macOS encryption and AV controls

Do macOS come with any full disc encryption and option for encrypting inserted USB before they can be written too, similar in fashion to bitlocker and bitlocker to go on later releases of windows OS. If they do can you provide details, and any tips on how you could verify that these encryption controls (FDE and USB) have been applied to all devices in the environment? we need some assurances from a partner for security audit and are aware they run macos.

out of interest are there any major providers of anti virus for macOS or does the OS itself have any inbuilt AV similar to windows defender?
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Peter HutchisonSenior Network Systems SpecialistCommented:
MacOS comes with a feature called FileVault (see System preferences, Security and Privacy) to encrypt the startup disk. I cannot see if it will apply to USB sticks though.

MacOS does not have any anti-virus facilities included. There are plenty of third party providers incl. AVG, Clamavx, McAfee,  BitDefender, Avast etc.
0
serialbandCommented:
To enable Filevault.
Open System Preferences.
Select Security & Privacy.
Click the Filevault Tab.
Click on the Padlock on the lower right to unlock.
Click on Turn on FIlevault.
https://support.apple.com/en-us/HT204837

For the external disk,  Select the Disk in Finder.
Right Click (or Control click)
Select Encrypt "Disk Name"
https://kb.mit.edu/confluence/display/istcontrib/Enable+FileVault+on+External+Disks+in+OS+X+10.9+and+up

As for AV for Mac, it's probably more effective to install an Adblocker in your browser.  AVs scan for only a handful of Mac viruses and mainly scan for Windows Viruses to prevent infections to Windows.  You'll want to use a Rootkit Scanner too, for after the fact.
0
Peter HutchisonSenior Network Systems SpecialistCommented:
There is more than a handful of MacOS viruses about, it has grown a lot. Just check out the list of available malware for MacOS here:
https://www.mcafee.com/apps/search/threat.aspx?q=MacOS&v=malware®ion=uk
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

btanExec ConsultantCommented:
This has good info of Mac OSX which is also  virus free
A recent report by Malwarebytes has suggested that Mac malware grew by 270 percent in 2017.
https://www.macworld.co.uk/how-to/mac-software/can-macs-get-viruses-3454926/

Having said that, Apple itself has included a number of security measures that make attacking a Mac particularly challenging. Overall is towarda reducing the attack surfaces.
These include Gatekeeper, which blocks software that hasn’t been digitally approved by Apple from running on your Mac without your agreement.

The Mac's malware scanning tool, Xprotect, works invisibly and automatically in the background and requires no user configuration. Apple has a list of malicious applications that it checks against when you open downloaded applications. Updates happen invisibly too. This is similar to having antivirus software from another software developer running on your Mac.

App sandboxing isolates apps from the critical system components of your Mac, your data and your other apps, so they shouldn't be able to access anything that could allow them to do any damage.

There's also anti-phishing technology in Safari that will detect fraudulent websites. It will disable the page and display an alert warning you if you visit a suspect website.
0
serialbandCommented:
Ok, so 2 handfuls + a bit of Mac OS X viruses.

270% increase from  3 = 11.  The vast majority are still Windows Viruses.  Several of the Mac viruses are already shut down.

Again, the scanners do an after the fact scan.  They do not catch 0-day attacks.  Because of gatekeeper and such, a Adblocker as a first line of defense is more effective at keeping malware at bay than just using a virus scanner.
0
btanExec ConsultantCommented:
For author advice
0
btanExec ConsultantCommented:
No further inputs received.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.