Security on MAC OS

al4629740
al4629740 used Ask the Experts™
on
I am in the throes of trying to secure some of our home users and their Macs.  I really don't know where to start to be honest since I'm not a Mac guy.  What type of firewall does a typical Mac have?  Does it need to be enabled?  Also what are some other security features that a Mac has that I would want to take advantage of?  Do I really need to consider virus protection or is there one by default similar to Windows defender?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Fractional CTO
Distinguished Expert 2018
Commented:
Generally Macs don't require the same level of constant Malware Warfare required to keep Windows running.

I've been using Macs for decades now + I've never used any nonsense software like I had to use on Windows.

This said, I have fairly good email scanning running on my incoming SMTP server, so I rarely have any files arrive with Malware.

Likely what you install + run will depend on the sophistication of the person/people using the Mac.

If users are clueless, precautions might be useful.

If users are smart, likely no additional software is required.

Author

Commented:
Let’s say they are clueless, then what precautions are we talking about?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
The prime defense is a good anti virus (one for MAC) and a top notch spam filter (to reduce / eliminate ransomware)
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Posted separately, here is a top ten list for MAC AV

https://www.antivirussoftwareguide.com/best-antivirus-for-mac
The default firewall that's installed is BSD's pf -- the gui basically GUIfies the use of it, but under the hood it's pf. Vulnerable services are disabled by default; you'll probably want to use an application firewall. Look into Little Snitch.
The first thing to do is to turn on the built in firewall.  The firewall just blocks inbound traffic on standard ports that aren't needed by any apps you run.  
System Preferences -> Security & Privacy -> Firewall.
You can go to advanced settings and individually block any app you don't want to have access.

If you don't need them, turn off all sharing in System Preferences -> Sharing.  That will go a long way to protecting yourself from local network attacks.  If you don't have any of those services running, it reduces your attack footprint.

Install a good free AV.  Here's a link that isn't an ad link from Google: https://www.digitaltrends.com/computing/best-free-antivirus-software-for-mac/

There still aren't very many Mac Viruses out there, but they do exist.  All the Mac AVs mainly scan for Windows Viruses to prevent the spread to others.  If you don't connect much with other users, you can still somewhat get away form using an AV, but it's no longer a good idea if you're not technically savvy.  Install a free AV, and that should be sufficient.

Use a browser that allows you to install an ad-blocker.  Malicious Ad sites are how they attack your computer now.  Install Privacy Badger, instead of Ghostery, to block trackers.  I used to not recommend this others so that sites can get paid, but greedy, malicious advertisers are increasing in numbers.

Learn to browse in Incognito mode on Chrome or Private Window on Firefox to reduce the tracking.
Distinguished Expert 2018

Commented:
Generally Macs don't require the same level of constant Malware Warfare required to keep Windows running.
Not exactly true. While MacOS does have a very different core (based around BSD, in the UNIX family), it is still susceptible to bugs and malware. One case of this was proven back when Steve Jobs bragged about Mac users never needing AV. There's simply a lot less value in targeting MacOS users than Windows users (much smaller user base). Sophos is one of the many AV solutions available that's fairly common for Macs.

A lot of computer safety does come down to commonly mentioned things: 1) Be careful where you open attachments from. 2)  Only download software from trustworthy sources (i.e. do NOT download from download.com)
Just to add...
Generally Macs don't require the same level of constant Malware Warfare required to keep Windows running.
This is mainly because Macs are not targeted as much as Windows or Linux because it's not a large Market share of systems out there.  It's not in any way proof that Macs are more secure.  I would say that Macs are ~10 years behind Windows in actual security, because they haven't been subjected to constant attacks like Windows has.  If Macs ever reach a high enough market share to be really targeted, expect them to more easily fall to attacks, until those holes are patched.

Linux systems are attacked to be the Command and Control centers to the numerous bots that run on Windows.  Some of those bots also run on Macs to a limited extent.  If they're just using scripted languages, they work better on a Mac.  The ones that need a Linux ELF binary will just fail.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial