The following information is based on OS X 10.10 Yosemite. If you are running an earlier version of OS the information might still useful but you may have to look in different system preferences.
My friends and family often ask me what they can do to make their Mac more secure. They are often concerned about viruses or people spying on their computer while they are online. No computer can be considered “secure” once it’s connected to a network, but a few things you can do now to make using your Mac safer.
Security & Privacy
Select Security & Privacy from the System Preferences application.
From the General tab you can choose a few items to improve your Mac’s security. Having a password on your Mac protects your privacy. But if you walk away and leave your Mac unattended while logged in, anyway with physical access to the Mac can get in and access your files, email etc. To protect my privacy I set my Mac to activate the screen save 5 minutes after the screen saver starts. I then set the screen save to start when my account has been inactive for 10 minutes. With these two settings I am assured that if I walk away from my Mac the account will be automatically locked after 15 minutes of inactivity.
Clicking the Advanced button bring up another set of options. I have set my Mac to require an administrator password to get access to any system preferences. This protect me from myself if for some bizarre reason the Mac gets hit with a virus (rare I know). It also prevents someone who may have access to my Mac from creating new account or changing system preferences to reduce the security of my Mac. If your Mac is a MacBook or in a very public area then you want to logout after a certain amount of account inactivity.
Malicious software can be found all over the net. Users looking for a bargain are often duped into downloading illegal copies of well-known applications such as Microsoft Office. Many times this software has been modified to install key loggers etc. on to you Mac or in the worst case, hold it for ransom. To help protect users Apple has built the App Store around the similar concept at the iTunes App Store. The App Store is more like shopping in a mall as opposed to a flea market. Apple has taken steps to reduce the chance of a malware making it on to your Mac. Apps in the App Store have had security checks, and the developers have been vetted by Apple. Apps in the App Store have also been assigned a security certificate. If Apple later discovers that a particular app or developer has abused security the application can be yanked from the store.
Of course users will want to run third-party apps that are not available in the App Store. You can still do this on your Mac with two level of lowered security expectations. Some developers have chosen to have their apps signed with an Apple certificate. This means that Apple didn’t do a security review of the app but did verify that the application is a legitimate application from that particular developer. This is the setting I have chosen. I think it’s a good balance between the limited set of apps from the App Store and the flea market of the Internet. The least secure is the Anywhere option that allows you to install whatever you want from anywhere on the Internet. Caveat emptor!
Truthfully, I have yet to enable this on any Mac I’ve owned. OS X will encrypt the entire hard drive and make it unreadable. I think it might be useful for MacBook users who have very sensitive information to protect; things like patient health information or financial records. For the general consumer, they will have to weigh the risks of losing access to their files if they lose the decryption against the risk that someone gets access to their personal information.
For the most paranoid or those wanting an extra layer of protecting when connected to Internet hotspots etc., I suggest blocking all incoming connections. You can turn this on an off as needed. For day to day use on a trusted network, I have enabled stealth mode and white listed the application that I want to have Internet access. To add an app or service, click Add, select the item in the list, then use the Up Arrow and Down Arrow keys to set the limits for the app. Stealth mode prevents your Mac from responding to probing requests that can be used to show its existence. The Mac still answers requests from authorized apps, but unauthorized requests such as ICMP (ping) get no response. I have also allowed signed applications to get access to the Internet. This allows apps and services that are signed by a valid certificate authority to be automatically added to the list of allowed apps, without your authorization. For example, iTunes is signed by Apple, so it is automatically allowed to receive incoming connections through the firewall.
The privacy settings are used to limit what information about your Mac shares between the applications and services install on your Mac. When you turn on Location Services, you allow apps and websites to use your Mac’s current location to provide information, services, and features appropriate to where you are. For example, when using Facebook I may not want to let Facebook know the location of my computer. System Services allow the location of your Mac to be used by Spotlight or Spotlight Suggestions in Safari. This presence window shows the apps that want access to your contacts, calendars, or reminders. Deselect the app if you want to prevent it from accessing this information. I may want to limit which application have access to my calendar and contact list. I may want to restrict which applications can update Facebook or Twitter.
It’s a good idea to spend some time thinking about what information you want to share and what apps have access to this information. Don’t rush this one.
Like most computer, the Mac is only as secure as you want it to be. The Internet can be a dangerous place but if you configure a few security settings you can reduce your risk.