First, to put your mind at ease: OS X 10.8 is very secure overall. It includes many of the same inherent protections as Windows 8 does, despite being attacked far less frequently. Anti-exploitation technologies, firewalls, sandboxing and other tools are built in, with mostly sensible default settings. Some tools, such as encryption, are easier to run. Apple also includes interesting security features that take advantage of the Mac App Store to further reduce your security risk, depending on how you like to buy your software.
Your biggest switching decision is whether to use antivirus software. Unlike with Windows, antivirus software isn’t a necessity on a Mac, but it may be useful depending on your habits.
Without further ado, here’s a basic guide to your Mac’s built-in security features.
Same basic settings, different locations
The core principles for safe internet computing remain the same, whether you use a PC or a Mac. Keep your system up-to-date, be careful what you click on and be careful about what software you install. While you have many ways to fiddle with the security preferences on your Mac, we’re going to focus on the most important ones and highlight key differences from Windows.
System Preferences. You manage most security settings through the System Preferences application, located in the Applications folder. (You can also find a shortcut to System Preferences in the Apple menu and, by default, in the Dock.) A quick note: to change security settings, you may need to first click the lock icon in the lower-left corner of the window and enter your password.
Keep current. To stay safe and avoid nasty security problems, we recommend keeping your application software and system software up-to-date. You can choose whether the computer should automatically check for and download such updates in the background by going to System Preferences > Software Update.
All your system software updates come through the Mac App Store. Your Mac prompts you with a system notification when new updates are ready; clicking the notification launches the Mac App Store. You can also see what updates are available at any time by going to the Apple menu and choosing Software Update.
The Mac App Store also offers updates for any Mac apps you may have bought through the store. For third-party apps purchased outside the store, you may have to go to the company’s website to grab updates – many apps, however, will prompt you about available updates when you launch them.
Manage your user accounts. Managing user accounts is similar in the Mac OS and Windows; OS X just has a slightly different organisation strategy. Some settings are in the Users & Groups system preference pane, while others are in Security & Privacy.
By default, your Mac includes a default guest account; it allows friends and guests to work on your Mac in an empty user account. When your friend is finished and logs out, the account is wiped. You can manage this feature in Users & Groups; to control when passwords are required, however, you have to go to Security & Privacy > General.
You can also enter the Parental Controls preference pane to add specific restrictions to the Guest User account or any other account on your machine.
Add firewall protection. Your Mac’s built-in firewall isn’t quite as robust as the Windows one, as it won’t automatically adjust itself based on the network you are on. This limitation is OK, though, since network attacks aren’t nearly as common as they used to be.
Go to System Preferences > Security & Privacy > Firewall to turn on the firewall; it works similarly to the Windows Firewall by default, blocking incoming connections on a per-application basis. If you want, you can also block all connections under ‘Firewall Options’.
Built-in antivirus support. Your Mac includes a (very) basic antivirus feature (called XProtect or File Quarantine) that operates in the background to keep you from running into trouble while you’re browsing the web. It’s similar to – though not as powerful as – Microsoft’s Security Essentials.
Safari, Apple’s built-in web browser, doesn’t have all the same protections found in the latest version of Internet Explorer, but it still offers several great security options, such as the ability to allow Java – an oft-hacked technology available as a plug-in – only on specific sites. By default, Java isn’t even installed on your Mac, so you can eschew using the plug-in altogether if you prefer.
OS X’s built-in security
OS X includes two powerful security features that aren’t available on consumer versions of Windows.
Full hard-drive encryption. Encrypt your entire hard drive (and external hard drives) with FileVault. You can find it by going to System Preferences > Security & Privacy > FileVault. It’s similar to Microsoft’s BitLocker – but that utility is available only in the Windows Enterprise and Ultimate editions, whereas FileVault is available for all OS X users.
FileVault is reliable, and generally it doesn’t affect system performance. It’s ideal for laptops, and it even includes a recovery option that you can use in case you forget your password.
Meet your Gatekeeper. The Gatekeeper feature (go to System Preferences > Security & Privacy > General and look under ‘Allow applications downloaded from’) restricts what kind of software you can install on your Mac. By default, you can download and launch software only from the Mac App Store (all of which Apple has prescreened and approved) and from websites of registered third-party developers. You can change these settings to allow downloading and launching software from the Mac App Store and nowhere else, or open up your Mac to software from any location.
Your Mac’s default settings largely reduce the chances that a bad guy will trick you into installing malware. You may be tempted to allow all apps, but we suggest leaving the default setting as is and opening any app that doesn’t qualify (but you know you want to install) by Control-clicking it and choosing Open. By doing so, you tell Gatekeeper that you purposefully want to bypass its security controls when opening this specific app.
To antivirus or not?
The biggest security question we get from people who first switch to a Mac is: “Should I install antivirus?” The answer, for most users, is no – with a few caveats.
If you use Gatekeeper, keep Java disabled and use an email service – such as Gmail or iCloud – that filters out known malware, the odds of your Mac ever getting infected with malware are minuscule. Switch to Google Chrome, and you further reduce those odds.
Why can you get away with no antivirus software on a Mac? Some antivirus firms say they see 65,000 new Windows malware variants every day, while Macs get a handful or two every year. The numbers are in your favour.
If you still insist on buying antivirus software, however, or if your company requires your computer to run such a utility, you can find a few reputable applications for the Mac, such as Sophos’s free Anti-Virus tool.
Welcome to security
Overall, while it may not have as many bells and whistles as you’re used to, your Mac’s security requires much less active effort on your part to maintain than a Windows system does. As a switcher, you can go to bed at night knowing that you just moved to a safer – even if it’s not perfect – neighbourhood.
by Rich Mogull, Macworld