Switch to Mac: Security basics

When it comes to your security, the latest versions of Windows and OS X are comparable, but you still have a few key differences and settings to become familiar with.

First, to put your mind at ease: OS X 10.8 is very secure overall. It includes many of the same inherent protections as Windows 8 does, despite being attacked far less frequently. Antiexploitation technologies, firewalls, sandboxing, and other tools are built in, with mostly sensible default settings. Some tools, such as encryption, are easier to run. Apple also includes interesting security features that take advantage of the Mac App Store to further reduce your security risk, depending on how you like to buy your software.

Your biggest switching decision is whether to use antivirus software. Unlike with Windows, antivirus software isn't a necessity on a Mac, but it may be useful depending on your habits.

Without further ado, here's a basic guide to your Mac's built-in security features.

Same basic settings, different locations

The core principles for safe Internet computing remain the same, whether you use a PC or a Mac. Keep your system up-to-date, be careful what you click on, and be careful about what software you install. While you have many ways to fiddle with the security preferences on your Mac, we're going to focus on the most important ones and highlight key differences from Windows.

System Preferences: You manage most security settings through the System Preferences application, located in the Applications folder. (You can also find a shortcut to System Preferences in the Apple menu and, by default, in the Dock.) A quick note: To change security settings, you may need to first click the lock icon in the lower-left corner of the window and enter your password.

Keep current: To stay safe and avoid nasty security problems, we recommend keeping your application software and system software up-to-date. You can choose whether the computer should automatically check for and download such updates in the background by going to System Preferences > Software Update.

All your system software updates come through the Mac App Store. Your Mac prompts you with a system notification when new updates are ready; clicking the notification launches the Mac App Store. You can also see what updates are available at any time by going to the Apple menu and choosing Software Update.

The Mac App Store also offers updates for any Mac apps you may have bought through the store. For third-party apps purchased outside the store, you might have to go to the company's website to grab updates--many apps, however, will prompt you about available updates when you launch them.

Manage your user accounts: Managing user accounts is similar in the Mac OS and Windows; OS X just has a slightly different organization strategy. Some settings are in the Users & Groups system preference pane, while others are in Security & Privacy.

By default, your Mac includes a default guest account; it allows friends and guests to work on your Mac in an empty user account. When your friend is finished and logs out, the account is wiped. You can manage this feature in Users & Groups; to control when passwords are required, however, you have to go to Security & Privacy > General.

You can also enter the Parental Controls preference pane to add specific restrictions to the Guest User account or any other account on your machine.

Add firewall protection: Your Mac's built-in firewall isn't quite as robust as the Windows one, as it won't automatically adjust itself based on the network you are on. This limitation is okay, though, since network attacks aren't nearly as common as they used to be.

Go to System Preferences > Security & Privacy > Firewall to turn on the firewall; it works similarly to the Windows Firewall by default, blocking incoming connections on a per-application basis. If you want, you can also block all connections under 'Firewall Options'.

Unlike Windows, your Mac doesn't include an outbound firewall, but you can always add one if you wish by installing a third-party program such as Objective Development's Little Snitch.

Built-in antivirus support: Your Mac includes a (very) basic antivirus feature (called XProtect or File Quarantine) that operates in the background to keep you from running into trouble while you're browsing the Web. It's similar to--though not as powerful as--Microsoft's Security Essentials.

Safari, Apple's built-in Web browser, doesn't have all the same protections found in the latest version of Internet Explorer, but it still offers several great security options, such as the ability to allow Java--an oft-hacked technology available as a plug-in--only on specific sites. By default, Java isn't even installed on your Mac, so you can eschew using the plug-in altogether if you prefer.

OS X's built-in security

OS X includes two powerful security features that aren't available on consumer versions of Windows.

Full hard-drive encryption: Encrypt your entire hard drive (and external hard drives) with FileVault. You can find it by going to System Preferences > Security & Privacy > FileVault. It's similar to Microsoft's BitLocker--but that utility is available only in the Windows Enterprise and Ultimate editions, whereas FileVault is available for all OS X users.

FileVault is reliable, and generally it doesn't affect system performance. It's ideal for laptops, and it even includes a recovery option that you can use in case you forget your password.

Meet your Gatekeeper: The Gatekeeper feature (go to System Preferences > Security & Privacy > General and look under'Allow applications downloaded from') restricts what kind of software you can install on your Mac. By default, you can download and launch software only from the Mac App Store (all of which Apple has prescreened and approved) and from websites of registered third-party developers. You can change these settings to allow downloading and launching software from the Mac App Store and nowhere else, or open up your Mac to software from any location.

Your Mac's default settings largely reduce the chances that a bad guy will trick you into installing malware. You may be tempted to allow all apps, but we suggest leaving the default setting as is and opening any app that doesn't qualify (but you know you want to install) by Control-clicking it and choosing Open. By doing so, you tell Gatekeeper that you purposefully want to bypass its security controls when opening this specific app.

To antivirus or not?

The biggest security question we get from people who first switch to a Mac is: "Should I install antivirus?" The answer, for most users, is no--with a few caveats.

If you use Gatekeeper, keep Java disabled, and use an email service--such as Gmail or iCloud--that filters out known malware, the odds of your Mac ever getting infected with malware are minuscule. Switch to Google Chrome, and you further reduce those odds.

Why can you get away with no antivirus software on a Mac? Some antivirus firms say they see 65,000 new Windows malware variants every day, while Macs get a handful or two every year. The numbers are in your favor.

If you still insist on buying antivirus software, however, or if your company requires your computer to run such a utility, you can find a few reputable applications for the Mac, such as Sophos's free Anti-Virus tool.

Welcome to security

Overall, while it may not have as many bells and whistles as you're used to, your Mac's security requires much less active effort on your part to maintain than a Windows system does. As a switcher, you can go to bed at night knowing that you just moved to a safer--even if it's not perfect--neighborhood.

Join the CSO newsletter!

Error: Please check your email address.

Tags ApplesecurityOS Xsoftwareoperating systems

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rich Mogull

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts