Vital Tips for Securing Your New Mac

So you were one of the lucky ones who received (or bought yourself) your first Mac over the holiday period. Congratulations, and welcome to the Mac community! Perhaps, like more and more people, you’ve made the move from that other operating system – you know, the one that’s a little more popular, but also not quite as well-designed, and more prone to security issues.

The one where you’re considered a brave person to go online without the full metal jacket of antivirus, antispam, antimalware, and firewall in place. If so, then chances are that you’ve already started thinking about what you need to do in order to protect your new machine from viruses, trojans, and other kinds of nasties that you may have encountered previously.

Many will tell you not to bother – Macs don’t get viruses, right? It’s true to say that there are fewer such issues with Macs (after all, smaller market-share means less incentive to antisocial types), but it’d be foolish not to take even the most basic precautions in order to keep your data and your personal information safe.

When I made the switch, I immediately went in search of the kinds of protection I was used to having in place before I would bring my computer anywhere near a network connection of any kind. But friends talked me down, reassured me that I didn’t really need the same level of protection for my shiny new MacBook. But they did offer a few little tips, which I will pass on in this article, just to cover the basics…

Security Updates

First off, you want to be sure that you have all the latest security updates installed. Whenever a problem is found in the wild – a new virus or exploit of some other kind – Apple is usually quite snappy in issuing a fix for the issue. So you want to make sure that your Mac is set to receive these updates automatically.

Checking for New Software

Checking for New Software

By default, OS X checks once per week, but you can set it to look for updates more (or less) frequently by opening ‘Software Update’ in System Preferences and selecting from the pull-down menu.

Software Update

Software Update

You can also run Software Update manually at any time by clicking on the Apple logo in the menubar and selecting it there.

A next step that’s worth taking is switching on your Mac’s built-in firewall. It used to be that this was disabled by default, but the last few versions of OS X have had it turned on automatically. Again, you will find the Firewall in System Preferences, this time under ‘Security’, and then click on the ‘Firewall’ tab.

Firewall

Firewall

The truth is that most users are likely to be behind pretty secure hardware firewalls built into their routers most of the time, but it’s still a good idea to turn on the software firewall, and especially so if you’re accessing the web via a shared access point, such as wifi in a cafe or airport.

Physical Theft

And while we’re loitering in places like that, there are steps you should take to secure your machine here too. Of course, there are physical things, like good old Kensington locks, or just plain making sure you never leave your machine unattended.

In case of disaster striking, though, I’ve installed Orbicule’s Undercover in the hope that it’ll help recover my machine. But I’ve also taken a few other precautions like setting my screen to lock when the screensaver comes on, so that a password is needed to get back in (in the ‘General’ tab of ‘Security’ in System Preferences), and ensuring that Automatic login is switched off across all users on the machine (in the same tab).

General Security Settings

General Security Settings

There’s a good chance that when you open this Security settings panel it will look a little different: everything other than the first line will likely be greyed-out, and the lock at the bottom-left will be closed, like this:

Settings Locked

Settings Locked

As soon as you click on the lock, you will see this dialogue-box:

Authorising

Authorising

If you know an Administrator name and password, entering it here will unlock the further options. Chances are that you will see this window pop up now and then when you’re installing new software. Always pay careful attention to which application is asking for authorisation – if you half-consciously gave full rights to your machine to some rogue process, you might be letting yourself in for a world of pain and difficulty. So take care, and be sure you know what you’re authorising every time you see this window.

The Keychain

You may already have come across the Keychain. This is the system built into your Mac that remembers all your passwords and other important security information. When you log in to OS X, by default you unlock the default Keychain (known as the Login Keychain), which gives you access to the information stored there.

You can increase security by setting it to lock after a specified time period – of course, in doing this you lose some convenience, as you will have to repeatedly unlock the Keychain as applications or services try to access it after the specified lock-time. But it might be worth doing, especially, again, if you’re working in a public place.

To do this, run the Keychain Access application, which you will find in /Applications/Utilities folder.

Keychain Access

Keychain Access

Right-click on ‘login’ under the Keychains section on the left of the window and select ‘Change settings for Keychain “Login”…’. It should be obvious what you need to do in the next window to set a time after which your Keychain will lock and your passwords will be secure.

Locking After Inactivity

Locking After Inactivity

And Finally? Viruses

And, finally, what about viruses? Well, most of the big hitters from the PC antivirus market offer Mac solutions, too, including Norton Antivirus for Mac. The other big name you will hear is Intego, whose Virus Barrier X5 usually reviews well. And two freeware options are ClamXav and iAntiVirus, which also generally receives good reviews.

If you are running Windows on your Mac, then you definitely, without a doubt, need antivirus installed in that Windows virtual machine. To tell the truth, though, although I have a licence for Virus Barrier X5, I’ve stopped running it on my Mac. I’m careful to keep virus definitions updated in NOD32 on my Windows install, but I got tired of X5 running the fans whenever it did something in the background on my Mac, so I’ve gotten rid of it.

There are dangers out there, and choosing not to run antivirus on your Mac needs to be a decision you make with your eyes open – after all, Apple do acknowledge that running antivirus software may offer additional protection (see here, at the very bottom, under ‘Security Advice’). It’s up to you.

In the end, the truth is that your new Mac is more secure than any Windows machine, so long as you take care of a few basics – as outlined here. In a future article, I’ll say more about a couple of applications that can make your life easier and protect your privacy more stringently.


  • http://inspiredbywordpress.co.uk Daniel Groves

    Nice to see some tips about keeping a Mac more secure. Personally I worked all of this out within 1/2 hour of getting my MacBook, and already new about the anti-virus situation having run Ubuntu Linux on my computer before getting my Mac. 6th months on and still lovin’ it!

  • Michele

    My friend got a Mac over Christmas, and he thought that there were (literally) no viruses for OS X. So I promptly sent him the Newton Virus.
    http://www.youtube.com/watch?v=aBJQ5085kSo

  • Inket

    What are the chances of getting an OS X Virus if I’m not using an Anti-Virus ?

    1% ? Less ?

    • Daniel Hertlein

      Don’t forget about iAlertu. It uses the motion detection built into all intel mac laptops to activate an audible alarm and even takes and automatically emails a photo using the isight cam. You can turn it on manually or with the Apple remote. While it’s by no means a substitute for a Kensington lock it’s great for leaving your mac on the coffee shop table while you turn around to grab a refill. And it’s free.
      http://www.macupdate.com/info.php/id/21282

      Also, while it’s not a security measure per se, the internet is rife with stories of mobileme users who used backtomymac to erase sensitive data and even track theives.

    • Daniel Hertlein

      Sure, now. But all it takes is one good one and it’s coming eventually. Do you really want to be just sitting there waiting?
      That said, not having my system clogged down with Norton and the like is reason numero two for using mac. Numero one being everything else. Clam AV and Virus Barrier X5 both do the trick without calling attention to themselves.

  • Erica

    I got Intego VirusBarrier X5 from MacHeist, it takes minimal memory and stays out of the way. Definitely less hassle than dealing with Windows anti-virus. Mac may not need it but there’s still some chance.

  • Stephanie

    For physical theft I use GadgetTrak on my Mac, it takes photos and gets the location of the person who stole the system.

  • http://www.sidelane.co.uk Ira Rainey

    Rather than turn on the built in Firewall you should really get yourself a copy of Little Snitch: http://www.obdev.at/products/littlesnitch/

    As well as incoming traffic, it’ll also control outgoing traffic, alerting you to network connections any apps are trying to make.

  • Milo

    Well the chance of getting a virus is 0%, as there are no viruses for OS X.

    I repeat: there are zero (0) viruses for OS X. This is a fact.

    • Him

      I bet you feel pretty stupid at the moment.

  • http://kennethyounger.com Kenneth Younger

    Lockdown. Awesome for coffee shops or other places that someone could try and grab the laptop while you are away (running to the car, or in the bathroom).

  • Milo

    There is 0% chance of getting a virus in OS X, as there are exactly zero (0) viruses available for OS X. So installing an antivirus app is totally and extremely pointless.

    • ivan

      keep dreaming…that’s not a fact, that’s what you chose to believe and doesn’t necessarily make it the truth.

  • David

    You forgot to mention the most important way to keep your computer secure. Never log in as Administrator unless you absolutely have to (like pairing your Apple Remote…dumb thing). Every time you want to install an application, you just will have to authenticate as administrator, but you should never be logged in as an administrator, you should be a regular user. But whatever, ignore the obvious. That’s good too.

  • Pingback: The Complete Guide for Child-Proofing Your Mac | Mac.AppStorm

  • David

    Just for a competition and fun I have been able to passby my friends Macbook by resetting the administrator account, after that I had been able to change the password of his account and login.
    I am so disappointed to find out that finally even the Mac is not secure.
    P.S: I did it under Mac OS 10.6.2

  • Katie

    What about http://adeona.cs.washington.edu/ Adeona Recovery. It is free and open source.

theatre-aglow
theatre-aglow
theatre-aglow
theatre-aglow