It always surprises me how many people with MacBooks sit in coffee shops or elsewhere, happily using public wifi, thinking that they are impervious to viruses, worms, snooping and hacking. If you are one of these folks, I’m sorry to tell you, but… you have been misinformed.
…alas, it’s not your fault! Apple has led you to this belief through false advertising. You have also probably been mislead by the fact that as a mac user you are, in fact, less likely to catch a malware bug than your buddy the PC guy or gal. However, that doesn’t mean the risk isn’t present; as macs become more and more popular these days, they become more likely targets.
That’s the bad news… but here’s the good: There are some very simple, free (and some less than simple, and less than free) things you can do to add extra security to your Mac running OSX.
Let’s remedy that unprotected mac.
For the following list of actions/software, I’m going to assume your computer is running the latest OSX 10.9 (Mavericks). However, this list is easily compatible going back to Snow Leopard, at least, if not further as of its writing. OK, here goes…
First – the easy / free stuff that everyone should do, NO EXCUSES!! <— don’t roll your eyes at me 😉
There were a slew of Apple ads that aired several years back, where several claims are made that Mac users dont have to worry about viruses, etc.. <— REALLY!? Way to go Apple; not only have you failed to enable your built in firewall in every version of OSX up to and including Mavericks (released October 2013), but here you are advertising (falsely, mind you), that your software is incapable of getting viruses. WOW. That’s irresponsible. http://en.wikipedia.org/wiki/Get_a_Mac
Let me set the record straight. Mac’s can and do get malware, viruses, get hacked, etc.. Just not as frequently as PC’s. And, it’s very easy to protect yourself with an Antivirus program.
There are several free AV solutions for OSX available. My favorite is Sophos for Mac HE.
Follow this link: http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx. Download and install… yay! It will autoupdate itself, and even scan sites you visit in realtime to try and prevent exploits from ever reaching your browser.
Enable & configure the built in OSX firewall (incoming):
firewallin the search box and click
Turn firewall on or off:
Turn on the firewall (if the settings are greyed out you need to unlock them using your password by clicking the little lock icon in the lower left corder):
Now that the firewall is on, click on
Check off the two bottom options and click
Note: OSX firewall protects incoming connections only, see the outgoing firewall (little snitch) description further on in the article for more details.
Use Chrome with plugins:
Chrome is a wonderful browser, and one of the most secure. My favorite part are the plugins.
Now for more in depth:
The above three items are the low hanging fruit; easy, free, and hassle free. They are enough for most people, but if you’re slightly paranoid / OCD about your computer, there is more you can do. As an added layer of security I reccomend runnning two additional programs at all times, as well as using a VPN when on public WIFI. Listed below are some commercial solutions; easily affordable, and WORTH EVERY PENNY!
Little Snitch Firewall (outgoing only):
There are two types of firewall, incoming and outgoing. I’m not going to get into deep detail here, but the basic difference is pretty easy to understand:
The first and most common type is the incoming firewall. There is one built in to OSX as described above that will generally stop rogue programs from making connections to your Mac from the outside world (including that free WIFI network at the local Starbucks).
However, if you happen to contract a nasty little worm or trojan on your mac somehow, it will be phoning home all day and night without you ever knowing. That is, unless you have an outgoing firewall to block it. Enter “Little Snitch”, an AMAZING little program that asks for permission for all outgoing connections from your mac to the internet and even local networks.
Little snitch can be a hassle at first, you must train it to allow all your normal programs to connect out so they can function properly. Once you have installed “Little Snitch”, the easiest thing to do it click “allow all”, “forever” for all popups from programs that are known, which is pretty much everything on a new computer.
By default, the options are set to
Until Quitfor a specific server and port as shown in red below.. but that means you will have to deal with this popup every time you start chrome; not only that but every website you visit will display several of these, one for each connection it makes on the back end; which for many modern websites can be 10’s of connections. I prefer to lose a little bit of the security here to make my life 50 times easier by setting the options as shown in green below (for most programs, especially web browsers):
If you have trouble identifying if some program thats trying to connect is legit or not, use the google, or alternately, click “deny” and see if something stops working correctly <— this can be a PITA, BTW, for most users.
I love this program because now that I can have trained it, it doesn’t bother my with popups, and I feel good knowing that IF some trojan or backdoor is calling home at any time in the future, Little Snitch will let me know about it.
As a bonus, Little Snitch includes a really robust network monitor that allows you to see which program is currently connecting to the network, and where it is connecting to, even the bandwidth its using:
- iStat Menus is THE BEST software for unobtrusively monitoring whats going on with your hardware and network on a mac. Its a sweet little program that sits in your taskbar and lets you know, cpu usage, mem usage, network usage, hard drive activity and much more. Its completely customizable and comes with a half month trial before you have to buy. It’s well worth the $16 if you ask me. Here is a screenshot of the bandwidth monitoring in action:
If you don’t already know, a VPN can provide security and low grade anonymity when using public or other insecure connections to the internet.
When you are on public WiFi, for instance, anything you send over the network is sniffable by anyone else on that WiFi network. Most banks, email providers and even Facebook nowadays use HTTPS which creates a secure tunnel between your browser and the server, but to dually protect yourself and any information you are passing back and forth with the internet form your lappy, you should be tunneling everything through a VPN. You can see a nice list of providers and their encryption tech here.
There are plenty of VPN providers out there. Take a look at the link above and compare for yourself. Try a few. Some are better than others, and most are inexpensive and/or have a money back trial period.
I Hope this info was helpful. Please let me know if you have any questions or other suggestions in the comments below.