How to set up security on a new MacBook

I have a MacBook Pro. All my software was updated last week, but I want to make sure my new device is protected. What other security software would you recommend or would you recommend any?
LVL 4
Allie WattsDemand Generation & Digital Marketing SpecialistAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kyle SantosQuality AssuranceCommented:
I followed Justin's advice about Intego.
https://www.experts-exchange.com/posts/245/I-know-I've-said-and-written-about-it-a-billion-times-but.html

I also use a VPN, Avast's SecureLine.  This is one VPN that's been very reliable and the internet speed is still very fast while other VPNs slow it down.
1
btanExec ConsultantCommented:
Can catch these useful tips as baseline hardening https://www.macworld.co.uk/feature/mac/22-tricks-improve-mac-security-best-tips-3643100/
Here are the software for consideration
OS X/macOS offers no built-in way of blocking outgoing connections but third-party apps like Little Snitch (circa £30) and Hands Off (£38.95), or an outbound firewall found in anti-malware tools from the likes of Intego, Sophos and Symantec, will do the job with aplomb.

password manager like 1Password (£3.99 a month) or Dashlane (£38.99 a year). These apps allow you to create and store robust passwords and sync them across all your devices. Crucially, however, they encrypt the data and allow allow access when you type in the master password.

The second app is from the same clever people who make KnockKnock, and it's called BlockBlock. This runs in the background of your Mac via a menu bar icon and monitors all the locations in which persistent apps install themselves.

If any app attempts to install persistently then a pop-up dialog box will appear telling you, and it’s down to you whether you allow it or ban it. Again, BlockBlock is not an anti-malware tool so doesn't know what's legitimate or not. That's for you to work out.

In addition to Bitdeferender Virus Scanner, we also recommend the occasional use of Malwarebytes Antimalware, which focusses mostly on uncovering and removing adware - which is to say, hidden code within certain apps that aims to hijack your computing experience to show adverts on the desktop or in your web browser.

In other words, any and all requests you make for websites via DNS can be snooped upon by others while the data is in transit.

The DNSCrypt app and project overcomes this by simply encrypting DNS requests both to and from the DNS server. You can download the app from the project's home page and setup is pretty simple once it's installed

a true HTTPS Everywhere extension for Safari is presently impossible to implement in a way that provides maximum security. Nonetheless, the SSL Everywhere extension brings something very similar to Apple's browser.
1
Eoin OSullivanConsultantCommented:
I don't believe in clicking "affiliate" URLs for Intego or any other products and Intego is not top of the heap for AV or Firewall in any case.

There are several postings here on AntiVirus and Anti-Malware for OSX - Avast/ESet and BitDefender are usually ranked in the top 4 or 5 of solutions
https://www.experts-exchange.com/questions/29062482/AntiVirus-for-Mac.html
https://www.experts-exchange.com/questions/29068129/Good-policy-for-MAC-Laptop-OS-X-Antivirus-programs-and-procedures.html

In terms of Firewalls .. the OSX in-built one is basic and hard to configure but a configureable firewall is a lower priority if you enable the OSX one by default.

VPNs are completely optional but if you've a laptop and move about a lot then they SHOULD probably be used when away from your home/office network although it does not offer any protection from viruses or malware.

I'd say ALL OSX users should have an AntiVirus software .. enable the OSX Firewall .. turn off all the FILE SHARING functions in System Preferences unless you need them .. and while away from Home/Office turn them off (again unless you really need them and understand the security implications).
Personally I use NordVPN when travelling abroad on iPhone/iPad and OSX devices
2

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

serialbandCommented:
I fully echo @Eoin's post.

Apple has a built-in Firewall that's sufficient for the typical user.
Avast, ESet, and BitDefender are ranked in the top 3 AV for Macs.  I've never really heard of Intego either.  As always, most AV is scanning for Windows viruses to prevent the spread to Windows users.  There's still only a handful of Mac viruses, because Macs are still a small niche.  You still do need an AV for a Mac as the number of viruses or malware attacks is no longer zero.

I would add that you should install an adblocker on your Main web browser, as that is now a major vector of attacks from all platforms.  This is probably more important than AV software for a Mac user to prevent malware attacks.  You could probably still forego AV if you had an adblocker installed, but only if you understand your system deeply enough.  3-4 years ago, I would not have suggested an ablocker or a Mac Antivirus for the average user, but now they're essential.  Definitely turn off all sharing until you need to use it.

VPNs are optional unless you have a specific need.  I suggest that you do not log in to unknown WiFi networks in the first place.  Just learn to use SSL sites and recognize when you're not on an SSL site when you have to enter private data.  If you're not able to do that, then you may need to use a VPN.
1
btanExec ConsultantCommented:
With the like of ransomware rampage, AV will need (not replace with) more intelligent helpers too. I know the AV candidate shared by experts also are upping their stance against this threats. One helper is the RansomWhere? app. Simply, it runs in the background (same as AV) and watches for any activity that resembles the rampant encrypting of files, and seemingly recursive read/write access to files which is unlikely a normal user doing. It is highly a ransomware attack going on and then it will halt the actual implicated process and alert you what's happening.

I understand there is XProtect, a built-in anti-malware (or antivirus) functionality. It was added  back in 2009 with Mac OS X 10.6 Snow Leopard. It is useful, but not perfect. It’s a fairly rudimentary antivirus. It only checks downloaded files run through File Quarantine. Probably just a convenient way for Apple to blacklist individual pieces of malware. But it doesn’t take care of cleaning up any existing infections and doesn’t check to make sure your Mac is clean in the background. So always good to have helper around for the additional watch over... together with Gatekeeper, the two can stop KeRanger ransomware. Application whitelisting is a must have strategy.

Most recent Mac ransomware also attempts to spread via "under the cover" apps (unwanted add-ons) designed to let you use commercial software for free. Therefore, avoid all dodgy software like this and downloads from any unknown sites.

But there is no silver bullet in the security layer, we make it harder for malware to attack but not formidable. Your key asset is your data. Invest in securing your data backup. For example, in past KeRanger ransomware outbreak, it  attempted to also encrypt Time Machine backups, so you might choose to use a third-party app like Carbon Copy Cloner instead to backup your files. Key is to have copies of backup off the machine and somwhere that you are comfortable - I known cloud backup is convenient but it can also be leaky so it is best to have encrypted data on those if you going for it and you hold the key to open those data. Otherwise, have a cloned bootable copy is good as you needed when disaster strikes and call for quick recovery
1
serialbandCommented:
AV is reactionary.  Even with AV watching, some files will get encrypted and you still need disconnected or offline backups.  Since the OS is much tougher to hack than it used to be, the main line of defense is the user.  If the user is going to just click OK on every link, then there's no stopping any new attacks, even with AV and adblock.  You need offline backups.
1
Allie WattsDemand Generation & Digital Marketing SpecialistAuthor Commented:
Thanks so much for all the excellent advice everyone! I will be setting up security measures on my Mac this week.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.