How to set up security on a new MacBook

Allie Watts
Allie Watts used Ask the Experts™
on
I have a MacBook Pro. All my software was updated last week, but I want to make sure my new device is protected. What other security software would you recommend or would you recommend any?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kyle SantosSoftware Test Analyst I at Dassault Systemes

Commented:
I followed Justin's advice about Intego.
https://www.experts-exchange.com/posts/245/I-know-I've-said-and-written-about-it-a-billion-times-but.html

I also use a VPN, Avast's SecureLine.  This is one VPN that's been very reliable and the internet speed is still very fast while other VPNs slow it down.
btanExec Consultant
Distinguished Expert 2018
Commented:
Can catch these useful tips as baseline hardening https://www.macworld.co.uk/feature/mac/22-tricks-improve-mac-security-best-tips-3643100/
Here are the software for consideration
OS X/macOS offers no built-in way of blocking outgoing connections but third-party apps like Little Snitch (circa £30) and Hands Off (£38.95), or an outbound firewall found in anti-malware tools from the likes of Intego, Sophos and Symantec, will do the job with aplomb.

password manager like 1Password (£3.99 a month) or Dashlane (£38.99 a year). These apps allow you to create and store robust passwords and sync them across all your devices. Crucially, however, they encrypt the data and allow allow access when you type in the master password.

The second app is from the same clever people who make KnockKnock, and it's called BlockBlock. This runs in the background of your Mac via a menu bar icon and monitors all the locations in which persistent apps install themselves.

If any app attempts to install persistently then a pop-up dialog box will appear telling you, and it’s down to you whether you allow it or ban it. Again, BlockBlock is not an anti-malware tool so doesn't know what's legitimate or not. That's for you to work out.

In addition to Bitdeferender Virus Scanner, we also recommend the occasional use of Malwarebytes Antimalware, which focusses mostly on uncovering and removing adware - which is to say, hidden code within certain apps that aims to hijack your computing experience to show adverts on the desktop or in your web browser.

In other words, any and all requests you make for websites via DNS can be snooped upon by others while the data is in transit.

The DNSCrypt app and project overcomes this by simply encrypting DNS requests both to and from the DNS server. You can download the app from the project's home page and setup is pretty simple once it's installed

a true HTTPS Everywhere extension for Safari is presently impossible to implement in a way that provides maximum security. Nonetheless, the SSL Everywhere extension brings something very similar to Apple's browser.
I don't believe in clicking "affiliate" URLs for Intego or any other products and Intego is not top of the heap for AV or Firewall in any case.

There are several postings here on AntiVirus and Anti-Malware for OSX - Avast/ESet and BitDefender are usually ranked in the top 4 or 5 of solutions
https://www.experts-exchange.com/questions/29062482/AntiVirus-for-Mac.html
https://www.experts-exchange.com/questions/29068129/Good-policy-for-MAC-Laptop-OS-X-Antivirus-programs-and-procedures.html

In terms of Firewalls .. the OSX in-built one is basic and hard to configure but a configureable firewall is a lower priority if you enable the OSX one by default.

VPNs are completely optional but if you've a laptop and move about a lot then they SHOULD probably be used when away from your home/office network although it does not offer any protection from viruses or malware.

I'd say ALL OSX users should have an AntiVirus software .. enable the OSX Firewall .. turn off all the FILE SHARING functions in System Preferences unless you need them .. and while away from Home/Office turn them off (again unless you really need them and understand the security implications).
Personally I use NordVPN when travelling abroad on iPhone/iPad and OSX devices
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

I fully echo @Eoin's post.

Apple has a built-in Firewall that's sufficient for the typical user.
Avast, ESet, and BitDefender are ranked in the top 3 AV for Macs.  I've never really heard of Intego either.  As always, most AV is scanning for Windows viruses to prevent the spread to Windows users.  There's still only a handful of Mac viruses, because Macs are still a small niche.  You still do need an AV for a Mac as the number of viruses or malware attacks is no longer zero.

I would add that you should install an adblocker on your Main web browser, as that is now a major vector of attacks from all platforms.  This is probably more important than AV software for a Mac user to prevent malware attacks.  You could probably still forego AV if you had an adblocker installed, but only if you understand your system deeply enough.  3-4 years ago, I would not have suggested an ablocker or a Mac Antivirus for the average user, but now they're essential.  Definitely turn off all sharing until you need to use it.

VPNs are optional unless you have a specific need.  I suggest that you do not log in to unknown WiFi networks in the first place.  Just learn to use SSL sites and recognize when you're not on an SSL site when you have to enter private data.  If you're not able to do that, then you may need to use a VPN.
btanExec Consultant
Distinguished Expert 2018
Commented:
With the like of ransomware rampage, AV will need (not replace with) more intelligent helpers too. I know the AV candidate shared by experts also are upping their stance against this threats. One helper is the RansomWhere? app. Simply, it runs in the background (same as AV) and watches for any activity that resembles the rampant encrypting of files, and seemingly recursive read/write access to files which is unlikely a normal user doing. It is highly a ransomware attack going on and then it will halt the actual implicated process and alert you what's happening.

I understand there is XProtect, a built-in anti-malware (or antivirus) functionality. It was added  back in 2009 with Mac OS X 10.6 Snow Leopard. It is useful, but not perfect. It’s a fairly rudimentary antivirus. It only checks downloaded files run through File Quarantine. Probably just a convenient way for Apple to blacklist individual pieces of malware. But it doesn’t take care of cleaning up any existing infections and doesn’t check to make sure your Mac is clean in the background. So always good to have helper around for the additional watch over... together with Gatekeeper, the two can stop KeRanger ransomware. Application whitelisting is a must have strategy.

Most recent Mac ransomware also attempts to spread via "under the cover" apps (unwanted add-ons) designed to let you use commercial software for free. Therefore, avoid all dodgy software like this and downloads from any unknown sites.

But there is no silver bullet in the security layer, we make it harder for malware to attack but not formidable. Your key asset is your data. Invest in securing your data backup. For example, in past KeRanger ransomware outbreak, it  attempted to also encrypt Time Machine backups, so you might choose to use a third-party app like Carbon Copy Cloner instead to backup your files. Key is to have copies of backup off the machine and somwhere that you are comfortable - I known cloud backup is convenient but it can also be leaky so it is best to have encrypted data on those if you going for it and you hold the key to open those data. Otherwise, have a cloned bootable copy is good as you needed when disaster strikes and call for quick recovery
AV is reactionary.  Even with AV watching, some files will get encrypted and you still need disconnected or offline backups.  Since the OS is much tougher to hack than it used to be, the main line of defense is the user.  If the user is going to just click OK on every link, then there's no stopping any new attacks, even with AV and adblock.  You need offline backups.
Allie WattsDemand Generation & Digital Marketing Specialist

Author

Commented:
Thanks so much for all the excellent advice everyone! I will be setting up security measures on my Mac this week.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial