New to Mac? Four security tips you need to know


Mac OS X is a slick, easy-to-use operating system with an impressive record on security – and basic malware detection built in since 2009’s Snow Leopard update.

While Macs have seen sales slowing in the past year, due largely to losing market share to their own stablemates, iPads, and other mobile devices, they’re a growing force in business, according to tracker-software company Jamf.

Yahoo’s Marissa Mayer offers employees free MacBooks (as well as iPhones), and her move is not unique.Jamf’s Chief Cultural Officer Jason Wudi says, “OS X growth has slowed overall, but in the enterprise, the OS X platform continues to gain – in excess of 20% year-on-year growth,” according to Business Insider.

Veteran security researcher and writer Graham Cluley says, “The truth is that there is nothing significantly safer about OS X that makes it somehow inherently more secure than modern versions of Windows.  Both can be configured securely to reduce the risks, but the squishy human sitting in front of the computer is what makes a difference.  If the user makes a mistake, then risks can be introduced on either platform.”

“The fundamental difference is that there are a LOT less malware threats and hacking attacks directed at Mac users than there are against Windows users.  Both can be attacked (and are), but normally it’s Windows users in the firing line. As I like to put it – I can get killed in Baghdad or Bournemouth.  Neither is 100% safe, but one is definitely less risky than the other. Both OSes require up-to-date anti-virus, security patches, best practices and a good healthy serving of common sense to keep them out of trouble.”

So while Mac OS X enjoys a deservedly good reputation for security, there are steps any user can take to protect themselves – against loss, password theft, and to protect your most important files.  Whether your shiny new Mac is for work – or for home – here’s how to get started.

Set your Mac to update software automatically

While Macs are targeted less often than PCs with malware attacks, it’s still important to use up-to-date software to ensure attackers don’t have any easy way in. “You should check for software updates ASAP to make sure you’ve got protection against as many known vulnerabilities as possible,” says ESET’s Myers, “And you’ll want to set up automatic updates, too. Just click the Apple logo, go into Systems Preferences, then select Software Update. You’ll find all the options in here.”

Make sure your data’s backed up

One good way to protect from any sort of disaster – malicious or accidental – is to do regular backups of your most important files. Apple’s own online storage service iCloud is great, allowing you to share photos, files and messages between multiple iOS devices and Macs – but you should ensure you’re using the best backup solution for your own particular needs. Don’t rely on storage services alone as a backup, warns ESET’s Lysa Mysers – there are better ways of doing that. “Some folks use Syncing as a sort of backup, but its main purpose is just to keep a copy in the Cloud of any files you might want to access from other computers or OSes. It’s essential to keep both a copy of your files, and a bootable backup both on a separate drive and in a separate location. That way you have a quick, easy way to get back up and running even if the damage is not just to your computer. ”

Don’t be tempted to use an easy password

When setting up Mac OS, the system prompts each user to create a password – but you CAN get away with a single tap on the space bar. Don’t do this, especially on any account with admin privileges – if your Mac is lost, it’s an instant ‘way in’ for thieves, and in the office, it’s an easy way for anyone to access your private information.

Consider using antivirus software on Mac

Mac OS X’s built-in malware protection is useful, but there ARE reasons to use AV software, ESET’s Stephen Cobb writes, “I still meet people who say, ‘Macs can’t catch viruses.’ Macs can, and do, get hit with other forms of malicious software. A slightly different phrase, “Macs can’t catch PC viruses” is most certainly true, but even that statement obscures the fact that Macs can spread PC viruses, a fact of considerable concern to the many organizations that use a mix of Macs and PCs (including those who run Windows on Macs). But what if you are an all Mac shop, do you still need to worry about Mac malware? You do, because there is malware out there written to target and infect Macs, and that’s what you will find documented in “Straight facts about Mac malware.”

ESET’s Lysa Myers says, “The idea that Macs don’t get malware has never really been true. Macro viruses hit Macs, and Macs have gotten worms which are generally considered a type of virus as well. A lot of the miscreants that create things for Windows are now putting effort into Macs, so the functionality is often almost identical.”


Author , We Live Security

  • Carole

    Works a little differently on Mavericks

    Think auto-updating is switched on by default, but if you want to verify it, here are the steps:
    1. Click on the apple in the top left-hand corner and select System Preferences from the drop-down menu.
    2. Select App Store, located in system preferences to see and change your auto-update features.

  • Gus K

    Did I misread, or were there only four tips there and not five?

    • It is four. It was re-edited after it first appeared.

  • An_Interested_Reader

    Kind of thin soup heavily focused on selling AV products. Not that that’s bad, but it is only one piece of the puzzle.

    I would add:
    1. Turn on Mac’s internal firewall as backup to your router’s firewall.
    2. Remember that apps added from outside the Mac App Store are not auto updated by Mac App Store; they have to be updated one by one (this is TeamViewer, Skype, Flashplayer,Afobe Reader, VLC Player, etc.)
    3. Set your mac to encrypt its hard drive (and be very careful not to lose the recovery key!!!)
    4. Set your mac to encrypt its backups (and don’t lose key).
    5. Use your iCloud Keychain. Update your passwords to be unique for each site you visit and to be long (Keychain will recommend a nice 15 character pw for you; write it down, click it so it goes into both boxes, save it, make sure your recovery email address is up to date, then log out and log back in using autofill to verify it was stored – if not use pw you wrote down to login and then the pw should be auto saved by the Keychain.)

    • I don’t disagree with your suggestions, but considering that three of the four main points are not about AV, ‘heavily focused’ seems a little harsh.

Follow us

Copyright © 2017 ESET, All Rights Reserved.