Protect Thy Mac

Justin Pierce, MPS-CRM, CNDA, CEHSenior Cybersecurity Engineer @ NASA | Certified Ethical Hacker | Combat Veteran
Dream not of today. ~ Jean-Luc Picard
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.

In light of one of the scariest ransomware attacks, WannaCry, legions of Mac users have asked me if Apple nerds should be worried, and what can they do to prevent such malware. I've also had the occasional Mac user say, "Macs don't get viruses, so I'm not concerned."

In regards to that last statement, I offer up a quote from the wise Jean-Luc Picard, 

"You may test that assumption at your convenience."

Macs are computers my fellow Apple lovers, and computers get malware. Think of it this way, Macs and Windows are like cars. Macs to me are like my '79 Corvette C3 L-89, while Windows machines are akin to a Ford Mustang (input your favorite year). Both cars are beautiful in each beholder's eye, but what they have in common is that they are cars! That's right, no matter how many cool tweaks or decals you use, a car has a motor, and that means it is susceptible to engine problems.

Currently, "engine problems" for the Mac aren't as prevalent as they are for Windows. That shouldn't make you complacent though because the problems are still as severe if you happen to get one. Do you remember just last year the first full-blown ransomware that hit the Mac?

The ransomware was called KeRanger [1], and it was as every bit as nasty as ransomware found on Windows machines. If you're wondering how did these Macs get infected, you'd be surprised to know that the malware came from a legitimate website that has a popular BitTorrent application that millions of people use. In short, the bad guys were able to compromise the company's website, upload their package of the application, and everyone who downloaded the 2.9 version became infected once they installed the BitTorrent. In the end, if your Mac was without an antivirus application that had an anti-exploit technology, you were left with two choices: pay 1 Bitcoin ($400), or wipe your system and restore from a backup.

As bad as that sounds you might still say, "I don't use BitTorrents, so I'm safe." While it may be true that you don't use BitTorrents, you do, however, surf the internet and communicate (text, chat, email). Meaning that you could catch other malware created solely for Macs. Take for instance OSX/Dok. This ugly little piece of malware can intercept all your web traffic, including HTTPS (the secure protocol that your bank and reputable companies use to send financial information). Oh, things get worse about this piece of malware like Remote Access Trojans, aka RAT, but it suffices to say that only after it infected many systems (all without antivirus), did Apple revoke the developer certificate. I'm not saying that Apple was slow on the uptake (they had no idea this thing was out in the wild, simply because it was a new piece of malware), but I am saying that Apple cannot protect you from unknown malware. That means all of those Mac users who think XProtect (which is part of File Quarantine built into your Mac) is an antivirus, unfortunately, are mistaken. XProtect is simply a list that has known malware on it. This list doesn't contain all known malware, won't clean up your Mac if you decide to open the program, and most certainly won't protect you against adware (those annoying ads that can freeze Safari and other browsers). Nor will XProtect stop spyware (the category that adware falls under, which collects information on your computer activities). Lastly, XProtect is without heuristic capabilities that real antivirus applications have, so it can't guess as to what may, or may not be malware.

By now it should be obvious that Macintosh systems are coming under attack and that the protections built into your Mac aren't an adequate defense against this expanding malware problem. Additionally, the attacks against Macs are going to get worse as Apple gains popularity (currently, the number of Macs in homes and markets are nowhere near the number of Windows systems). Also, Macs are now being seen in more businesses today as BYOD (Bring Your Own Devices) becomes standard practice for most of the corporate realm. So, what can you do to protect yourself and make your IT department happy at the same time?

First, buy an antivirus application. Yes, there are free antivirus applications, but the ones that perform the best are usually the paid ones. The top 9 antivirus applications for Mac are Bitdefender, Kaspersky Lab, Norton Security, ESET, Sophos, Intego, Panda, F-Secure, and Avast [2].

Next, harden your system by using the built-in features of your Mac:

(A) Go to "System Preferences" and click "Security & Privacy."

(B) Now, set a password and require that it be input if the computer goes to sleep or the screensaver starts up. Make sure that the Gatekeeper feature has your preference of "App Store" or "App Store and identified developers" selected so that you can install the applications you want.  

(C) Turn on FileVault to encrypt your hard drive or SSD (Solid State Drive). FileVault lets you rest assured that if someone steals your Mac that they won't be able to read any of the information on it.

(D) Turn on the firewall if your antivirus application doesn't come with one.

(E) Only allow applications under the "Privacy" tab to have access to the programs that you want them to.

(F) Turn off the "Guest" account under "Users & Groups" in System Preferences. If you're not using it, then it doesn't need to be available (it allows anyone to use your Mac when they are in front of it).

(G) Turn off all sharing that you're not going to use. You can do this by going to System Preferences, "Sharing." All the names are self-explanatory, so deselect everything that you don't plan on using.

(H) Get all the updates you can. Go to System Preferences, "App Store" and check all boxes except the "Automatically download apps purchased on other Macs." You can check that last box but only if you like that sort of thing (it's more of a convenience feature than a security one).

(I) Check mark the "Ask to join networks" under System Preferences. Having this checked stops your Mac from automatically joining wireless networks that are open.

(J) Turn on "Find My Mac" under System Preferences. Once you turn this option on you'll be able to see the location of the Mac if it happens to fall into the wrong hands. Don't go kicking down doors to retrieve your Mac, simply take a snapshot of the screen to give to local law enforcement, and then call AppleCare to have them note the incident within their logs against your serial number. That said, Apple cannot recover your Mac. However, it will be a tough day in court for the bad guy if you have everything annotated. (I was on the Security & CPU team for AppleCare so don't think you can bypass Apple's policies and badger them into hunting down your Mac. It's not going to happen.)

(K) Turn off Bluetooth when you're not using it. You can do this under System Preferences, Bluetooth, and set it to the off position by clicking the button (on/off). By doing this, you'll lower your chances of Bluetooth attacks and save battery life.

(L) Limit what apps have access to under "Internet Accounts." You can edit these options in "System Preferences, Internet Accounts."

(M) Designate an external hard drive for your backups with "Time Machine." If you have two external hard drives, then place an initial backup on one and disconnect it. Next, connect the second external hard drive and let Time Machine perform its incremental backups. If you do it this way, you'll have a backup that no ransomware can touch and another that will keep up with your daily activities.

(N) Turn on the Firmware password to stop someone from trying to boot into Recovery Mode (CMD + R) when they start up your Mac. You can do this by booting into Recovery Mode (hold the Command "CMD" and "R" buttons when the Mac is starting up) then:  

(I) Select your preferred language

(II) wait for the Utility screen

(III) Select "Utilities."

(IV) Choose "Firmware Password Utility."

(V) Input a 10-15 Alphanumeric password with special characters sprinkled in. (Put this password in a secure place because not even Apple can help you recover it.)

(O) Open Safari, go to "Preferences," select "Security," and check all the boxes.

(P) Keep Safari and the "Preferences" section open and click "Privacy." Choose "Allow from websites that I visit" from the "Cookies" section. From the "Website use of location services" section select "Prompt for each website once each day."

After you harden your Mac with its built-in features, you can use third-party applications to make the "roads" to the Internet a bit more secure. You can do this by purchasing a VPN (I use Cloak). With the powers that be (Congress & POTUS) giving ISPs free reign to sell your information and monitor nearly everything you do, a VPN is a superb tool to add to your utility belt. Think of it as your Batmobile to traverse the spaces of the Information Superhighway (I still remember when they used to call the Internet that).

To sum all of this up, it will take a bit of upfront work to stave off malware from your Mac, but it's only a one-time effort that ends up paying huge dividends. Security is a must nowadays because computers have millions of lines of code, which can lead to flaws. Apple has done an excellent job in giving you, their consumer, a relatively secure operating system (the Mac is a Unix-based system with sandboxing,) but it can't keep all evil characters at bay. You must be willing to go a step further (harden your system), and to stay vigilant of your actions (security awareness) when you're surfing the World Wide Web (WWW) or checking your email.

Take care on the virtual roads of the WWW my friends, and know that us savvy people at Experts Exchange are here to answer any questions that you may have.

Sidenote: If you're a business person who needs to train their personnel on how to be responsible stewards of your company's computer information, then world famous computer security expert Winn Schwartau aka the "civilian architect of information warfare" has professional done videos for you. Here is his link: Link


[1] Vrijenhoek, Jay. "OSX/Dok Can Read Encrypted Web Traffic, Open a Backdoor." The Mac Security Blog. The Mac Security Blog, 09 May 2017. Web. 20 June 2017.

[2] "The Best Mac Antivirus Software of 2017 | Top Ten Reviews." TopTenReviews. N.p., n.d. Web. 20 June 2017.

[3] Howard, Rick. "Threat Brief: WanaCrypt0r– What We Know." Palo Alto Networks Blog. N.p., 20 May 2017. Web. 20 June 2017.

Justin Pierce, MPS-CRM, CNDA, CEHSenior Cybersecurity Engineer @ NASA | Certified Ethical Hacker | Combat Veteran
Dream not of today. ~ Jean-Luc Picard

Comments (1)

David AndersTechnician

Turning on firmware passwords and encryption requires perfect password records and backup habits.
A dying encrypted drive is beyond my recovery skills.
I have dealt with the problems caused by both many times and have yet to deal with malware.
Adware, scareware, phishing, identity theft yes, I have been called to fix these.
But, I deal with individuals and small businesses.

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.