac.
How will google drive manage my encryption then.
FileVault is encryption at the disk level; you unlock at startup. Unless you have other encryption methods for files or directories, once you're logged in, they are unencrypted as far as Google Drive or any other app sees it.
in addition to FileVault I have uBlock Origin installed on all browsers and Malwarebytes running. but I have no idea if these programs are working, are looking for the correct threats or potentially have malware themselves. so far so good...
I don’t. I keep my super sensitive data in my head. I never believed in computer security and never will. But the I never believed in security in general. Why on earth you would need an antivirus for a Mac ? I don’t even remember the last time avast gave me a virus warning on Windoom 10. Nowadays it’s mostly worms, ransomeware and spyware , rarely a Trojan horse. The age of virus has long gone after the start of the age of not slow internet.The only thing I do is to backup my data via Dropbox and megasync.
If you really need security, get a computer , disconnect it from the internet. The end.
Do you have any evidence that Apple harvests data stored on Macs and shares it with third parties? If so, that would be big news given Apple's stance on security and privacy.
It's how I caught a new Seagate external hard drive making calls to Baidu and Google. https://fosstodon.org/@lukewrites/100907932236227641