A Defensive Computing Checklist
by Michael Horowitz
I am not a Mac user, so the below is mostly links.
- If you have an M1 MacBook be very careful when closing the lid as per: Apple's M1 MacBook screens are stunning – stunningly fragile and defective, that is, lawsuits allege (Sept. 2021)
- SOFTWARE SUGGESTIONS
- Leo Laporte, aka The Tech Guy, recommends Disk Inventory X, a disk usage utility for Mac OS X. It shows the sizes of files and folders so you can easily see which folders are consuming the most disk space. The software is free and open source.
- Leo Laporte, aka The Tech Guy, recommends OnyX a free multi-function utility. It can clean up temp files, verify the structure of the system files, remove problematic folders and files, rebuild various databases and indexes and run other assorted maintenance tasks.
- I have heard good things about Malwarebytes for Mac. As of March 2021: it is free for 14 days. After that, one computer is $40/year but the cost per computer is much cheaper when you buy it for multiple.
- This August 2021 article suggests using DriveDx to monitor the health of the SSD in a Mac. It costs $20 to use on 3 Macs and there is a free trial.
- Two macOS utilities can warn you when software is using either the microphone or camera. One is Micro Snitch ($4 as of Sept. 2020) from Objective Development. More here. The other is Oversight from Objective See (free as of Sept. 2020).
- The excellent browser extension uBlock Origin is not supported on Safari. To use uBlock Origin on macOS, install Firefox.
- For content blocking in Safari, I have heard good things about 1Blocker
- Click on Safari in the menu bar -> Preferences -> Passwords and look for any security recommendations (Oct 2021)
- Safari can automatically delete your browsing history (as of Dec. 2020). On the menu bar, click on Safari -> Preferences -> General tab -> "Remove History Items". While there, also review "Remove download list items" which can automatically remove the names of the files you downloaded. It does not delete the actual files.
- BUG FIXES
How long will a copy of macOS get bug fixes?
- None of your business is the official Apple policy. The current version is patched for a year from its initial release, at which point a new version of the OS is released. Apple has no policy regarding bug fixes on old versions of the system.
- They have somewhat been updating the previous and second previous editions. Somewhat.
- Monterey was released October 25, 2021
Big Sur was released November 12, 2020
Catalina was released October 7, 2019
- This Nov. 2021 article describes a bug in Catalina that was not fixed for 234 days: PSA: Apple isn't actually patching all the security holes in older versions of macOS by Andrew Cunningham for Ars Technica.
- This April 2022 article describes bugs that were not fixed in either Big Sur or Catalina Apple patched critical flaws in macOS Monterey but not in Big Sur nor Catalina by Thomas Claburn of The Register. When asked about it, Apple said nothing. It is estimated that 35-40% of macOS installs run the two older versions of the OS. In addition to the two bugs in the headline, there are dozens of other vulnerabilities in Big Sur and Catalina.
- The release of macOS Catalina in October 2019, was buggy as heck. Going forward, macOS users should wait a few months before installing a new release. See:
How bad is Catalina? It's almost Apple Maps bad: MacOS 10.15 pushes Cupertino's low bar for code quality lower still by Thomas Claburn of The Register Oct 11, 2019
- To run Apple Hardware Diagnostics, press and hold the D key while the system starts up. Can't hurt to do this periodically.
- The Wireless Diagnostics tool can scan nearby networks and provide a summary of channel usage. There are also other advanced features. To see it: press and hold the Option key, then click on the WiFi icon in the menu bar. Look for "Open Wireless Diagnostics" Or, do a Spotlight search for "Wireless Diagnostics"
- macOS Monterey includes a Terminal command that tests the speed of the Internet connection. To test download and upload speed sequentially use:
There has to be a space before the dash. Replace the "s" with a "v" to test both directions at the same time. More: Test Your Network Speed On a Mac.
- Booting to Safe Mode also does a scan for errors. Press and hold the Shift key while the system starts up.
- Recovery Mode offers assorted utilities including Disk Utility that can check the disk and repair problems. Press and hold Command+R as the system boots up.
Firewalls control the flow of data on a network, each direction.
- For blocking unsolicited incoming connections, macOS includes a firewall but it is off by default. This is a miserable default. Turn it on with: Apple Menu -> System Preferences -> Security and Privacy -> Turn on Firewall. Stealth mode is the safest option. Next best is blocking all incoming connections. Other options let you specify the apps that are allowed to accept unsolicited input.
- For controlling outbound network activity, the Little Snitch firewall is a great product according to everyone. It offers total control over outgoing network traffic. It is not free and the initial setup takes time/effort as you have to decide what to allow and what to block. Does it also control incoming data? This is not clear from their website.
- A free outbound firewall is LuLu. It does not offer quite as much control as Little Snitch but is still a big improvement over nothing.
- Using Little Snitch to prevent Apple from spying on you: Minimizing macOS Telemetry by Michael Bazzell (Aug 2021).
- TripMode (at version 3 as of Feb. 2022) is marketed as a data saver, but really is a firewall. Pricing starts at $15 for one Mac. See a May 2021 review in Macworld.
- 8 Warning Signs Your Mac Might Have a Problem (and How to Fix It) by Tim Brookes for HowToGeek (Dec 2019)
- Walking away: There are a couple of options for what happens when you walk away from a Mac. After some inactivity, it can be logged out. Configure this: Apple Menu -> System Preferences -> Security and Privacy -> Advanced -> Log out after… minutes of inactivity. After it goes to sleep or the screen saver kicks in, it can require a password. Configure: Apple Menu -> System Preferences -> Security and Privacy -> General -> Require password… after sleep or screen saver begins.
- Privacy features are at System Preferences -> Security and Privacy -> Privacy.
-- Click the lock icon in the bottom-left corner and enter the macOS password. Then review the options in the left pane and remove permissions that apps don't need. The most important permissions are location services, camera, microphone, input monitoring and screen recording.
-- In the Analytics & Improvements section, uncheck everything in the right pane. Then select Apple Advertising and uncheck Personalized Ads.
-- The MacOS Catalina Privacy and Security Features You Should Know by David Nield (Oct 2019)
-- Take control of your Mac's privacy by Nathan Parker (May 2021). For macOS version 11 aka Big Sur. Some highlights: you can have an icon appear on the menu bar when a system service requests location data, you can enable/disable location services on a per-app basis, app file access can be restricted to specific folders and you decide how much Apple spies on you in the "Analytics and Improvements" section.
- How to Disable IPv6 on MacOS by Rae Hodge of CNet (June 2022). System Preferences -> Network -> Advanced -> TCP/IP -> Configure IPv6
- To stop Siri from always listening: System Preferences --> Siri -> uncheck Enable Siri
- How to Set Up a Recovery Contact on iPhone, iPad, and Mac by Samir Makwana for How To Geek (Dec 2021). For when you forget your Apple ID password or device passcode. Requires macOS Monterey or later.
- A common scam on Macs is a pop-up window saying that you need to install a new version of Flash. Don't.
- Turn off the Universal Clipboard (aka Handoff) feature because it shares the clipboard with your iPhone. Instructions and background from Quincy Larson.
- Ongoing laptop keyboard problems: In 2017, 2018 and 2019 the keyboards on Apple laptops were miserable (not sure about 2016). In 2020, Apple introduced a better keyboard. The bad keyboard is called "Butterfly", the good keyboard is "scissor-switch". That's in the real world. In the Apple world, the good 2020 keyboard is called "magic". When Apple sells the bad keyboards, as they do when they sell older refurbished laptops, they say nothing at all about they keyboard. Background: Apple's butterfly keyboard failed by prioritizing form over function (May 2020). The New 13-Inch MacBook Pro's Keyboard Really Is That Good (May 2020). Apple apologizes to people having problems with the MacBook's controversial keyboard CNBC (March 2019). Apple lied to me about the MacBook Air and now we have a problem by Chris Matyszczyk (May 2019)
- Buying a used Mac laptop: How to avoid scams and find the best deals by David Gewirtz (August 2019)
- Where get software from: It is safest to only download software from the App Store run by Apple. Even if this is not possible on a new Mac, limiting new software to the App Store makes sense after the initial setup. Configure: Apple Menu -> System Preferences -> Security and Privacy -> General -> Allowed apps downloaded from.
- How to Open Apps from Unidentified Developers on Your Mac by Chris Hoffman (April 2017). An intro to the three levels of software trust in macOS: apps from the Mac App Store, apps from Identified Developers and apps from anywhere else.
- Setting up a Mac for young children by Mark Stockley of Sophos (Oct 2018)
- Battery: Keeping a laptop battery fully charged at all times shortens its lifespan. Batteries last the longest when operating between 30 and 80 percent charged. AlDente is a menu bar tool that limits the maximum charging percentage (Alternate link). For Mac laptops with Intel CPUs, there is a battery feature in the OS. See About battery health management in Mac notebooks.
- How to Encrypt and Password Protect Files on Your Mac by Jay Vrijenhoek and Kirk McElhearn of Intego. Last updated April 2021. Covers encrypting: System Data and the Startup Drive, External Drives, Documents and Files, Backups and Files You Send to Others.
- VIRUSES and MALWARE:
Anti-virus software is needed on macOS.
- How to check for and remove malware from a Mac by Joe Hindy of Android Authority (June 2022). Written for macOS Monterey 12.4. Very good article. The first suggestion is to check CPU usage in Activity Monitor: Finder -> Applications -> Utilities -> Activity Monitor -> sort by CPU Usage.
- The free KnockKnock program from Objective-See looks for software installed on the system and can run it through VirusTotal.com to check if the software is malicious. It is not an always-on anti-virus program, you run manually.
- What to do if you think your Mac has a virus by Karen Haslam of MacWorld (Jan 2022). Covers how to get a free virus scan, how to get rid of Mac viruses for free, and how to avoid getting infected in the first place.
- macOS includes a number of security features. See Protecting against malware in macOS from Apple Feb. 2021. It discusses: the App Store, Gatekeeper, Notarization, XProtect and MRT (Malware Removal Tool).
- In August 2021, malware called AdLoad,was able to bypass both Gatekeeper and XProtect a good 10 months after it was first detected. Details here: New AdLoad malware variant slips through Apple's XProtect defenses (August 2021).
- How to Protect Your Mac From Ransomware by Tim Brookes (Aug 2020). Avoid pirated software and software passed around by friends. When possible, get software from the Mac App Store. Backup important files to a device that is off-line when not being used to create the backup. For malware removal use Malwarebytes.
- These programs will save your ass when Mac users need you to remove malware by Kim Crawley (Jan 2018)
- EXTERNAL MONITORS
Recommendations from Gary Rosenzweig of MacMost.com. See The Problem
With Using 1440 Screens With a Mac September 2022.
- Screens with a resolution of 2560x1440 are either too small or too big. He refers to this resolution as 1440p.
- He recommends a screen with a resolution of 3840x2160. He refers to this resolution as 4K.
- Avoid using an HDMI connection to an external screen. Especially avoid converting Thunderbolt to HDMI.
- For a monitor with Display Port input, he suggests a cable that is USB-C on one end (into the Mac) and Display Port on the other end
- DISK ENCRYPTION:
Should a Mac laptop be lost or stolen, the data can be protected with FileVault, which offers full-disk encryption. FileVault was introduced in 2011 (macOS 10.7 Lion). Configure it: Apple Menu -> System Preferences -> Security and Privacy -> FileVault tab. This get complicated when there are multiple users defined. More:
- ERASE HARD DRIVE
One good reason to use FileVault (above) is that it lets you securely erase a macOS hard drive when the time comes to get rid of the computer.
- If you have an AppleID, then Apple is tracking you. According to Michael Bazzell (Oct 2019) macOS Catalina and Mojave can both be clean installed and used without an Apple ID.
- Periodically review the list of Wi-Fi networks your device has previously connected to and remove those you no longer need.
- macOS is not a priority for Apple as this story illustrates: On Feb. 22, 2019 a researcher reported a flaw in macOS to Apple. They acknowledged the flaw then stopped responding to his emails. After three months he disclosed the bug. After four months Apple still has not fixed the problem.
| This page: 7 views per day (over 29 days) Total views: 217 Created: August 28, 2022|
Copyright 2019 - 2022