Improve Mac Security

Out of the box, the Mac is reasonably secure, improving your web browser security with add ons and installing a good Antivirus package will increase security significantly.

Anti virus / security packages:
Several AV programmes feature a full security suite at aditional cost. They usually require OS Sierra or above. The following are worth considering:

Sophos home / premium is my preferred solution.

AVG is a very good free solution.

Avast very good as it supports older versions of Mac OSx from 10.6.8, for now. However it harvests data.

Knock Knock (Mac only) whilst not AV as such it does show you what is persitently running on your Mac and help identify those programs and their location.

Destroy advertising – I mean totally, completely utterly destroyed:
Browser attacks are often launched from malware laden adverts, this technique was used to attack computers from adverts served from the BBCs website a few years ago. Whilst the Adblock Pro and U Block Origin are very good, the best way to destroy adverts is to use pi-hole DNS servers see: https://pi-dns.com for more. Some web sites detect add blockers and request you allow their adverts. No thanks Pi-hole blocks everything. There service also supports DNS over https in addition, but needs to be configured.

Your web browser and e-mail are popular attack vectors:
Attacks are frequently via e-mail with links to malware/phish sites, therefore it is essential to control spam and delete any received. It’s essential to learn to recognise ‘social engineering’ e-mail whilst making your web browser as resillient to attack as possible, locked down against malicious scripts, malware and hostile cookies. “Your account has been hacked…” – usually means nothing, bad spelling English and false claims make these stand out.

Mozilla Thunderbird (Tb) has long been my POP3 e-mail program, I’ve yet to see anything better.

Mozilla FireFox (FF) has been my primary web browser for many years and it supports a good choice of security ‘add ons’. These are easy to install and configure. Google Chrome is best avoided as its a privacy disaster. Whilst Safari is to be honest, best left alone. I sometimes use it but flush all cookies afterwards.

I seriously hope windows users have abandoned Edge and Internet Explorer, neither were fit for purpose from a security perspective. Microsoft were never ‘up with the hunt’ where security is concerned.

Firefox security can be improved significantly using the add ons listed below. To search for FF add ons: In the top menu, its: Tools > Add-ons then search and install your desired add-on.

Stop browser fingerprinting: Why do companies do this? So I use the CanvasBlocker add on to prevent this unwanted activity, best known as spying.

Stop uncontrolled scripts: It is really vital to limit scripts in your browser which can connect to dozens of web sites behind your back. The No-Script add-on limits scripting activity in your browser and you have to set permissions for each site. Initially all your sites will need script permissions assigning, which can be a bit annoying but they remain and once configured No Script will only require adjustment as you visit new web sites. This add-on alone is excellent and will prevent a lot of malicious script attacks.

Ghostery: Ghostery controls tracking and advertising cookies, it already has a preconfigured database of hostile cookies and trackers and allows you to set permissions if required.

U Block Origin: Like ghostery this filters out unwanted irritating adverts that take bandwidth and waste time. There is virtually no control over advertising on the web, as the BBC discovered anyone can rent ad space and sling ransomware or anything… Can you trust the BBC? Not anymore.

Multi account containers: containers runs the selected browser tab in an isolated sandbox – nothing in and nothing out, it then deletes everything in the sand box on exit. Use containers for banking and on-line shopping or anything where improved security is highly desirable.

Smart https: This automatically changes HTTP protocol to HTTPS, where possible and if loading encounters error, reverts it back to HTTP. You might like to consider using DNS over https which Firefox supports and is being implemented in other browsers. This means DNS is resolved by encryption over port 443 as opposed to in plain text over port 53. This means that your ISPs DNS servers are not used, so it’s a bonus for both privacy and security.

Cookie AutoDelete: does just that, decide to white/grey list domains and cookies will be erased when you close the tab if set to delete. It also protects your privacy as it stops google, fb etc following every site you visit by deleting their tracking cookies.

I dont use FaceBook, you might – a disgusting invasion of privacy in my opinion, the company has lied and lied again. If you must use FB then the FF add on: F.B Purity is essential to limit FB intrusion.

Facebook Containers another nice add on for Fb users that loads Fb in its own container. When you close the tab it logs you out of FB and dumps ALL Fb cookies to help prevent their trackers following and profiling your browsing activity.

Going further…

There remains the issue of web sites connecting to all manner of servers. Today, your personal information is the product and organisations like Google and Facebook etc take everything by any devious means possible. Whilst no-script controls this to a degree, a further layer can be added with Little Snitch – Mac only . LS is wonderful, it intercepts ALL outgoing traffic from your Mac and allows you to decide and block connections to servers that you consider intrusive (Google etc), un-neccessary or hostile attack sites with malware! The rule list is easy to configure or correct if you make an error. See here for an overview tutorial – it’s American, but a good introduction. I have used Little Snitch for several years and strongly reccomend it.

To test your efforts, just load up a site laden with garbage like The Daily Mail and see how much rubbish, adverts, trackers and other crappy scripts are stopped or blocked. DM – your advert filled trash rag is a fine testing ground :D.

Finally, if you download your e-mail then Mozilla Thuderbird is an excellent e-mail client. It can also be configured to restrict images in an e-mail as this prevents ‘pixel tracking’.

Remove the Adobe flash player plug in. In fact most Adobe software is fairly poor security wise but Flash is a security cullinder, rich in vulnerabities. Flash is often the hackers first choice of attack vector.

Thankfully flash will be retired in December 2020 and unsupported just get rid of it now! The Internet without Flash will be a safer and better place.

Getting slightly technical
If you really want to neuter these barstewards that proliferate on the Internet with their trashy malvertising, then consider modifying your hosts file, it’s fairly simple to do and there are plenty of pre-configured host files out there. Perhaps the most popular is the MVPs one. It simply sets a large number of known crappy websites IP to 127.0.0.1 or 0.0.0.0 and thus you will never load them in the background further reading here it’s Windows related but Macs and any other OS will use a hosts file, you just need to know how to edit it, this explanation is fairly good. However, it would be a great thing if someone could write a utility to do a host file edit.

All information provided ‘as is’ with no liability see our terms

One thought on “Improve Mac Security”

Leave a Reply

Your email address will not be published. Required fields are marked *