With OS X malware increasingly in the news (see the Flashback Trojan issue), is there anything that I should do to increase the security of my Mac and reduce my exposure to malware?
What I'm doing so far:
- keep up with OS X system patches
- installed an antivirus package and kept up with the associated updates
- separated my regular user login and the admin login
- keep third party software up to date (Firefox, Flash, etc.)
- research, scan, and limit the things I download
- use adblocking and JS block browser extensions
Is there more that I could reasonably do to improve my machine's security? Any tips/suggestions for software or security best practices would be appreciated.
Best Answer
Web browsing
The largest potential danger comes from the "Internet". My Mac is online most of its operating time and web browsers are among the most used applications on my Mac.
Therefore, the most important rules are:
Browser choice
The browser choices, configurations and extensions offers various options to configure your security and privacy.
I like to use Chrome because it's known for having
Safari's extension design is more restricted, causing the JavaScriptBlocker for Safari not to be as functional as similar extensions for Chrome or Firefox: e.g. Web Bugs are not blocked.
Chrome is considered quite safe. It did not get exploited at the Pwn2Own hacking contest three years in a row (2009-2011). 2012 is the first year a team presented the use of a zero-day-exploit in Chrome.
The German Federal Office for Information Security (BSI) (similar to the NIST in the U.S.) recommends the use of Chrome because of its sandboxing technology and auto-updates.
Java
Chrome has disabled Java by default and asks you every time when it's required to run. You can disable Java for Safari as well. You won't miss it most of the time:
/Applications/Utilities/Java Preferences.app
→ uncheck Enable applet plug-in and Web Start applicationsOther options
Open Safari downloads manually:
Flash and PDF viewer
Download Adobe flash only from the official website. However, you don't need to update it manually anymore. The latest Flash update for Mac adds auto-updates.
In Safari, you can use the ClickToFlash extension to manually allow flash to run in your browser.
You don't need to use Adobe's PDF viewer. Apples's preview works in Safari as well. You can remove the Adobe plug-in here:
/Library/Internet Plug-ins/AdobePDFViewer.plugin
Passwords
For creating passwords you can use the Password Assistant provided by OS X. Go to
/Applications/Utilites/Keychain Access.app
→ click the plus at the bottom left → click the key symbol.Adblock lists
The Adblock and Adblock Plus extensions offer lists to improve your privacy and security.
The lists are named: