Tactical Advice

Mind the Mac: 8 Security Tips and Tricks

The myth that Macs don’t require security simply isn’t true.
Mind the Mac: 8 Security Tips and Tricks

Because Mac computers as a whole have always had a smaller slice of the PC market compared with Windows-based PCs, many Mac users have found that switching from a Windows PC to a Mac means a reduction in malware attacks.

But that doesn’t mean that Macs are completely impenetrable. The Flashback Trojan has been in the headlines as of late, with many writers and bloggers using the incident to say, “See! Told ya Macs could get infected.” Apple has already released a patch to address the Flashback Trojan, but that doesn’t mean Mac users can revert to a carefree state of mind when it comes to security.

Scott Lowe, a BizTech Must-Read IT Blogger and EMC employee, has been an enthusiastic Mac user for some time. He offers 8 tips to help Mac users secure their devices.

1. Use the BSD-level ipfw firewall. Mac OS X is, at its core, built on FreeBSD. This powerful UNIX layer offers an equally powerful stateful firewall in the form of ipfw. If you aren’t using ipfw, I’d encourage you to take a long, hard look at starting to use it. It provides a powerful ruleset to give you tremendous control over the types of traffic that are allowed into (and out of) your Mac. To help encourage people to use it, I recently published an article on how to configure ipfw on Mac OS X. (Keep in mind that Mac OS X 10.7 “Lion” prefers pf instead of ipfw. I hope to post an article on that soon as well.)

2. Use the built-in Mac OS X application-level firewall. Mac OS X ships with a pretty GUI for a built-in application-level firewall in System Preferences. I recommend that you turn it on, and select which applications you want to accept incoming connections. Some people have asked, “Why both firewalls?” This is a fair question. The built-in application-level firewall simply allows or denies inbound traffic on a per-application level, but doesn’t — to my knowledge — offer any more granularity than that. Using the built-in application-level firewall in conjunction with the BSD-level ipfw (or pf) firewall gives you the ability to specify which source addresses or networks are allowed to make connections to applications. This means that you can allow iTunes connections at the built-in firewall layer, and then use ipfw (or pf) to only allow connections from your home network subnet.

3. Use an outbound application-level firewall. The built-in Mac OS X firewall in System Preferences only controls inbound traffic. What about outbound traffic? Do you know what processes and applications on your system are communicating with the outside world? I use Little Snitch, which I believe to be an excellent choice in this area. (No, I don’t have any affiliation with Objective Development.) Little Snitch gives you the visibility to know what applications and processes are communicating and on which protocols and ports.

4. Use an account without administrative privileges for day-to-day use. While this won’t thwart all security problems — Flashback.K still works, for example — it’s still a good idea. I also recommend that you only install applications using a separate account with administrative privileges. This forces you to log off, log on as the administrative user, then install your application(s). While this is a bit of a hassle, the security trade-off is, in my opinion, worth it.

5. Disable the opening of “Safe” files. Safari has this feature enabled by default. I recommend that you turn it off, and check to make sure it’s turned off in other applications as well.

6. Use an AV application. Yes, yes, I know — Macs don’t get viruses. Tell that to the 600,000 Macs infected with the Flashback Trojan. And while Flashback isn’t technically a virus, at this point you’re just splitting hairs. I’m using the free Sophos AV Home Edition for the Mac and feel that it is pretty good, but there are numerous others. Find one and use it. (This is a recent addition to my own security strategy.)

7. Stay updated. I encourage you to run Software Update on a regular basis. If you’ve followed the advice of #4, this means you’ll need to log in as an administrator and run Software Update. Make it a point to check regularly.

8. Don’t run the standalone Adobe Flash Player. Instead, I use Google Chrome when Flash is required, which comes with its owned patched version of Adobe Flash that is generally regarded (last time I checked) to be a bit safer than the standalone version of Flash. Yes, this means that I need to switch back and forth between browsers (Safari for day-to-day use, Chrome for Flash use), but this is a task that AppleScript easily solves.

Using these tips, hopefully Mac users will be able to compute safely and prosper.

For more great content from around the web, check out the 50 Must-Read IT Blogs from BizTech.

Sign up for our e-newsletter

About the Author

Ricky Ribeiro

Online Content Manager

Ricky publishes and manages the content on BizTech magazine's web site. He's a writer, technology enthusiast, social media lover and all-around digital guy. You can learn more by following him on Google+ or Twitter:


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.