Recently we wrote about Age Locker Ransomware Targeting Mac Users. In this article, we are going to take a more detailed approach on how to make sure your Mac computer is as safe as possible from attack.

Most agree that Mac computers are less prone to an attack, the reasons for this are manyfold, including the fact that there are less of them, that the macOS is more secure, but there is no doubt that you still need to take steps to protect your Apple computer from attacks.

To say that “Macs never get a virus” is very shortsighted, not least because viruses are not the only form of attack. Do not be lulled into a false sense of security that because you have a Mac, you are immune.

As the recent Age Locker ransomware attack showed, computer security is as much about what we choose to do and the care we take, as it is about the type of computer we have.

To help we have put together this article covering 8 areas you should consider, to make sure that what you are doing, or not doing, is actually making your macOS computer more vulnerable to attack, not safer.

Even if you consider yourself on top of your computer security, the chances are you could have missed one of these areas. If you would like to make your Mac computer more secure and keep your private data and client’s work safe, read on to see how you can improve your computer security.

1 - Don’t Disable The Computer’s Security Measures

Especially now, the macOS has a lot of built-in security features, including Gatekeeper and System Integrity Protection, all of which can provide an enhanced level of security and reduce the risk of an attack. However, disabling any of these drastically reduces your computer’s security as we learnt with the Chrome Varsectomy Bug.

In September 2019, some Avid Media Composer users chose to disable SIP (System Integrity Protection) to be able to use 3rd party video cards on their Apple computers. Because the video card driver software was ‘unsigned’, it failed the System Integrity Protection Apple has put in place to protect our computers from malicious code.

By disabling SIP any user is making their computer much more vulnerable, and as we saw with the Chrome Varsectomy Bug, Google Chrome ran, what turned out to be a faulty Google Keystone automatic update and caused the problem. Although, in this case, it was a faulty installer, it shows that it does not matter how clever the software is on our computers, if people choose to disable it then sh*t happens.

2 - Install A Robust Antivirus App

Even with all of these measures enabled the computer’s operating system does not fully protect your data from access and damage. You need to do more.

Part of the macOS security depends on Apple adding flags to suspicious or outright malicious software, which in turn results in the warning dialogue you see when you try to open them. But to do that, they need to update the macOS every time they find something new and to keep across every change is beyond what an OS developer should need to do. This is where Antivirus software comes in, as antivirus software can be much more agile.

However, over the years antivirus software has got a bad name as putting an unnecessary strain on Macs, slowing them down and adding unwanted load. Kirk McElhearn, co-host of Mac security firm Intego’s podcast and a writer on malware topics says…

“A decade or longer ago, the argument that antivirus software could slow down your Mac certainly may have had some merit, in some cases. But modern Macs generally have plenty of resources (processing power, memory, and disk speed) to allow antivirus software to protect you without any noticeable detriment to the Mac’s speed.”

Thomas Reed, Director of Mac & Mobile at security firm Malwarebytes goes on…

“So many people still feel like Macs don’t need antivirus software that, if you convince them to install something, it’s an instant failure if the performance takes a hit. If you’re going to install an antivirus app, then, you need to find one that’s not only trustworthy but fast, too. If your Mac slows to a crawl while your antivirus app is conducting a scan, you’ll soon run out of patience — potentially putting yourself at risk”.

There is no doubt that installing a good antivirus app will add an extra layer of security with little to no impact on your Mac’s performance. You do not even have to pay a penny, as there are plenty of excellent free options for you to choose from.

• Avast Security for Mac - It has a reputation to be effective and it’s free for noncommercial use, providing on-demand tools for quickly performing full-system malware scans. It also sifts through specific email threads, attachments, and various web activities. It even offers drag-and-drop scanning for individual files and phishing protection, along with the ability to scan external drives and attached volumes.

• Sophos Antivirus Mac Home Edition - Sophos offers all the basic utilities you expect from quality antivirus software. It has the custom, on-demand, and scheduled scans for specified files, folders, and drives, along with additional tools for deleting and quarantining any software Sophos deems a potential threat. Although the free version includes ransomware monitoring, webcam protection, and live support options, all of these expire after thirty days and you’ll need to get the $60 premium version to get these features back.

• Malwarebytes Anti-Malware for Mac - The Mac version started as an adware removal tool, but now, it’s a full-fledged tool for protecting your machine against other forms of malware.  This is not an always-on solution and is thus is more suited for performing manual scans. There are scheduling and proactive blocks, but these features expire after two weeks in the free version. You need the premium version for live protection, which starts at $40 for a year if these matter to you.

• Bitdefender Antivirus for Mac - This features a host of scan options, allowing you to quickly perform deep scans of your entire system, or those targeting specific locations. If you grant it access, the streamlined app even provides an option for scanning critical locations — such as your Mac’s launch agents and the entirety of your system library.  From the home screen, you can choose four different scanning options, in addition to an update button and a “view quarantine” button.

• Avira Free Antivirus for Mac - Avira has been designed to strike a balance between ease of use and quick access to advanced utilities. The software is equipped with standard spyware and adware protection, along with the ability to intercept harmful websites and block tracking. The software can also scan USB devices for any potential dangers. There are reports that Avira suffers from a lengthy installation and an update process that goes hand in hand with the software’s heavy use of system resources. However, when you consider the nonexistent price tag and its reputation for having a thorough antivirus engine, it’s an unfortunate downside.

If you would prefer a paid-for solution then there are plenty to choose from with products from the likes of Avast, BitDefender, Intego, McAfee and Norton.

But it’s not just viruses that antivirus software protects us from its as much, if not more, about Malware.

• Many types of malware threaten Macs and are becoming more common: Trojan horses, macro viruses, worms, spyware, and more

• Security flaws are found in the macOS, providing malware writers with opportunities to attack Macs

• Users who exchange files often with friends and colleagues face increased risks

• Booby-trapped web pages can infect your Mac when you simply visit infected web sites

• Your personal files need to be protected in case of loss due to software or hardware problems

• You have confidential files that need to be protected from hackers and prying eyes

In the end, there are plenty of bad guys, motivated hackers who will take the challenge if it means the reward is the ability to steal money from people, and there’s no question that they will make every effort possible to penetrate your Mac especially since as Mac users we tend to be more complacent about security in general.

Whichever way you go, please do not put this off to another day, you will regret it if malware destroys or steals your personal or client’s data.

3 - Secure Your Login Details

Many of us, especially those working at home, only have one user account on our Macs as we are the only person using the computer, so we don’t need for a password, right?

Wrong. Leaving your main account without a password means anyone who has access to your Mac can get straight in and grab your data. Even worse, if your main account has admin rights, which it usually will, they have even more power to cause damage and mayhem. Not only should you have a password but you should also have a strong password. That is a password that has a combination of letters buttons and symbols.

On a Mac changing your password is relatively easy…

1. Go into System Preferences and select Users and Groups

2. In the list choose your username and then click Change Password.

3. Click Login Options in the bottom-left corner.

4. At the top of the window, turn off Automatic Login.

5. Now go back to the main System Preferences menu, click Security & Privacy and select the General tab.

6. Tick the checkbox next to Require password and select immediately from the dropdown menu.

You should also create a Guest user account. This is a restricted account that cannot change system settings or install any software but is useful if your friend wants to quickly borrow your Mac.

1. Go to Users & Groups in System Preferences

2. Click the padlock and enter your password

3. Tick the checkbox to allow guests to log in.

Finally, if you have an Apple Watch or a Mac with a Touch ID button, you can use those to sign in. They are more secure than a password and easier to use.

4 - Strong Passwords Without The Pain

We are all guilty of it. With more and more accounts, each with a password, from online shopping to streaming services to Mac user accounts and everything in between, it is easy to take shortcuts and just start using the same easy-to-remember passwords for everything.

This is bad news, because once a hacker has found a password of yours then they will be able to access all the services you have that use the same password.

You need to create different passwords for each service but then you have the challenge of trying to remember them. When you forget one or two, you can find yourself going back to the same easy-to-remember password.

The solution is to use a password manager application. Again there are a few out there…

• LastPass - This offers free and premium (paid) features. Once you create a master password, simply import all saved login details, usernames and passwords, from Firefox, Chrome, Edge, Opera, and Safari and keep it secure, prompting you to do little more than remember your super-secure master password.

• Dashlane - This is designed to be is intuitive and straightforward, with two-factor authentication and the ability to change numerous passwords spanning multiple sites with just a few clicks. It even shares encrypted passwords with emergency contacts in case you have trouble with your account.

• 1Password - The features packed into this password management tool include a reliable password generator, username and password storage, secure sharing, and an intuitive user interface. It even includes a built-in watchtower service designed to notify you of ongoing website breaches.

• Keeper Security Password Manager - This offers a range of password solutions for enterprise, business, family, and personal use and is considered by some to be one of the most scalable password managers currently available. Custom fields allow you to keep passport info, driver’s license numbers, and other important records in the app.

• Bitwarden - This is a free, open-source password manager and is available on GitHub and open for anyone to evaluate. According to the company, this password manager is audited by independent security researchers and third-party security auditing firms. You can manually create items consisting of login credentials, a credit card, an identity (license, social security number, etc.), or a secure note. You’ll also find a handy password generator.

With all these tools, when it is time to fill out a password, the app does it for you, so there is no need to remember (or write down) your details. All you need to do is set a strong master password for your account and the app does the rest.

5 - Lost Device - You Can Find It

Even the most careful people can make a single mistake and someone will see an opportunity and take your precious device. If you have not secured your data, you could find yourself facing a privacy nightmare. That’s why it is so important to use Apple’s Find My app not only on iPhones and iPad but laptops and desktop computers too.

Although this tool is built into Apple’s operating systems iOS, iPadOS and macOS; you need to turn it on.

1. Turn on Location Services

   1. On your Mac, choose Apple menu  > System Preferences, then click Security & Privacy.

   2. Click Privacy, then click Location Services on the left.

   3. Click the lock icon to unlock it, then enter an administrator name and password.

   4. Select Enable Location Services, then select Find My in the list of apps.

2. Set up Find My Mac

   1. On your Mac, choose Apple menu > System Preferences, then click Apple ID. If you don’t see Apple ID, click Sign In, then sign in with your Apple ID or click Create Apple ID (if you don’t already have one).

   2. Click iCloud in the sidebar.

   3. Select Find My Mac, then click Allow (if asked) to allow Find My Mac to use the location of your Mac.

   4. If a Details button is next to Find My Mac, make sure you turned on Location Services and Find My in Security & Privacy preferences.

3. Turn on Find My options

   1. On your Mac, choose Apple menu  > System Preferences, click Apple ID, then click iCloud in the sidebar.

   2. If you don’t see Apple ID, click Sign In, then sign in with your Apple ID or click Create Apple ID (if you don’t already have one).

   3. Click iCloud in the sidebar.

   4. Select Find My Mac, then click Options.

   5. If you see a Details button, you need to set up Find My.

   6. Turn any of the following on or off:

      1. Find My Mac: Turning this option on allows you to locate your Mac if you misplace it, and protect the information on it.

      2. Offline Finding: Turning this option on allows you to locate your device (using Bluetooth) even when it isn’t connected to Wi-Fi or a mobile network.

      3. Note: When you turn off Offline Finding, your Mac can’t be found by you or anyone else.

Once enabled, you can locate lost devices and hopefully get them back into safe hands. It will even work if your Mac is asleep by using privacy-protecting anonymous data to crowd-source its location from other Apple devices.

6 - Secure Your Location Data

Talking of how your Mac uses your location, Apple gives you control over which apps can access this data and what they can do with it. After all, while it is reasonable for a weather app or Apple Maps to use your location, the same cannot always be said for something like a dictionary app.

To control what apps can access your Location Data…

1. Go to System Preferences and select Security & Privacy.

2. Click Location Services on the left, then click the padlock in the lower left and enter your password.

3. You can now browse the list on the right-hand side to see which apps have access to your location. To block an app, simply untick its checkbox.

You can also disable location services altogether at the top, although be aware that this will block FindMy from working.

7 - Be Careful Where You Download Apps From

Unlike on iOS, where Apple controls all downloads by forcing developers to use the iOS App Store when it comes to the macOS you can download and install apps from anywhere. You need to be wary. Whereas apps downloaded from the Mac App Store have undergone reviews by Apple to ensure their safety, the same cannot be said of all apps on the wider internet.

You can block the macOS from downloading and installing apps from outside the Mac App Store. To do this…

1. Go to System Preferences and select Security & Privacy.

2. Under the General tab, click the padlock and enter your password.

3. At the bottom of the window is a section titled Allow apps downloaded from. Make sure App Store is selected instead of App Store and identified developers.

However, as audio professionals, not all the software we use is available on the Mac App Store. We need to check the App Store and identified developers option. Then software that has been checked and approved by Apple can be installed. This is what “notarization” is all about. Where there is a change to any ‘executable’ code like installers, applications, plug-ins, drivers etc. Apple uses a service to scan ‘executables’ for malicious code. Apple issues notarization tickets to developers to ‘staple’ to their installers, and those installers will meet the ‘identified developers’ criteria and all will be OK. However, not all developer’s installers are fully compliant, which means you may get a warning.

With macOS Mojave, you may see an error message after installing software that requires a driver like an interface and then restarting the computer. If you do nothing at this stage then your new device is unlikely to work correctly. To fix this, as the error message suggests, click on the Open Security Preferences button which will take you directly to the Security and Privacy pane of the System Preference and click the 'Allow' button in the lower right corner.

After clicking the "Allow" button you will see a list of software/drivers that have been blocked. Tick the checkbox next to any of the appropriate items for the software and/or device you have just installed and then click OK and restart the computer.

Be aware that newly installed software and/or drivers will only appear in the list for 30 minutes after the driver/software in question has been installed.

If the Allow button doesn’t show or the driver you wish to load isn't showing up on the following screen, you will need to reinstall the software again and restart the computer. Once your computer has restarted go straight to System Preferences > Security and Privacy and the option to "Allow" the driver/software to load should appear.

With macOS Catalina, with the extra new security features, you may get an error message when trying to install software, that isn’t yet compliant with the Catalina security checks.

If you would like to open it anyway, you may think there is no way forward, but a simple right-click (or control+click) on the plug-in installer reveals a menu where the first option is ‘Open’.

This technique is the same as if you were trying to bypass the Gatekeeper check for an unsigned installer. The same check will be applied again, but this time you have the option to click ‘Open’ and proceed with the installation as usual.

Please note that Liquidsonics has up to date installers that are fully notarized. These images were used as an example before Liquidsonics completed their Notarization updates. However, you may find older installers from developers may not have been updated.

8 - Set Up Automatic Updates

Without enabling automatic updates, you not only find yourself not only out of date but without important security fixes too and leaving an application that has a security flaw is a clear threat to your privacy and security. To resolve this you can enable Automatic Updates…

1. Go to System Preferences and select Software Update.

2. Enable Automatically keep my Mac up to date.

3. Once you have done that, click the Advanced button for more options.

4. Make sure all the checkboxes are ticked to guarantee you will get essential security fixes for macOS as soon as they are released.

When it comes to your applications…

1. Open the App Store app on your Mac

2. Select Preference in the App Store menu.

3. At the top of the Preferences window, click the tick next to the Automatic Updates checkbox. This will ensure you never miss an important app update.

However, as audio professionals enabling Automatic Updates comes with some challenges. For example, when it comes to OS updates unless you are running Apple’s Logic Pro X, it is recommended that you do not enable Automatic Updates so that you can control when you update your macOS once it is approved for your DAW and the plugins you use.

To help with this we have a range of searchable databases for each of the major Apple macOS releases…

• macOS Catalina Compatibility - The Ultimate Pro Audio Guide

• macOS Mojave Compatibility - The Ultimate Pro Audio Guide

• MacOS 10.13 High Sierra Pro Audio Compatibility Guide

• MacOS Sierra Pro Audio Compatibility

In Conclusion

In the end, there are plenty of bad guys, motivated hackers who will take the challenge if it means the reward is the ability to steal money from people, or even to create havoc with no obvious financial gain and there’s no question that they will make every effort possible to penetrate your Mac especially since as it seems as Mac users we tend to be more complacent about security in general.

So the message is that we need to up our game when it comes to computer security and not just leave it to Apple, or worse still do nothing at all.

It is also critical that we do not disable security systems like some Avid Media Composer users did and then wonder why their Mac kept rebooting. On that occasion, it was a fault Chrome update but it could have easily been a shaker taking advantage of an insecure system.

To help with broader data security we also have other articles on data security and more details on the new security measures introduced into macOS Catalina.