Apple’s Mavericks update was the first free update to Mac OS X - itself a big step forward for security, as all Mac users can update to the latest version freely (providing their machine is up to the new software - which Apple allows you to check here).

But under the bonnet of Mavericks lurk an impressive number of additional security features - some of which are automatic, but some of which you have to hunt out and fine-tune for yourself

Mastering these can help ensure your new Mac has the defenses to rebuff rogue apps, store passwords safely, and - finally - deal with the scourge of unwanted ‘friends’ on iMessage.

Don't forget there's a free built-in password manager

Storing passwords in the cloud - anyone’s cloud - might not immediately seem like a safe idea, but Apple’s iCloud is protected with 256-bit AES encryption, and offers far more protection than other, risky practices such as storing passwords in some internet browsers. iCloud Keychain allows you to share your (encrypted) details across PCs, iPhones and iPads, generate strong passwords, and autofill credit card information. It’s all password protected, and encrypted, so even if you lose a machine, or a handset, the criminals will not be able to see your plain text password.

Java and Flash are kept at arms’ length

Java and Flash were made to feel a little unwelcome in Mavericks - and that’s good news for the security-conscious. Even users who had installed versions of Java and Flash on the Mac found that, during the update from Mountain Lion to Mavericks, the two programs (often the bane of security professionals’ lives due to the frequency they were targeted by attackers) were uninstalled by default. You can, of course, install both - but Mavericks is very insistent on users having the latest version (which makes them both slightly more secure), and the apps are ‘sandboxed’, so that it’s more difficult for bad actors to misuse the software to run executable files and damage your machine.

Installing apps? Choose the right option - safe-ish, safer, or REALLY safe

The most secure option for Mavericks users is to only accept apps downloaded from Apple’s Mac App Store - which is policed for malware and offensive content, in much the same way as App Store for iPhone is. Even approved appps CAN turn out to be malicious, but this is by far the safest option, and any rogue apps are swiftly removed by Apple when found.

For novice Mac users, this is a very safe option - although it can lock off some interesting software. It’s not enabled by default, but you can switch it on if you visit System Preferences, General, then change settings to “allow apps downloaded from Mac App Store”, you’ll only allow apps which have passed Apple’s approval process.

Weed out ‘bad’ apps with Gatekeeper

For a slightly more inclusive - but still safe - approach, you can also choose to allow only apps with a Developer ID (a policed list of known Apple developers which blocks known malware authors). Again, this is fairly safe. It can be overridden - by control-clicking the app and choosing to open it - but it’s a useful alert system.

“There are a bevy of new permission prompts in Mavericks,” says ESET’s Cameron Camp. “It wasn’t always the case before the upgrade. It’s more difficult to run executable stuff that’s not from the app store - there is a workaround, but it’s not obvious.”

It’s finally possible to cull your iMessage ‘friends’

Apple’s iMessage - which blends chat services and SMS - can be full of annoying ‘friends’ who know either your email or phone number, and never stop popping up. Now you can put a halt to this, with a ‘block’ systtem, where you have two options:

  • Opt to Block a single user (Messages > Preferences, and then click Accounts, and “Block Specific Users”. You can then add names to the list using the + button. You can also do this direct from your Buddies list by pressing the + button.
  • For a more fire-and-the-sword approach, you can do the same in reverse from the same menu, but instead whitelist people who WILL be able to talk to you. Everyone else will be locked out.