A Guide to Information Security and Privacy on macOS

For macOS Sequoia

Intro

If you own a computer or mobile device, you probably know that while it can do some amazing things, the fact that it is used to store and handle some of your most personal and sensitive data makes securing it essential. In this guide, I will give an overview of some of the security, privacy, and anti-malware features included in macOS, in order to give you a clearer understanding of what you should and shouldn’t use in your situation. Keep in mind that this guide is not intended as a technical deep dive, nor is it intended to advise on a specific security threat that you may encounter. Rather, it is intended as a simple explainer of numerous features built into macOS that aim to keep your Mac, data, and online accounts reasonably private and secure.

A note about security

While the features and tips I describe in this guide are quite useful for protecting your Mac, data, and online accounts, it is important to note that none of these features are a replacement for good user judgement. In fact, it is often said that the weakest point in the security strategy for any computer, mobile device, or network is the user, as even when established best practices are followed, users may still fall victim to social engineering schemes that exploit their sense of fear, empathy, or compassion.

For this reason, it is important to be aware of some of the most common tactics of such schemes, in order to identify them before they can compromise your Mac or online accounts. Therefore, later in this guide, I will provide a list of tips to help thwart such attempts.

Software update

As malicious individuals and groups, referred to as threat actors, are constantly looking for workarounds to security features in macOS and third-party apps, updates are frequently released to address such vulnerabilities before they are exploited on a large scale. For you, a user, the best defense against such software vulnerabilities is making sure macOS and your installed apps are kept up to date.

To ensure you never miss a macOS security update, you should make sure your Mac is configured to install them automatically. To do this, choose Apple > System Settings, select General in the table, click Software Update, and then click the “Show detail” button to the right of “automatic updates.” In this dialog, you should, at a minimum, make sure the “Check for updates,” “download new updates when available,” and “install security responses and system files” switches are toggled on. While opting to automatically install more types of updates provides a higher likelihood that you will have the latest patches applied in a timely fashion, the decision of whether or not to install more significant updates to macOS and App Store apps automatically should be considered in the context of your overall use case, specifically your ability and willingness to tolerate new bugs.

If you opt to hold off on a feature upgrade to macOS due to bugs or other considerations, you should be able to still install security updates for the older version. Typically, Apple will release security updates for the latest version of macOS, as well as the two prior versions. As updates to older versions of macOS generally only contain security fixes, the risk of introducing new bugs with these types of updates is relatively low.

Security

The following section discusses features intended to protect your Mac, online accounts, and associated data from unauthorized access. As your Mac is part of an ecosystem, features for securing online accounts and devices it may interact with will also be referenced.

Administrator password

Your administrator password is the password you created when you set up your Mac or created your user account. As it is the password used to log into your Mac, it should be difficult for others to guess, but easy enough for you to remember.

In addition to being used for login, this password is also known as your administrator or “Admin” password. An administrator is a type of user account on macOS that has unlimited access to the system and all files on it. Administrators can install apps and updates, change all settings, and create, modify, and delete other user accounts and their files. When you first set up your Mac, the account that was created was an administrator, as macOS needs at least one administrator account to function.

To complete tasks that require administrator privileges, like changing certain settings, installing some apps or updates, or modifying certain files, you must enter your administrator password. If you’re logged into an account that is not an administrator, you must enter the name and password of an administrator in order to complete such tasks. Whether or not you’re logged in as an administrator, you should pay attention whenever you’re prompted to authenticate. In particular, if the prompt is unexpected, you may want to perform additional research to determine why such access is necessary.

The password for the currently logged in account can be changed in System Settings > Touch ID & Password, and administrators can change the passwords of other accounts by going to System Settings > Users & Groups, clicking the “Show detail” button to the right of the account, and clicking the “password reset” button. To grant or revoke administrator privileges for an account, open System Settings > Users & Groups, click the “Show detail” button to the right of the account, and toggle the “Allow this user to administer this computer” switch on or off. Without administrator privileges, that user must provide your, or another administrator’s, username and password to complete tasks that require such access.

Touch ID

Instead of manually entering your password, you can use Touch ID, a fingerprint recognition technology included with Mac laptops, as well as Mac desktops with the Apple Magic Keyboard, to authenticate. With some notable exceptions, like logging in after the Mac turns on or restarts, you can often use Touch ID instead of entering a password in many instances where authentication is required, such as unlocking your screen, changing some settings, and making payments with Apple Pay. When you first set up your Mac, you were probably asked to enroll your fingerprint, and you can enroll more fingerprints or remove existing ones in System Settings > Touch ID & Password.

While Touch ID is a biometric authentication feature, in that it uses your fingerprint to verify your identity, it does not replace the need for a strong password, as there’s nothing that Touch ID can access on macOS that a password can’t. For this reason, it’s best to view Touch ID on Macs as mainly an authentication method of convenience, rather than a security feature in its own right.

Autolock

To keep your Mac secure when you’re not using it, macOS can lock the screen after a set period of inactivity. By default, macOS will lock the screen when sleep or screensaver begins, requiring either your password, Touch ID, or a paired Apple Watch to unlock it. These settings can be changed if you wish in System Settings > Lock screen. To lock the screen immediately from anywhere in macOS, choose Apple > Lock screen (or press Command-Control-Q).

Encryption

Encryption is the ciphering of data into a form that is unreadable to anyone without the key. macOS includes several features for encrypting data, both on your Mac’s internal storage medium, as well as external disks and iCloud. Third-party cloud services may have their own encryption options.

FileVault

FileVault encrypts the contents of your Mac’s internal storage using a key mapped to your administrator password. This may be useful in preventing someone who has gained physical access to your Mac, or removed its internal storage device, from mounting it on another device in order to access data, as the data would remain inaccessible without the password or recovery key.

When you first set up your Mac, you were probably asked if you wanted to turn FileVault on, with the checkbox to do so being checked by default. If you unchecked this box but now want to turn it on, you can do so in System Settings > Privacy & Security > FileVault.

When turning FileVault on, you will be asked if you want to allow your Apple Account to decrypt your data. This way, if you forget your login password, your Apple Account and password can be used to reset it and regain access to your Mac and the data on it. Alternatively, you can opt to manually store the recovery key so even if your Apple Account became compromised, it could not be used to decrypt the data on your Mac. If you choose to do this, however, it is critical that you retain the key that macOS generates, as if you forget your administrator password, this key is the only way you can reset it and recover the data on your Mac.

Encrypting a Time Machine backup

Similar to FileVault, if you use Time Machine to back up your Mac, the switch to encrypt the backup should be on by default. If you toggled this switch off at the time of setup but now want to encrypt your backup, you must delete and re-add the disk to Time Machine.

Important: If you back up to a disk connected directly to your Mac, your existing backups are retained throughout the encryption process. However, if you back up to a network attached storage (NAS) device, your existing backups will be deleted when encrypting the device.

To encrypt a previously unencrypted Time Machine backup:

1. Open System Settings > General > Time Machine.
2. Select your backup disk in the list, click Remove, and click Forget destination in the confirmation dialog.
3. Click Add, select your disk in the list, and click Set up disk.
4. In the resulting dialog, make sure the “Encrypt backup” switch is toggled on, enter a password for the disk in the provided fields, and click Done. As this password is the only way to access the disk's contents, it should be reasonably difficult for others to guess, but easy enough for you to remember.

The next time you connect the disk to your Mac, you'll be prompted for this password, and given the option to remember it in your Mac's Login keychain. This way, you won't need to enter the password when connecting the disk to your Mac, but others will if connecting the disk to theirs. Saved passwords in your Mac's Login keychain can be viewed and edited in Keychain Access (located in the Utilities folder).

Encrypting other external disks

Note: For an audio demonstration of this feature, check out the AppleVis Podcast episode “How to Encrypt an External Disk on macOS.

To encrypt another external disk not used for Time Machine, if it is formatted as Apple File System, (APFS) connect it to your Mac, focus on it on the Desktop, and choose “Encrypt [disk name]” from the context menu (accessed by pressing VO-Shift-M). You'll then be prompted to create a password for the disk, which will be required to access its contents. As this password is the only way to access the disk's contents, it should be reasonably difficult for others to guess, but easy enough for you to remember. Like encrypted Time Machine backups, you’ll be given the option of remembering this password in your Mac’s Login keychain the next time you connect the disk to your Mac.

For disks that use other filesystems, like Mac OS Extended or XFAT, you must erase and reformat the disk as APFS. Note that this process will erase all data on the disk, so be sure to move anything you want to keep to another location before doing so. To erase and reformat a disk:

1. Open Disk Utility (located in the Utilities folder) and choose View > Show all devices (or press Command-2).
2. Select the top level of the external disk in the table and choose Edit > Erase (or press Command-Shift-E). If you’re unsure of what disk is what, you may wish to disconnect other external disks to avoid inadvertently erasing the wrong one.
3. In the resulting dialog, give the disk a name and choose “APFS (Encrypted),” from the format popup menu.
4. Enter the password you want to encrypt the disk with, click Choose, and then click Erase to begin the process.

Note: APFS-formatted Disks are not natively compatible with non-Apple platforms like Windows or Linux. To use an APFS-formatted disk with a non-Apple platform, use something like APFS for Windows, or APFS for Linux.

Advanced Data Protection for iCloud

By default, some types of iCloud data, like backups, photos, and iCloud Drive files, are secured using an encryption key stored on Apple’s servers, so if you ever lost access to your account, Apple could assist you in recovering the data, provided you are able to prove your identity and ownership of the account. Other types of data, like saved login credentials and health information, are encrypted end-to-end, meaning no one, not even Apple, can access it, as the encryption key is only stored on devices signed into your Apple Account.

For added security, you can enable Advanced Data Protection in System Settings (Settings on iOS and iPadOS) > [your name] > iCloud > Advanced Data Protection, which encrypts all iCloud data except for mail, contacts, and calendar end-to-end. This way, even if someone gained unauthorized access to Apple’s servers, they would not possess your encryption key, and thus the end-to-end encrypted data would be indecipherable to them. For this reason, enabling Advanced Data Protection requires you to set up an account recovery method, either designating a trusted contact who can assist you in recovering your account, or generating a recovery key that can be used to decrypt your data if you ever forget your Apple Account password, macOS login password, and iOS or iPadOS passcode if you have an iPhone or iPad. For more information on Advanced Data Protection, check out the Apple Support article “How to turn on Advanced Data Protection for iCloud.”

Apple Passwords

Apple Passwords is the password manager built into macOS and other Apple platforms. It can save, sync and autofill your existing login credentials on your Mac and other devices signed into your Apple Account, as well as create strong, randomly generated passwords for improved security of your online accounts. This is important as many of the things that make passwords easy for humans to remember, like dictionary words, significant names and dates in their lives, sports teams, and other common traits, are exactly what makes them easy for password cracking bots to guess. Therefore, passwords should ideally comprise a random string of letters, numbers, and symbols, things that many humans aren’t particularly good at creating and remembering, but what password managers like Apple Passwords excel at.

In addition to usernames and passwords, it is generally advised to use a second factor of authentication, most commonly a code sent via SMS text message that you must enter in order to access the account. However, while SMS-based two-factor authentication is common, it is not ideal, as threat actors have been known to deceive employees of wireless carriers into giving them access to users’ phone numbers, allowing them to receive two-factor authentication codes or initiate password resets for services that allow users to use SMS to verify their identity. As a more secure alternative, supported apps and websites allow password managers like Apple Passwords to generate rotating one-time codes that can be used in addition to a password to access accounts.

For more information, check out this guide to using Apple Passwords on macOS.

Secure notes

If you have particularly sensitive data in the Notes app, you can lock such notes with Touch ID and your login password, or alternatively, with a separate password. This way, even if someone gained unauthorized access to your Mac with your login password, they would not be able to access notes locked with a different password.

To lock a note, open the Notes app, interact with the table and focus on the note you want to lock, and choose “Lock note” from the context menu (accessed by pressing VO-Shift-M). The resulting dialog will then allow you to choose how you want to lock the note. To view a locked note, focus on it in the table and authenticate with your chosen method when prompted.

Accessory security

Note: This feature is only available on Macs with Apple Silicon.

You may have noticed, when connecting new accessories to your Mac, that macOS will ask you to allow them to connect. While there’s generally no harm in allowing accessories in your control to connect, it is theoretically possible for someone to connect an unfamiliar accessory to your Mac to infect it with malware or exfiltrate data. For this reason, if your Mac is locked, macOS will by default not allow accessories to connect if they haven’t been previously allowed.

For your own security, you should not connect accessories to your Mac if you do not know what they are or who they belong to. These settings can be changed if you wish to either ask every time an accessory is connected (regardless of whether or not it was previously allowed) always allow accessories to connect if the Mac is unlocked, or always allow accessories to connect regardless of whether or not the Mac is locked in System Settings > Privacy & Security.

Privacy

The following section discusses features intended to help you control who has access to the data stored on your Mac, and how that data may be used. However, it’s important to note the limits of these features, as when you provide data to third-party services, their respective privacy policies will govern how that data is stored, secured and utilized.

System features

Transparency, Consent, and Control

Transparency, Consent, and Control (TCC) is the framework in Apple operating systems that governs access to sensitive types of data, such as your location, contacts, calendar, and files, as well as system assets like your camera and microphone. When an app or website attempts to access such data or assets, a dialog should appear with options to allow or deny the request. If what is being requested sounds reasonable for the app or website to function, like camera and microphone access for a conferencing app, or location access for an app or website giving directions, it should be okay to grant the request provided you feel comfortable with how that service will use such information. However, if you get a request that doesn’t sound like it would be necessary for an app or website to function, you may want to perform additional research to determine why such information is being requested.

You can view what apps and websites have access to what types of information, and change these permissions if you wish, in System Settings > Privacy & Security. To reset all permissions to their defaults, where apps and websites will need to request access the next time they attempt to access sensitive data and assets, open Terminal, (located in the Utilities folder) type or paste “tccutil reset All” without the quotes, and press Return.

Private Wi-Fi addresses

In an effort to make it more difficult for network administrators and other observers to identify and attribute activity to you and your Mac over time or across different Wi-Fi networks, your Mac can spoof its media access control (MAC) address, a hardware identifier unique to each individual network-capable device.

When connecting to a password-protected Wi-Fi network that uses WPA2 or stronger security, like the sort commonly found in homes and offices, your Mac will use a random address that remains the same for as long as you’re connected to that network, a “Fixed” address. As this address is only used to identify your Mac to that particular network, it cannot be used to identify or track your Mac across other networks; however, your Mac can still be identified by that network’s administrator, as the address does not rotate.

When connecting to a network with weak or no security, like the sort found in public places like airports, hotels, and coffee shops, your Mac will use a random address that periodically changes as you use that network, a “Rotating” address. This makes it more difficult for administrators and observers of these types of networks to identify and attribute activity to your Mac as you use the network.

This behavior can be changed on a per network basis so that your Mac uses either a fixed or rotating address when connecting to that network, regardless of its security, or turned off so that it uses its (not spoofed) hardware address, by going to System Settings > Wi-Fi > Details, and choosing an option from the “Private Wi-Fi address” popup menu. More information about this feature can be found in the Apple Support article “Use private Wi-Fi addresses on Apple devices.

Spotlight

If you’ve used macOS for any period of time, you’re probably familiar with Spotlight and its ability to quickly find files and other information. However, if there are files on your Mac that are particularly sensitive that you don’t want to ever show up in Spotlight search results, you can specify certain folders to be excluded from Spotlight indexing in System Settings > Spotlight > Search privacy. In addition, broad categories of data, like certain file types or previously visited websites, can be excluded from Spotlight indexing by deselecting them in the main Spotlight settings window.

Screen Curtain

Screen Curtain is a VoiceOver feature that turns your Mac’s screen black, preventing someone from peering over your shoulder and seeing your activity without your knowledge. This may be useful if you use your Mac in public, or when you want to make sure particularly sensitive information isn’t displayed visually if it doesn’t need to be.

Screen Curtain can be toggled on and off from anywhere in macOS by pressing VO-Shift-F11. However, remember that anyone can walk up to your Mac and toggle Screen Curtain off, so use it to supplement, rather than substitute, other security and privacy best practices.

Web browsing privacy

Private browsing

Private browsing, sometimes referred to as incognito browsing, is a feature in Safari and other browsers that prevents your web activity from being recorded by the browser. To open a private browsing window in Safari, choose File > New private window (or press Command-Shift-N). Any websites visited in this window will not be shown in Safari’s browsing history, and any cookies and other data deposited by websites will be cleared when the window is closed. In addition, if you have Safari private windows in the background while you’re working in another app, Touch ID or your password will be required to unlock them and view their contents when returning to Safari.

While private browsing offers some local privacy on your Mac in the form of not recording your activity, it does not prevent tools at the network level from monitoring your Mac’s web traffic. For example, if you’re connected to a school or office network that logs, monitors or filters web traffic, private browsing will not stop those tools from working. Therefore, it’s best to think of private browsing as a way to hide your activity from other local users of your Mac, but not to prevent network-level logging, monitoring or filtering of traffic. If you are concerned about your network administrator or ISP monitoring or intercepting sensitive web traffic, you may want to use something like iCloud Private Relay, discussed later, or Tor, an anonymizing network that is beyond the scope of this guide.

Intelligent tracking prevention

Intelligent tracking prevention refers to Safari’s ability to limit what websites can gather about the identity of your Mac, as well as any information that could give websites and advertisers an idea of your wider browsing habits across other sites. This feature should be on by default, and you can make sure by choosing Safari > Settings (or pressing Command-Comma) clicking the Privacy button in the toolbar, and making sure the “Prevent cross-site tracking” checkbox is selected.

When in a private browsing window, Safari by default strips information from website URLs that could be used to track you. To apply this more stringent tracking prevention outside of private browsing, choose Safari > Settings (or press Command-Comma) click the Advanced button in the toolbar, and choose “In all browsing” from the popup menu immediately to the right of the “use advanced tracking and fingerprinting protection” checkbox. Note that this more stringent tracking prevention may cause some websites to not behave as expected. In such situations, you can temporarily reduce these protections for a website by choosing View > Reload reducing privacy protections.

iCloud Private Relay

Note: This feature requires a paid iCloud storage plan.

iCloud Private Relay helps protect your web browsing privacy by sending your requests through several internet relays, masking your true identity.

Normally, when you access a website, your request is sent in plain text to a domain name system (DNS) server, where a domain name like AppleVis.com is converted to a numerical IP address. With iCloud private relay enabled, however, your request is first sent to Apple, who can see your IP address but not your destination. Then, after assigning your request a new IP address, it is sent to a third-party content provider who can see your destination but not your original IP address, which is then sent to your destination; the idea being that no one entity involved in processing your request, from your ISP to Apple to the third-party content provider to your destination website, has a complete picture of who you are and what you’re up to.

While iCloud private relay can help mask your identity when browsing the web, which may sound similar to a common selling point for virtual private network (VPN) services, it is not a VPN service. Crucially, it only works in Safari, not other browsers or apps, and while it can optionally obscure your precise location from the sites you visit, it does not allow you to spoof your country, like many VPN services do. Also, as it is currently in beta, reliability and performance on certain networks and websites may vary, particularly on school or office networks that restrict communication with remote proxy servers. To disable iCloud Private Relay for a particular network, when connected to that network, go to System Settings > Wi-Fi > Details, and toggle the “limit IP address tracking” switch off.

Email privacy

Hide My Email

Note: This feature requires a paid iCloud storage plan.

Hide My Email allows you to generate random email addresses that forward to your real email address. This can be useful if you, for example, sign up for a service that requires an email address, but don’t want to give it your real one.

Random email addresses can be generated and managed in Mail when composing an email, as well as iCloud Settings on any device signed into your Apple Account. Similar to Sign in with Apple, email addresses can be deleted at any time, preventing an individual or service that’s abusing it from communicating with you.

Mail privacy protection

Mail privacy protection refers to Mail’s ability to load all emails and their remote content in the background, which makes it more difficult for senders to know if you opened their emails and how you engaged with them, such as forwarding or clicking links. This may be useful in preventing marketers from seeing which of there emails you opened versus which of them you didn’t, denying them information that could be used to profile you for more precisely targeted advertising in the future.

This setting is on by default, and you can make sure by choosing Mail > Settings (or pressing Command-Comma) clicking the Privacy button in the toolbar, and making sure the “Protect Mail activity” checkbox is selected.

Anti-malware

The following section discusses features intended to protect your Mac from malicious software or “Malware.”

Gatekeeper

Gatekeeper is a feature that by default requires apps to be either from the App Store or from a developer verified by Apple as legitimate and trustworthy in order to run on your Mac.

As apps from the App Store are reviewed and approved by Apple, it is unlikely that you will contract malware from this source. Similarly, developers that do not distribute their apps in the App Store can apply for a certificate from Apple that attests to their authenticity and that apps distributed by them are not malicious.

While Gatekeeper can be effective in blocking apps from running if they lack a verified developer certificate, it is considered best user practice to download non-App Store apps directly from the developer’s website. For example, Google Chrome should be downloaded directly from chrome.google.com, and Zoom should be downloaded directly from zoom.us, rather than a third-party software repository. This is because sometimes, websites hosting what are purported to be legitimate apps may actually be attempting to trick users into downloading and installing malware. If after downloading an app, you get a message saying it is from an unidentified developer, you may wish to perform further research to ensure the app was downloaded directly from a website controlled by that apps developer, as well as the developer’s reputation as reported on by other users.

If you’re confident that an app you downloaded from an unidentified developer is safe, you can open it by going to System Settings > Privacy & Security, and clicking the “Open anyway” button to the right of the app’s name, located under the “security” heading. Subsequent attempts to open the app should not result in further warnings.

If you wish, you can configure Gatekeeper to only allow apps downloaded from the App Store in System Settings > Privacy & Security.

XProtect

While Gatekeeper is intended to block code that could be malicious, XProtect is a feature that attempts to block the installation of known malware, and if known malware is detected on your Mac following a definition update, offers to remove it. This feature works largely in the background as long as the “Install security responses and system files” switch in Software update settings is toggled on.

Startup Security

Startup Security is a firmware level feature of modern Macs that by default prevents operating systems that lack a signed certificate from Apple attesting to their authenticity from starting. This is intended to block potentially tampered with copies of macOS or other operating systems, as these types of copies may include malware at the core of the operating system that overrides security features or exfiltrates user data.

If you, however, experiment with a variety of operating systems that are not well known or signed by Apple, or if you need to start a Mac with a T2 Security Chip from external media, you can reduce the security level to better accommodate your needs. To do this:

1. Start up in macOS Recovery:
   • On a Mac with Apple Silicon, start up the Mac while holding down the Power button, interact with the “Options” group in the grid that appears, and click Continue.
   • On an Intel-based Mac, restart it while holding down Command-R; note that you’ll need either a built in or USB keyboard for this to work.
2. Select your user account in the grid, click next, and enter your password.
3. Choose Utilities > Startup Security Utility, select your startup disk (usually called Macintosh HD) and click Security policy. If the disk is encrypted with FileVault, you’ll need to click the Unlock button and enter your password before the Security policy button will become visible.
4. In the resulting dialog, choose the options that best suit your needs, click OK, and enter your password if prompted.
5. Restart your Mac for the changes to take effect.

Note: Some features, like Apple Pay, may not work when Startup Security is reduced. Also, when you no longer need reduced security, you may wish to reenable full security using the steps described above to restore full functionality and protect your Mac from potentially malicious operating systems. For more information about Startup Security, check out one of the following Apple Support articles:

• Change security settings on the startup disk of a Mac with Apple silicon
• About Startup Security Utility on a Mac with the Apple T2 Security Chip

Lockdown Mode

Lockdown Mode is a setting that restricts some features of macOS in an effort to reduce the available surface for a highly sophisticated attack. These types of attacks are the sort typically conducted by state-sponsored threat actors against specific high value targets, such as activists, journalists, business leaders, and government officials. If you are not in one of those high risk groups, you are unlikely to be targeted by such an attack, and thus the security benefits of Lockdown mode would likely not outweigh the relatively significant inconveniences it would introduce to your use case.

Lockdown Mode can be turned on or off in System Settings > Privacy & Security > Lockdown Mode. For more information, including a list of features affected by this setting, check out the Apple Support article “About Lockdown Mode.

Third-party anti-malware apps

In addition to the built in anti-malware features of macOS, you can also use a third-party anti-malware app to block the installation of malware, scan your Mac for known and suspected malware, and remove such an infection if necessary. However, while a third-party anti-malware app may provide an extra set of eyes, if you will, or could possibly give more insight into a specific threat, it is not the panacea for all security needs, and is certainly not a substitute for good user practices. While this field is constantly evolving, and thus it is difficult to make a general recommendation as to one product over another, one that I have had good experiences with in the past is Malwarebytes

While I don’t consider third-party anti-malware apps essential for most Mac users, they may be useful if you do a lot of peer-to-peer file sharing, as they can detect Windows malware that, while harmless to your Mac, could be inadvertently shared with susceptible Windows computers on the network.

Some stray security tips

While the features described in this guide are invaluable in protecting your Mac and the data on it from unauthorized access and malware, many threat actors rely on social engineering to convince you, the user, into disclosing credentials, disabling features, or installing malware. The following tips may help you more proactively recognize and respond to such attempts:

• Be wary of emails and texts that vaguely claim a problem must be fixed, or a discount or prize can be claimed, by clicking a link, signing into an account, or contacting a provided email address or phone number. Avoid opening any links or attachments from such messages, and when in doubt, contact the service or device manufacturer mentioned in the message directly to confirm the absence of a problem or promotion.
• Many companies have documentation that describes what to look for in a legitimate message from them. If one or more of these characteristics are absent, the message may not be legitimate.
• If you’re unsure of the authenticity of a particular email, you may want to check that it comes from an email address associated with the company or organization it claims to be from. To do this in Mail, interact with the message header text and click the sender’s name. If the email address displayed in the resulting menu is something different than the text that appears in the header, like, for example, an email purporting to be from Apple that originated from a Gmail address, it is very likely not legitimate.
• If you get a prompt while browsing the web saying you need to install or update an app, you generally should not click any links or download anything displayed in the message. Instead, you should check for updates in the App Store, directly in the app, or on the developer’s website if the app doesn’t offer this functionality natively, to make sure an update has in fact been released.
• Do not download software displayed in a web ad that purports to speed up your Mac or clear an infection. This is a very common method used to infect a Mac with Malware or potentially unwanted apps.
• If after visiting a website in Safari, you are immediately asked if you want to allow downloads from that site, you should click Cancel and avoid that website. It may be malware that is downloaded whenever someone visits that website, referred to as a “Drive-by download.”
• avoid websites or file sharing services that offer pirated software, as the integrity of the code cannot be verified and is easily tampered with. As a result, such repositories are a common source of malware.
• The first time you open an app, you may get a warning that it is in fact an app downloaded from the Internet. While this may sound obvious, only open it if you intended to download an app. If you thought you downloaded something else, like a document or movie, do not open the file. It is likely a trojan, a type of malware that poses as a harmless file in order to trick users into opening and allowing it to execute code on their Mac.
• Many potentially unwanted apps gain access to your web browser by installing extensions. This is currently not believed to be an issue in Safari, as Apple has illuminated support for extensions distributed outside of the App Store, but third-party browsers like Google Chrome and Mozilla Firefox can be affected. Therefore, if you find that you are getting an abnormally high number of ads, or you’re searches do not go to your chosen search engine, you may want to check what extensions you have installed, and uninstall anything you no-longer need or don’t recognize. Check your browser’s documentation for specific instructions on extension management.
• Be wary of installing configuration profiles. As the ability to create and deploy profiles was developed primarily for enterprise use, they are capable of accessing your Mac on a deep level, changing your security and privacy settings, tracking your usage, and changing your default search engine to redirect web searches. To remove a profile you’re not comfortable with, open System Settings > General > Device management, select the profile in the list, and click remove selected profile.

Conclusion

While this may at first sound like a lot of information, these features, in practice, largely work with little or no user configuration. However, with this knowledge, you now hopefully have an idea of what is involved in keeping your Mac and the data on it private and secure, as well as how to avoid falling for the most common types of social engineering schemes. More information is available in your Mac’s built in help, Apple’s platform security overview page, and the AppleVis forum, and if you have any questions or believe any of the information in this guide is inaccurate, sound off in the comments.