The Mac is generally considered to be safe and secure, and there are a number of reasons why Macs are considered more secure than PCs. Malware writers are less likely to target Mac users because of the perception that it has a far smaller market share than Windows. There is also the fact that the Mac operating system is Unix-based, and Unix offers a number of security features built in.
Apple goes to great lengths to protect you from malware by making it impossible for you to download it in the first place. The company has built-in antimalware protection in macOS. The Mac's malware scanning tool, Xprotect, works invisibly and automatically in the background and requires no user configuration. Apple has a list of malicious applications that it checks against when you open downloaded applications. Updates happen invisibly too. This is similar to having antivirus software from another software developer running on your Mac, with the bonus of being written into the operating system and therefore it doesn't hamper the speed of your Mac. If you download and try to open files contaminated with malware, you may see an explicit warning that the files will "damage your computer", along with a reference to type of malware. You should delete the file immediately.
In addition, macOS blocks downloaded software that hasn't been digitally signed - a process in which Apple approves the developer. This leads to the familiar error message when you try to use or install unsigned software: "[this app] can't be opened because it is from an unidentified developer.". The system at work here is called Gatekeeper and can be controlled via the Security & Privacy section of System Preferences. In addition to Gatekeeper, which should keep malware off you Mac, FileVault 2 makes sure your data is safe and secure by encrypting it.
It's certainly not an essential requirement to install antivirus software on your Mac. Apple does a pretty good job of keeping on top of vulnerabilities and exploits and the updates to the MacOS that will protect your Mac will be pushed out over auto-update very quickly. However, sometimes Apple doesn't respond as quickly as Mac users might hope. In that case there are some free anti-virus apps (such as Sophos Anti-Virus for Mac Home Edition or ClamXav) that might give you some peace of mind.
There are many times when people may have items they would like to keep secured, which can include banking account numbers, software license information or a Coca-Cola recipe.
If you open the Keychain Access utility, you will see a Secure Notes section for each keychain; here you can add any bit of text, and it will be securely saved to the keychain. Here are the steps to do this:
• Open Keychain Access (located in /Applications/Utilities)
• Select "New Secure Note Item" from the File menu (or press Shift+Command+N)
• Name the item and enter your secret information in the Note field
• Click "Add" to save the note to your keychain
Though the formatting of the notes are limited, you can add images, movies, and other media items to them. By default the new secured note will not be automatically accessible when the keychain is unlocked. This security measure will prevent people from accessing the note even if you leave your system unlocked. To view or edit the note, double-click it in the list and you will be presented with information about it. Click the Show Note check box and you will be prompted for your password in order to see the note. After this, the note will be editable, and you can click the Save Changes button to save and lock the note again.
Your Mac is pretty safe on your private home network, but what about when you're surfing the Web in coffee shops? Anyone with a computer and rudimentary hacking skills could target you, which is why it's important to make sure your Mac's built-in firewall is enabled and that stealth mode is turned on.
macOS's firewall feature blocks unwanted network traffic coming into your computer, and stealth mode makes your Mac essentially invisible to hackers snooping for computers to target. They aren't foolproof features, but they will keep most people from finding and attacking your Mac on public networks.
First, you need to make sure your Mac's firewall is enabled:
• Go to Apple menu > System Preferences.
• Choose Security & Privacy.
• Select the Firewall tab.
• If the firewall is active you’ll see a green dot and "Firewall: On." If not, click Turn Firewall On. You may have to click the padlock icon and authenticate with your Mac's password to change the setting.
Next, enable stealth mode:
• Click Firewall Options. It's below the button for turning the firewall on and off.
• Check Enable stealth mode.
• Click OK.
"Automatically allow built-in software to receive incoming connections" and "Automatically allow downloaded signed software to receive incoming connections" should already be checked. Those settings let the apps you already have communicate through the firewall without you having to take any extra steps. Leave those checked unless you know what you're doing and plan to manage app network access manually. You should leave "Block all incoming connections" unchecked too, unless all you're doing is surfing the Web.
When you get ready to sell or give away your Mac, there are some steps you should take. You'll want to back up your computer, disable some features and services, and erase the hard drive.
Moving to a new Mac? Learn how to move your files to your new Mac. Do this before you erase the hard drive or follow any other steps.
• Create a backup. Be sure you have an up-to-date backup of your important files and data. Learn how to back up your data in OS X.
• Sign out of iTunes. Open iTunes. From the menu bar at the top of your computer screen or at the top of the iTunes window, choose Account > Authorizations > Deauthorize This Computer. When prompted, enter your Apple ID and password. Then click Deauthorize. Learn more about deauthorizing your computer using iTunes, including how to deauthorize all the computers you've used with your iTunes account.
• Sign out of iCloud. If you use Find My Mac or other iCloud features on your Mac, you should first archive or make copies of your iCloud data. After that, choose Apple Menu > System Preferences, click iCloud, and then deselect the Find My Mac checkbox. Finally, sign out of iCloud. In System Preferences, click iCloud, and then click the Sign Out button. When you sign out of iCloud, you're asked whether you want to remove iCloud data from your Mac. Your iCloud data will remain on any other devices that are using the same Apple ID.
• Sign out of iMessage. If you're using OS X Mountain Lion or later, sign out of iMessage. In the Messages app, choose Preferences > Accounts. Select your iMessage account, then click Sign Out.
• Erase and reinstall OS X. To reformat your hard drive and reinstall OS X, follow these instructions. After you reformat your hard drive and reinstall OS X, the computer restarts to a Welcome screen and asks you to choose a country or region. If you want to leave the Mac in an out-of-box state, don't continue with the setup of your system. Instead, press Command-Q to shut down the Mac. When the new owner turns on the Mac, the Setup Assistant will guide them through the setup process.
macOS has some of the best security among today's operating systems, designed to protect your data and your computer from all sorts of security threats ranging from a slightly too curious friend all the way to a malicious hacker.
Having a password is highly recommended so if you haven't set one up already, you can protect your account by going into System Preferences -> Users & Groups and selecting your account. However, the issue with good security is that it all depends on you being able to set a secure password and, crucially, remembering it. What happens of you one day realize that you've forgot the password? Or more likely, what if your parents one day call you up saying they've forgot the password for their account?
There are several ways to do reset the password. The best case is if you still have access to another administrator's account. In this case you can reset the user's password by going to System Preferences -> Users & Groups. Select the account that you want to recover, click the Change Password button and type in a new password. Easy!
If you don't have access to an administrator's account, boot to the recovery partition by holding Command-R at startup (or by holding Option and selecting "Recovery HD" from the boot menu), and then selecting Terminal from the Utilities menu. When this is done and a Terminal window is open, simply type:
and press Return to launch the Reset Password utility. The program will launch, but do not close the Terminal window or the program will be killed as well. With the Password Reset utility now open, you can select the volume and the account, and change the password for that account.
Granted, for an operating system that is supposed to have great security, it is surprisingly simple to gain access to the computer. What if you have some top-secret files that nobody should be able to access? Is there a way to block the methods that we just described?
Of course there is! First, enable FileVault in System Preferences -> Security & Privacy. FileVault encrypts all your personal data so that even if someone manages to steal your computer they will not be able to access your data without the correct password.
You can also set a Firmware password that will be required to boot the computer and enter any of the recovery modes. This password can be set by booting to the recovery partition and selecting the Firmware Password Utility option from the Utilities menu.
After you've set the Firmware password the computer will disable all the methods we've mentioned in this article as well as several other recovery modes (reinstall, repair and so on) so do make sure that you remember the password! In a worst-case scenario you can reset the Firmware password it by opening your computer and removing one of the RAM sticks. When you boot the computer the password will be reset, after which you can replace the missing stick.