MacOS – How to limit the Mac’s exposure to malware

macosmalwareSecurity

With OS X malware increasingly in the news (see the Flashback Trojan issue), is there anything that I should do to increase the security of my Mac and reduce my exposure to malware?

What I'm doing so far:

  • keep up with OS X system patches
  • installed an antivirus package and kept up with the associated updates
  • separated my regular user login and the admin login
  • keep third party software up to date (Firefox, Flash, etc.)
  • research, scan, and limit the things I download
  • use adblocking and JS block browser extensions

Is there more that I could reasonably do to improve my machine's security? Any tips/suggestions for software or security best practices would be appreciated.

Best Answer

Web browsing

The largest potential danger comes from the "Internet". My Mac is online most of its operating time and web browsers are among the most used applications on my Mac.

Therefore, the most important rules are:

  • surf the web carefully
  • don't just download any software you find

Browser choice

The browser choices, configurations and extensions offers various options to configure your security and privacy.

I like to use Chrome because it's known for having

  • strict sandboxing
  • updates itself, its extensions and flash plug-in automatically
  • open extension design

Safari's extension design is more restricted, causing the JavaScriptBlocker for Safari not to be as functional as similar extensions for Chrome or Firefox: e.g. Web Bugs are not blocked.

Chrome is considered quite safe. It did not get exploited at the Pwn2Own hacking contest three years in a row (2009-2011). 2012 is the first year a team presented the use of a zero-day-exploit in Chrome.

The German Federal Office for Information Security (BSI) (similar to the NIST in the U.S.) recommends the use of Chrome because of its sandboxing technology and auto-updates.

Java

Chrome has disabled Java by default and asks you every time when it's required to run. You can disable Java for Safari as well. You won't miss it most of the time:

  • Safari Preferences → Security → uncheck Enable Java
  • Open /Applications/Utilities/Java Preferences.appuncheck Enable applet plug-in and Web Start applications

Other options

  • System Preferences → General → check Automatically update safe downloads list

Open Safari downloads manually:

  • Safari Preferences → General → uncheck Open "safe" files after downloading

Flash and PDF viewer

Download Adobe flash only from the official website. However, you don't need to update it manually anymore. The latest Flash update for Mac adds auto-updates.

In Safari, you can use the ClickToFlash extension to manually allow flash to run in your browser.

You don't need to use Adobe's PDF viewer. Apples's preview works in Safari as well. You can remove the Adobe plug-in here:

  • /Library/Internet Plug-ins/AdobePDFViewer.plugin

Passwords

For creating passwords you can use the Password Assistant provided by OS X. Go to /Applications/Utilites/Keychain Access.app → click the plus at the bottom left → click the key symbol.

enter image description here

Adblock lists

The Adblock and Adblock Plus extensions offer lists to improve your privacy and security.

The lists are named:

  • EasyPrivacy: privacy protection
  • Malware Domains: malware protection
  • Antisocial: blocks social integration.
Related Question