The Mac is a comparatively secure system compared to other platforms. What you can do to keep it that way.
01 Control and disable Gatekeeper – and enable it again
Gatekeeper is the feature in macOS that aims to protect the Mac from dangerous programs from the Internet and prevent their installation. Apps from the App Store have already been critically reviewed by Apple for security, these can also be run in the sharpest Gatekeeper setting. Starting with macOS Sierra, Apple has strengthened its gatekeeper even more. It can be configured in the System Preferences via SecurityGeneral . In the latest version of the Mac operating system, you can only specify that macOS Sierra allows applications from the Mac App Store or from verified developers. Other software can be run only if the "No Restrictions" option is enabled. This can even be useful, e.g. if you are a developer and want to test your own work first, before you get verified at Apple and/or put your applications into the Mac App Store.
Ex works, however, the option " No restrictions " is sensibly not displayed, you have to unlock this level of permeability via the terminal first:
As password you have to enter the password of the administrator. After that the option "No restrictions" resp. "Anywhere" is selectable again.
Conversely, you can also hide the setting in Terminal again. To do this, use the command:
If you don't want to deactivate the Gatekeeper permanently, but only want to open an application of an unverified but nevertheless trusted developer once, the following workaround will help: Click on the application icon in the Finder while holding down the ctrl key and you will see a dialog box asking if you really want to open this application. One click on "Open" – and the program starts. ( tj/pm )
02 Remove malware with freeware
Unfortunately, the times are over when there was no adware and other malware for macOS at all. But if the Mac behaves strangely, you should check if malware has landed on your Mac. The free Malwarebytes Anti-Malware for Mac software quickly and easily scans your Mac and removes any malware that may be present. If the software is blocked, you need to temporarily disable the gatekeeper. You can find a detailed test of antivirus software for the Mac here .
03 Enable Siri and control keyboard shortcuts
In macOS (High) Sierra's System Preferences, some new features have been added to help you customize security. Generally, you can activate or deactivate voice control on the Mac via Siri in the system settings. In addition, here you control the shortcut for activating and deactivating as well as displaying the Siri icon in the menu bar. You also select the appropriate microphone at this point. Read more about Siri on the Mac here.
04 Turn off synchronization with the cloud
macOS High Sierra offloads less frequently used data to iCloud, if desired. This option is called " Optimize Mac storage ". You can find the configuration for this in the System Preferences via iCloud . With the Options button at iCloud Drive you control this function. If you disable the function, macOS will not outsource anything. First and foremost, disable the " Desktop folder"& function "Documents " if you do not want to upload your data to Apple's cloud. Read all about the Everywhere Desktop in the iCloud here.
05 Improve privacy
In the System Preferences, you can find all apps and system services that have access to the Mac's location services by selecting Location Services in SecurityPrivacy. Click on Details in System Services , you will see more information that you can control. On your desktop computer, you will rarely need the location services.
06 Unlock Mac with Apple Watch
If necessary, you can unlock Mac computers with the Apple Watch. This feature can be found in System PreferencesSecurity on the General tab. To do this, activate the option " Allow your Apple Watch to unlock your Mac ". But be careful: this only works if you have secured your Apple ID with two-factor authentication (2FA).
07 Microphone coverage: how to really protect yourself from spy attacks
Webcams are increasingly becoming a target for hackers, for example to use networked cameras for organized DDoS attacks. But also users can be spied wonderfully via iSight and consorten. Currently, there is no malware that would also succeed in turning off the status LED of the camera on Macbook and iMac, so you should notice if someone from the outside turns on your iSight. It doesn't have to stay that way forever, but the camera can easily be turned off as a gateway for spying: Just put black tape on the lens.
However, it is different with the microphone, which you need more often than the camera, especially because of Siri or because you like to make phone calls from the iMac. Because here no status light announces itself, if the microphone turns on. It is quasi like our ears constantly in the reception readiness. But unlike our own eavesdroppers, we can also turn off the microphone, in System Preferences> Sound via the "Input" tab. Simply set the volume of the internal microphone back to zero, this should help as a first step. Keep in mind, however, that a potential attacker who has gained access to the Mac's microphone will probably also be able to intervene in the system settings in order to turn up the volume again. But there is also a remedy for such cases: Simply deactivate the drivers. And this with the following terminal commands, which however intervene so deeply into the system that you should absolutely make a backup before:
08 Log in as administrator in the terminal
For certain commands in the terminal it is necessary to have administrator rights. How to switch to the admin mode. If you work with a user account without administrative rights for security reasons, you can't use a command in Terminal that starts with "sudo", because these commands are only accessible to administrators. You have to log in to the system as administrator first.
But you can also log in directly in the terminal as administrator. To do this, type "login" (without quotes), followed by a space and the short name of the administrator. Now press the carriage return, type in the administrator password and press the carriage return again. After that you can execute all commands with administrator rights. To log out, type "logout" (also without quotes). ( th )
09 Activate firewall
If you are surfing at home or in the office via a router, the firewall integrated in the router provides protection against attacks from the network on the computer. In public wireless networks, for example in a cafe, in a train station or on a camping site, however, caution is advised. Here one should absolutely click in the system setting "Security" under "Firewall" on "Firewall activate. Then open the firewall options and check "Block all incoming connections". This will block all attempts to access the computer via the WLAN, surfing and e-mail traffic will not be affected by it. ( th )
10 View and search log files for troubleshooting
macOS keeps a log of many system operations as well as all error messages. In order to see these logs, one starts the program Console ( Programs/Utilities ).
There the messages of the last days and weeks are listed. To get more information, click on "Errors and problems". Under "Reports" is then for example the log of the system (system.log), which can only be viewed if you are logged in as administrator. And under "~/Library/Logs" you can find the messages of the applications.
But the information is hardly decipherable for normal mortals. However, one can use the search function to search for program names or for terms like "Error" or "Fail", in order to reduce the number of messages. It also makes sense to copy the text of an entry and then search the web for this information.