CS101: Computing Technology and You
CS101: Computing Technology and You

How To Secure a Macintosh Computer Running 11, 12, or 13

Macintosh computers are not targeted by cyber criminals anywhere nearly as frequently as Windows computers.  This is mostly due to their smaller market share.  Consequently, Macintosh computers are a bit easier to secure than Windows computers since there is less to currently defend against.  However, security experts agree that Apple has now become a target for cyber criminals. Attacks have been more frequent . Consequently, it is now recommended you implement basic security measures on your Macintosh computer.

Step 1: Backup Computer
If you are attempting to secure a computer that already has important information saved on it there is a chance the securing process could cause data loss.  To guard against data loss a full backup of your hard drive is recommended.  The best way to backup a computer running macOS is to buy an external hard drive and use Time Machine. 

A good place to start shopping for hard drives is Newegg.com since it has reviews from relatively technology sophisticated shoppers:

Newegg External Hard Drives

Time Machine is a great backup utility built into macOS.  The following link has directions on how to use Time Machine:

http://support.apple.com/kb/HT1427?viewlocale=en_US

Step 2: Make sure Apple Automatic Update is turned on.
The Macintosh operating system (macOS), like the rest of Apples software, has potential security flaws which could be exploited by malware and/or hackers.  Consequently, security patches are made available by Apple to fix these flaws.  It is important that a Macintosh is set to automatically download and install software update patches for Apple software.  Read the following information to find out how to check for Apple updates:

http://support.apple.com/kb/HT1338

Step 3: Check that all non-Apple software you use to access Internet has automatic updates turned on.
Check all non-Apple programs you use to access the Internet (email, web browsers, PDF viewers, social programs, etc.) and make sure that automatic updating is enabled.  You can often find these settings by looking Application menu (name of current application) > Preferences. If you cannot find the updating functions you can use Google to find the location.

Step 4: Turn on Apple's built-in Firewall.
A firewall is an application that protects your computer from unauthorized access.  An active firewall offers two forms of protection.  1) It keeps unauthorized network traffic (hackers, robotic malware, etc) from gaining access to your computer.  2) If a piece of malware does make it on to your computer an active firewall should warn you and block it before it can send out information (stolen passwords, personal information, ability to remotely control the computer, etc).  To activate Apple's built-in firewall follow the link below:

http://support.apple.com/en-us/HT201642

Step 5: Install malware detection software (anti-virus) and set to update each time Internet is accessed.
 TWO IMPORTANT NOTES:

1) If you already have malware detection software (usually called an anti-virus program) installed on your Macintosh computer make sure you uninstall it before installing the below recommended free program.

2) Gatekeeper is a feature that helps protect your Mac from malware, and misbehaving apps, downloaded from the Internet. It may attempt to block you from downloading the below linked Avira anti-Virus app.  If it does block the download then read the directions at the following link:

http://support.apple.com/kb/HT5290

Once you have your Macintosh backed up, and updated, you are ready to put on the following malware detection software to stop viruses, Trojan horses, worms, adware, spyware, rootkits etc. from infecting your computer:

  • Click the following link to download AVG malware detector.  Make sure to click the "Free Download" button. (If does not download see Important Note #2 above)

Step 6: Create Standard user accounts for you, and for other users of your computer, disable automatic login, and require password to wake your computer from sleeping.
When you turn on a Macintosh computer for the first time it asks you for some information (name, time zone, etc.) and then automatically creates an administrator user account.  An administrator user account means that you are allowed to make changes to the computer such as installing new software.  After that each time a Macintosh computer starts up it automatically logs the user into the administrator account.  This practice creates two security problems.  One, it means that anyone who has physical access to the computer (roommates, parents, thieves, etc) could gain access to all the information on the computer.  Two, if the computer is attacked by malware (viruses, Trojan horses, worms, etc) the software can more easily install itself since a computer administrator account is allowed to install software.  To eliminate these two security flaws of a Macintosh computer you should create a Standard user account for you and other users of your computer. Standard account users can install software for their own use (if they know the Administrative user account password) and change settings related to their accounts, but can’t administer other accounts. You can learn how to create new Standard accounts by following the directions from the appropriate link below:

https://support.apple.com/guide/mac-help/set-up-other-users-mtusr001/mac

To disable automatic login on your mac read the following and make sure you set Automatic login: to off.

https://www.reed.edu/cis/help/auto-login.html

To keep the information on your Mac secure when you are away from it set it to require the user account password be entered to wake it from screensaver or sleeping. To accomplish this first activate your screen saver and then set it to require a password when awaken by following the directions at this link:

https://support.apple.com/guide/mac-help/require-a-password-after-waking-your-mac-mchlp2270/12.0/mac/12.0

Step 7: Consider using the Tor web browser and a Virtual Private Network (VPN) for web activity.
To learn about Tor please visit the following web site:
https://www.torproject.org/about/overview.html.en

To learn about Virtual Private Networks please read the information at the following link:
https://thebestvpn.com/what-is-vpn-beginners-guide/

Step 8: Turn on the Guest account.
A Guest account is built into Mac OS.  Guest accounts are useful because guests are not allowed to install software and all information is removed from the account when a session in finished.  It is a great way to let a friend use your computer safely. The problem is that the Guest account turned off by default.  To turn it on follow the directions below:

macOS User Guide

Step 9: Turn on FileVault2 to encrypt hard drive and disable automatic login.
(IMPORTANT NOTE: It is recommended you have a complete backup in place before turning on FileVault2. It is also very important to remember you user account password as you could lose access to all information on the computer it the password if forgotten.)

FileVault2 uses full disk, XTS-AES 128 encryption to help keep your data secure. With FileVault2 you can encrypt the contents of your entire drive. This way if your computer is stolen the thief will not be able to see your data unless they know your account password. Make sure to read, and understand, all the directions at the link below before you turn on FileVault2:

http://support.apple.com/kb/HT4790

Return to Security Lab Home Page