macOS Defensive Computing

APPLE MACOS

FYI: I am not a Mac user.

In case a good person finds your lost Mac laptop, you can put your contact information on the lock screen
System Settings -> Lock Screen -> Show message when locked -> Set... button
SOFTWARE SUGGESTIONS
- Leo Laporte, aka The Tech Guy, recommends Disk Inventory X, a disk usage utility for Mac OS X. It shows the sizes of files and folders so you can easily see which folders are consuming the most disk space. The software is free and open source.
- Leo Laporte, aka The Tech Guy, recommends OnyX a free multi-function utility. It can clean up temp files, verify the structure of the system files, remove problematic folders and files, rebuild various databases and indexes and run other assorted maintenance tasks.
- I have heard good things about Malwarebytes for Mac. As of March 2021: it is free for 14 days. After that, one computer is $40/year but the cost per computer is much cheaper when you buy it for multiple.
- This August 2021 article suggests using DriveDx to monitor the health of the SSD in a Mac. It costs $20 to use on 3 Macs and there is a free trial.
- Two macOS utilities can warn you when software is using either the microphone or camera. One is Micro Snitch ($4 as of Sept. 2020) from Objective Development. More here. The other is Oversight from Objective See (free as of Sept. 2020).
SAFARI
- The excellent browser extension uBlock Origin is not supported on Safari. To use uBlock Origin on macOS, install Firefox.
- For content blocking in Safari, I have heard good things about 1Blocker
- Click on Safari in the menu bar -> Preferences -> Passwords and look for any security recommendations (Oct 2021)
- Safari can automatically delete your browsing history (as of Dec. 2020). On the menu bar, click on Safari -> Preferences -> General tab -> "Remove History Items". While there, also review "Remove download list items" which can automatically remove the names of the files you downloaded. It does not delete the actual files.
March 20, 2024: 15 Mac Settings To Make Your Mac More Secure by Gary Rosenzweig of Macmost.com. A 12 minute video with a full transcript.
Speaking of settings, you can turn off remote access to your Mac computer with:
System Preferences -> Sharing -> Remote Login -> Remote Management
macOS Ventura 13.2, released in January 2023, introduced in the use of a FIDO-certified hardware security key to log into an Apple account. Finally. Apple had been one of the few big tech companies that did not support hardware security keys. For more see About Security Keys for Apple ID from Apple (January 24, 2023) and Apple advances user security with powerful new data protections from Apple (December 7, 2022) which covers Security Keys and iMessage Contact Key Verification and Advanced Data Protection.
RECOVERY KEY for APPLE ID: The Recovery Key is a Get-Out-Of-Jail-Free card for when a bad guy has changed your Apple ID password and locked you out of your account. From: How to generate a recovery key by Apple (December 10, 2020). A recovery key is a randomly generated 28-character code that you can use to reset your Apple ID password. This is not required. Creating a recovery key turns off Account Recovery which is a process that helps you get back into your Apple account when you can not reset the password. You are responsible for not losing the Recovery Key. In maOS:
System Preferences -> Apple ID -> Account Details -> Security -> In the Recovery Key section, click Turn On -> Click Use Recovery Key. Write it down at this point and save a couple copies. Do not screen shot it as you don't want it stored in iCloud, in case a bad guy gets into your account. You have to enter the key to verify that you know it. It is not case sensitive. If you lose the Recovery Key you can create another one. Beware, however, Apple does not allow their customers to regain access to their account if a recovery key is enabled and they can not produce it.
Apple account recovery contacts: From Help a friend or family member as their account recovery contact from Apple (December 13, 2022) A recovery contact can help a friend regain access to their Apple account if they forget their password. When someone is locked out, they can contact their Recovery person with instructions for generating and sharing a six-digit recovery code. This code, along with other information, allows the locked out user to reset their password. The Recovery Contact person does not have any access to their friend's account. All they can do is provide them with a code when requested. To be a Recovery Contact, you must have two-factor authentication turned on for your Apple ID.
BUG FIXES
How long will a copy of macOS get bug fixes?
- The current version is patched for a year from its initial release, at which point a new version of the OS is released. Apple had no official policy regarding bug fixes on old macOS versions They had somewhat been updating the previous and second previous editions. Somewhat.
- In October 2022 an official policy: About software updates for Apple devices from Apple
- Home truths about macOS by Howard (Nov 2022). A detailed look at when to upgrade to a new version of macOS. Final conclusion: update immediately. Older versions may get security bug fixes but non security issues are not fixed. APFS is cited as an example of a critical sub-system that loses all support once there is a new version of macOS. Old versions get some, but not all, security fixes. Over the 2021-22 cycle, the current version of macOS, Monterey, received 342 security updates, Big Sur got 202, and Catalina got 146.
- Ventura (aka version 13) was released October 29, 2022
  Monterey was released October 25, 2021
  Big Sur was released November 12, 2020
  Catalina was released October 7, 2019
- This Nov. 2021 article describes a bug in Catalina that was not fixed for 234 days: PSA: Apple isn't actually patching all the security holes in older versions of macOS by Andrew Cunningham for Ars Technica.
- An inconvenient truth about Apple security updates by Joshua Long of Intego (September 2022). Quoting: "Apple's ostensible policy about Mac operating system updates is that security issues get patched for the current and two previous major macOS releases ... Few are aware that Apple doesn't patch every security vulnerability present in the two previous macOS versions - and, surprisingly, that even goes for 'actively exploited' (in-the-wild) vulnerabilities." Looks like there is more to come here.
- This April 2022 article describes bugs that were not fixed in either Big Sur or Catalina Apple patched critical flaws in macOS Monterey but not in Big Sur nor Catalina by Thomas Claburn of The Register. When asked about it, Apple said nothing. It is estimated that 35-40% of macOS installs run the two older versions of the OS. In addition to the two bugs in the headline, there are dozens of other vulnerabilities in Big Sur and Catalina.
- The release of macOS Catalina in October 2019, was buggy as heck. Going forward, macOS users should wait a few months before installing a new release. See: How bad is Catalina? It's almost Apple Maps bad: MacOS 10.15 pushes Cupertino's low bar for code quality lower still by Thomas Claburn of The Register Oct 11, 2019
BUYING USED MACS
1. Why You Need To Be Careful When Buying a Used Mac by Gary Rosenzweig of MacMost.com. (December 2022). A long article/video, well worth your time. Some points raised: online used Mac sales have been overrun by scammers. The most risk is at Craig's List, E-bay, Facebook, or Next Door. It is common for used Macs to have been stolen. In that case, it may be locked down and not usable. Macs can be locked down in a variety of ways. Macs get new operating systems for about five years after they come out. Then they only get security support for two more years. The battery may be worn down. You may over pay for it. The Apple Refurb Store will not save you much money but you will get a fair recent model. Tips on what to do first with a used Mac.
2. Buying a used Mac laptop: How to avoid scams and find the best deals by David Gewirtz (August 2019)
DIAGNOSTICS
1. To run Apple Hardware Diagnostics, press and hold the D key while the system starts up. Can't hurt to do this periodically.
2. The Wireless Diagnostics tool can scan nearby networks and provide a summary of channel usage. There are also other advanced features. To see it: press and hold the Option key, then click on the WiFi icon in the menu bar. Look for "Open Wireless Diagnostics" Or, do a Spotlight search for "Wireless Diagnostics"
3. macOS Monterey includes a Terminal command that tests the speed of the Internet connection. To test download and upload speed sequentially use:
  networkquality -s
  There has to be a space before the dash. Replace the "s" with a "v" to test both directions at the same time. More: Test Your Network Speed On a Mac.
4. Booting to Safe Mode also does a scan for errors. Press and hold the Shift key while the system starts up.
5. Recovery Mode offers assorted utilities including Disk Utility that can check the disk and repair problems. Press and hold Command+R as the system boots up.
FIREWALLS
Firewalls control the flow of data on a network, each direction.
- For blocking unsolicited incoming connections, macOS includes a firewall but it is off by default. This is a miserable default. Turn it on with:
  Apple Menu -> System Preferences -> Security and Privacy -> Turn on Firewall
  Stealth mode is the safest option. Next best is blocking all incoming connections. Other options let you specify the apps that are allowed to accept unsolicited input.
- For controlling outbound network activity, the Little Snitch firewall is a great product according to everyone. It offers total control over outgoing network traffic. It is not free and the initial setup takes time/effort as you have to decide what to allow and what to block. Does it also control incoming data? This is not clear from their website.
- A free outbound firewall is LuLu. It does not offer quite as much control as Little Snitch but is still a big improvement over nothing.
- Using Little Snitch to prevent Apple from spying on you: Minimizing macOS Telemetry by Michael Bazzell (Aug 2021).
- TripMode (at version 3 as of Feb. 2022) is marketed as a data saver, but really is a firewall. Pricing starts at $15 for one Mac. See a May 2021 review in Macworld.
September 2021: If you have an M1 MacBook be careful when closing the lid as per: Apple's M1 MacBook screens are stunning – stunningly fragile and defective, that is, lawsuits allege
August 2021: Apple already scans iCloud Mail for CSAM, but not iCloud Photos by Ben Lovejoy for 9to5Mac. Quoting: "Apple has confirmed to me that it already scans iCloud Mail for CSAM, and has been doing so since 2019. It has not, however, been scanning iCloud Photos or iCloud backups."
The Practical Guide To Mac Security (2021) is a free course offered by MacMost.com and Gary Rosenzweig. There are 20 videos about how to prevent online account theft, malware and other disasters. By following these common-sense techniques you can keep your Mac secure and prevent problems. I am not a Mac user but I took a look at Part 7 on VPNs and I disagree with every recommendation for a VPN provider.
8 Warning Signs Your Mac Might Have a Problem (and How to Fix It) by Tim Brookes for HowToGeek (Dec 2019)
Walking away: There are a couple of options for what happens when you walk away from a Mac. After some inactivity, it can be logged out. Configure this: Apple Menu -> System Preferences -> Security and Privacy -> Advanced -> Log out after… minutes of inactivity. After it goes to sleep or the screen saver kicks in, it can require a password. Configure: Apple Menu -> System Preferences -> Security and Privacy -> General -> Require password… after sleep or screen saver begins.
Privacy features are at System Preferences -> Security and Privacy -> Privacy.
-- Click the lock icon in the bottom-left corner and enter the macOS password. Then review the options in the left pane and remove permissions that apps don't need. The most important permissions are location services, camera, microphone, input monitoring and screen recording.
-- In the Analytics & Improvements section, uncheck everything in the right pane. Then select Apple Advertising and uncheck Personalized Ads.
-- The MacOS Catalina Privacy and Security Features You Should Know by David Nield (Oct 2019)
-- Take control of your Mac's privacy by Nathan Parker (May 2021). For macOS version 11 aka Big Sur. Some highlights: you can have an icon appear on the menu bar when a system service requests location data, you can enable/disable location services on a per-app basis, app file access can be restricted to specific folders and you decide how much Apple spies on you in the "Analytics and Improvements" section.
How to Disable IPv6 on MacOS by Rae Hodge of CNet (June 2022). System Preferences -> Network -> Advanced -> TCP/IP -> Configure IPv6
To stop Siri from always listening: System Preferences --> Siri -> uncheck Enable Siri
How to Set Up a Recovery Contact on iPhone, iPad, and Mac by Samir Makwana for How To Geek (Dec 2021). For when you forget your Apple ID password or device passcode. Requires macOS Monterey or later.
A common scam on Macs is a pop-up window saying that you need to install a new version of Flash. Don't.
Turn off the Universal Clipboard (aka Handoff) feature because it shares the clipboard with your iPhone. Instructions and background from Quincy Larson.
Ongoing laptop keyboard problems: In 2017, 2018 and 2019 the keyboards on Apple laptops were miserable (not sure about 2016). In 2020, Apple introduced a better keyboard. The bad keyboard is called "Butterfly", the good keyboard is "scissor-switch". That's in the real world. In the Apple world, the good 2020 keyboard is called "magic". When Apple sells the bad keyboards, as they do when they sell older refurbished laptops, they say nothing at all about they keyboard. Background: Apple's butterfly keyboard failed by prioritizing form over function (May 2020). The New 13-Inch MacBook Pro's Keyboard Really Is That Good (May 2020). Apple apologizes to people having problems with the MacBook's controversial keyboard CNBC (March 2019). Apple lied to me about the MacBook Air and now we have a problem by Chris Matyszczyk (May 2019)
Where get software from: It is safest to only download software from the App Store run by Apple. Even if this is not possible on a new Mac, limiting new software to the App Store makes sense after the initial setup. Configure: Apple Menu -> System Preferences -> Security and Privacy -> General -> Allowed apps downloaded from.
How to Open Apps from Unidentified Developers on Your Mac by Chris Hoffman (April 2017). An intro to the three levels of software trust in macOS: apps from the Mac App Store, apps from Identified Developers and apps from anywhere else.
How to Encrypt and Password Protect Files on Your Mac by Jay Vrijenhoek and Kirk McElhearn of Intego. Last updated April 2021. Covers encrypting: System Data and the Startup Drive, External Drives, Documents and Files, Backups and Files You Send to Others.
VIRUSES and MALWARE:
Anti-virus software is needed on macOS.
- How to check for and remove malware from a Mac by Joe Hindy of Android Authority (June 2022). Written for macOS Monterey 12.4. Very good article. The first suggestion is to check CPU usage in Activity Monitor: Finder -> Applications -> Utilities -> Activity Monitor -> sort by CPU Usage.
- The free KnockKnock program from Objective-See looks for software installed on the system and can run it through VirusTotal.com to check if the software is malicious. It is not an always-on anti-virus program, you run manually.
- What to do if you think your Mac has a virus by Karen Haslam of MacWorld (Jan 2022). Covers how to get a free virus scan, how to get rid of Mac viruses for free, and how to avoid getting infected in the first place.
- macOS includes a number of security features. See Protecting against malware in macOS from Apple Feb. 2021. It discusses: the App Store, Gatekeeper, Notarization, XProtect and MRT (Malware Removal Tool).
- In August 2021, malware called AdLoad,was able to bypass both Gatekeeper and XProtect a good 10 months after it was first detected. Details here: New AdLoad malware variant slips through Apple's XProtect defenses (August 2021).
- How to Protect Your Mac From Ransomware by Tim Brookes (Aug 2020). Avoid pirated software and software passed around by friends. When possible, get software from the Mac App Store. Backup important files to a device that is off-line when not being used to create the backup. For malware removal use Malwarebytes.
- These programs will save your ass when Mac users need you to remove malware by Kim Crawley (Jan 2018)
EXTERNAL MONITORS
Recommendations from Gary Rosenzweig of MacMost.com. See The Problem With Using 1440 Screens With a Mac September 2022.
1. Screens with a resolution of 2560x1440 are either too small or too big. He refers to this resolution as 1440p.
2. He recommends a screen with a resolution of 3840x2160. He refers to this resolution as 4K.
3. Avoid using an HDMI connection to an external screen. Especially avoid converting Thunderbolt to HDMI.
4. For a monitor with Display Port input, he suggests a cable that is USB-C on one end (into the Mac) and Display Port on the other end
DISK ENCRYPTION:
Should a Mac laptop be lost or stolen, the data can be protected with FileVault, which offers full-disk encryption. FileVault was introduced in 2011 (macOS 10.7 Lion). Configure it: Apple Menu -> System Preferences -> Security and Privacy -> FileVault tab. This get complicated when there are multiple users defined. When first setting up a new Mac computer, you will be asked about enabling FileVault. More:
- All About FileVault: Encryption for Your Mac by Peter Cohen of BackBlaze (June 2016)
- Use FileVault to encrypt the startup disk on your Mac from Apple Nov. 2018
- Encrypt Mac data with FileVault from Apple
- Encrypt and protect a storage device with a password in Disk Utility from Apple. When you format an internal or external storage device, you can both encrypt it and protect it with a password.
ERASE HARD DRIVE
One good reason to use FileVault (above) is that it lets you securely erase a macOS hard drive when the time comes to get rid of the computer.
- June 11, 2024: How to back up and wipe your Mac by David Nield for The Verge. About wiping and starting again from a factory-fresh clean slate, maybe for your own reasons or maybe to sell the computer. Have two backups. In the cloud, maybe use iCloud or Google Drive or Dropbox. For local backups, maybe use Time Machine. To wipe in macOS Ventura or later
  Apple menu -> System Settings (or System Preferences) -> General -> Transfer or Reset -> Erase All Content and Settings
- July 27, 2023: Guide to How to Wipe a Mac or Macbook Clean by Stephanie Doyle of BackBlaze.
- October 2021: How to Securely Dispose of Your Old Mac by Kirk McElhearn of Mac software company Intego
- August 2021: Guide to How to Wipe a Mac or Macbook Clean by Andy Klein of BackBlaze
- Erase and reformat a storage device in Disk Utility on a Mac by Apple. For macOS 14, 13, 12, 11, 10.15, 10.14 and High Sierra
If you have an AppleID, then Apple is tracking you. According to Michael Bazzell (Oct 2019) macOS Catalina and Mojave can both be clean installed and used without an Apple ID.
Periodically review the list of Wi-Fi networks your device has previously connected to and remove those you no longer need.
macOS is not a priority for Apple as this story illustrates: On Feb. 22, 2019 a researcher reported a flaw in macOS to Apple. They acknowledged the flaw then stopped responding to his emails. After three months he disclosed the bug. After four months Apple still has not fixed the problem.
Also see the Apple topic
Also see the Batteries page.
Also see the Reporting Bad Stuff page which has a section on reporting things to Apple.