British Flag
British Apple Users Info & Support
LOGIN
The next event is:
VMworld (USA)

From 28 August 2016
to 1 September 2016
More events…

OS X 10.11 El Capitan
FREE
Amazon UK Digital Mac Software Affiliate Link Discounted Shopping via QuidCo

I love Quidco

Mac Security Article #6 - Networking/Internet/Online Shopping

Article ID = 86
Article Title = Mac Security Article #6 - Networking/Internet/Online Shopping
Article Author(s) = Graham Needham (BH)
Article Created On = 11th July 2012
Article Last Updated = 6th May 2016
Article URL = http://www.macstrategy.com/article.php?86

Article Brief Description:
Recommendations for staying secure when using a network/the internet/online shopping.

Networking/Internet/Online Shopping Security

This article has the following sections:
  1. Mac Networking
  2. Wireless / Wi-Fi Networking
  3. Browsing The Web
  4. Online Shopping
  5. Web Technologies To Be Aware Of
  6. Internet Plug-Ins and Video Codecs
  7. Email
  8. Instant Messaging
  9. Virtual Private Network (VPN)
It is number six in a series of MacStrategy security articles.

Mac Networking

We recommend the following:
  1. Where possible turn off (untick) and do not use any of the OS X sharing features (Apple menu > System Preferences > Sharing):
    • DVD or CD Sharing
    • Screen sharing
    • File Sharing
    • Printer Sharing/li>
    • Scanner Sharing
    • Web Sharing
    • Remote Login
    • Remote Management
    • Remote Apple Events
    • Xgrid Sharing
    • Internet Sharing
    • Bluetooth Sharing
  2. Turn on and configure the OS X Firewall (Apple menu > System Preferences > Security > Firewall tab)
  3. Turn off iTunes sharing (iTunes Preferences > Sharing tab > untick "Share my library on my local network")
  4. Turn off iTunes Home Sharing
  5. Turn off iPhoto sharing (iPhoto Preferences > Sharing tab > untick "Share my photos")
  6. Where possible only connect your Mac to the local network using a physical ethernet cable
  7. Turn off unused networking services - in Mac OS X 10.5 or later go to Apple menu > System Preferences > Network > select the service on the left that you don't use and click the "-" button in the bottom left e.g.
    • Wi-Fi
    • FireWire
    • Bluetooth DUN
    • Internal Modem
    • IrDA

Wireless / Wi-Fi Networking

If you don't use wireless / Wi-Fi Networking turn off Wi-Fi - either:
  • go to Apple menu > System Preferences > Network > select Wi-Fi on the left and click the "Turn Wi-Fi Off" button on the right (this also helps with battery life)
  • or, in Mac OS X 10.5 or later go to Apple menu > System Preferences > Network > select Wi-Fi on the left and click the "-" button in the bottom left
If you are going to use wireless / Wi-Fi networking you should only use the following security protocols:
  • WPA-2 (WPA2-PSK with AES encryption)
  • WPA-2 (Enterprise)
  • RADIUS
See also, our Recommendations For Setting Up A Home Wireless/Wi-Fi Network article.
Do not use the following security protocols as they are all broken:
  • WEP
  • WPA-1 (TKIP)
  • WPA-1/WPA-2 mixed mode
If you are using wireless / Wi-Fi networking on a free/public Wi-Fi network you are highly recommended to use a Virtual Private Network (VPN) service because without one your network traffic, logins, user names and password could easily be stolen.

Browsing The Web

Follow our recommendations listed here:
If the browser supports it use it's Do Not Track feature:
  • Mozilla Firefox - Go to Firefox menu > Preferences… > Privacy > tick "Use Tracking Protection in Private Windows" plus click "manage your Do Not Track settings" and tick "Use Do Not Track"
  • Opera - Go to Opera menu > Preferences… > Advanced > Security > tick "Ask websites not to track me"
  • Apple Safari v5.x or earlier - offers this option but it is only available if you turn on the developer menu (Send Do Not Track HTTP Header)
  • Apple Safari v6 or later - Go to Safari menu > Preferences… > Privacy > tick "Website tracking: Ask websites not to track me"

Recommended Web Browsers

If you are not running the latest versions of OS X please also see our article on running an older operating system.
Q. What are the current, supported versions of OS X?
A. OS X 10.11 (El Capitan), OS X 10.10 (Yosemite) and 10.9 (Mavericks) are supported by Apple.
Q. How can I tell which version of macOS / OS X / Mac OS X I am running?
A. Go to Apple menu (top left) > About This Mac > check the version reported for macOS / OS X / Mac OS X.
Browsers For the latest versions of OS X
  • Google Chrome - highly recommended with default automatic updates including built-in Flash plug-in
  • Mozilla Firefox - highly recommended
  • Apple Safari (included with OS X) - highly recommended
  • Chromium - recommended
  • iCab - recommended
  • Opera - recommended
For reasons given the following browsers are not recommended for use:
  • Camino - development discontinued on 31/05/2013
  • Microsoft Internet Explorer - no longer supported on/updated for Apple Macintosh computers
  • Omniweb - awkward plug-in handling
  • Seamonkey - no control over individual plug-ins e.g. Java
  • Stainless - lack of visual security indicators
  • Sunrise - lack of visual security indicators

Web Browser Security Options

Apple Safari
  • Go to Safari menu > Preferences… > General tab > untick 'Open "safe" files after downloading'
  • Go to Safari menu > Preferences… > Security tab > tick "Warn when visiting a fraudulent website"
  • Go to Safari menu > Preferences… > Security tab > tick "Block pop-up windows"
  • Go to Safari menu > Preferences… > Security tab > tick "Ask before sending a non-secure form from a secure website"
  • Go to Safari menu > Preferences… > Privacy tab > configure cookies and location services as required
  • Go to Safari menu > Preferences… > Extensions tab > switch "OFF" or configure as required
Camino
WARNING: this browser was discontinued on 31/05/2013
  • Go to Camino menu > Preferences… > Privacy tab > configure cookies and password saving as required
  • Go to Camino menu > Preferences… > Security tab > tick "Warn me when visiting potentially malicious sites"
  • Go to Camino menu > Preferences… > Security tab > tick "Show a warning when: Moving from a secure to an insecure page"
  • Go to Camino menu > Preferences… > Security tab > tick "Show a warning when: A page uses a mix of encrypted and unencrypted content"
  • Go to Camino menu > Preferences… > Security tab > click "Certificates: When a website requires a personal certificate 'Ask me which to use'"
  • Go to Camino menu > Preferences… > Downloads tab > untick 'When downloads finish: Open downloaded files'
  • Go to Camino menu > Preferences… > Web Features tab > tick "Block pop-up windows"
Google Chrome
  • Go to Chrome menu > Preferences… > click on "+ Show advanced settings" > under 'Privacy' heading tick "Enable phishing and malware protection"
Chromium
  • Go to Chromium menu > Preferences… > click on "+ Show advanced settings" > under 'Privacy' heading tick "Enable phishing and malware protection"
Mozilla Firefox
  • Go to Firefox menu > Preferences… > Content > tick "Block popup windows"
  • Go to Firefox menu > Preferences… > Security > tick "Warn me when sites try to install add-ons"
  • Go to Firefox menu > Preferences… > Security > tick "Block reported attack sites"
  • Go to Firefox menu > Preferences… > Security > tick "Block reported web forgeries"
iCab
  • Go to iCab menu > Preferences… > Security icon > set 'International Domain Names (IDN)' to "Show IDNs with secure letters and from the list"
Omniweb
  • Go to Omniweb menu > Preferences… > Download icon > untick 'Open files in "safe" applications'
  • Go to Omniweb menu > Preferences… > Ad Blocking icon > select "Always" from the 'Block pop-up windows' pop-up menu
Opera
  • Go to Opera menu > Preferences… > Advanced tab > select "Security" on the left > tick "Enable Fraud and Malware Protection"
Seamonkey
  • Go to Seamonkey menu > Preferences… > under 'Privacy & Security' on the left select "Popup Windows" > tick "Block unrequested popup windows"
  • Go to Seamonkey menu > Preferences… > under 'Privacy & Security' on the left select "SSL" > tick "Enable SSL version 3" and tick "Enable TLS"
  • Go to Seamonkey menu > Preferences… > under 'Privacy & Security' on the left select "SSL" > under 'SSL Warnings' tick "Loading a page that uses low-grade encryption", "Sending form data from an unencrypted page to an unencrypted page" and "Viewing a page with an encrypted/unencrypted mix"
Stainless
  • Go to Stainless menu > select "Block Pop-Up Windows" so that it is ticked
Sunrise
  • Go to Sunrise menu > Preferences… > under 'Security' tick "Block pop-up windows"
TenFourFox
  • Go to TenFourFox menu > Preferences… > Content tab > tick "Block popup windows"
  • Go to TenFourFox menu > Preferences… > Security tab > tick "Warn me when sites try to install add-ons"
  • Go to TenFourFox menu > Preferences… > Security tab > tick "Block reported attack sites"
  • Go to TenFourFox menu > Preferences… > Security tab > tick "Block reported web forgeries"
  • Go to TenFourFox menu > Preferences… > Advanced tab > Encryption tab > tick "Use SSL 3.0" and tick "Use TLS 1.0"

Secure Web Sites (HTTPS)

Whenever you are transferring personal information especially financial transactions make sure your web browser is connected securely to the web site in question. If it isn't don't enter personal/financial details.
How To Tell if Your Web Browser Is Connected Securely
  • Apple Safari v5.x or earlier - closed/locked padlock icon in the top right of the window
  • Apple Safari v6 or later - closed/locked padlock icon+green colour to the left of the address text
  • Camino - coloured address bar (yellow) + closed/locked padlock icon to the right of the address [WARNING: discontinued 31/05/2013]
  • Google Chrome - address text to the left coloured (green) + closed/locked padlock icon to the left of the address
  • Chromium - address text to the left coloured (green) + closed/locked padlock icon to the left of the address
  • Mozilla Firefox - address to the left coloured (green or blue) (v14.0 or later has a closed/locked padlock icon to the left of the address )
  • iCab - primary address text coloured (blue) + closed/locked padlock icon in the bottom left of the window
  • Omniweb - closed/locked padlock icon in the bottom right of the window
  • Opera - closed/locked yellow padlock icon to the left of the address text
  • Seamonkey - coloured address bar (yellow) + closed/locked padlock icon in the bottom right of the window
  • Stainless - no indication of secure connection!
  • Sunrise - no indication of secure connection!
  • TenFourFox - address to the left coloured (green or blue)
NOTE: If you get a warning that a security "certificate" is not right or out of date do not use the web site! - if you need to use the site urgently contact them (preferably by phone) to let them know there is a problem with their security certificate.

Online Shopping (from the UK)

Follow these recommendations from official UK government web sites:
  • Only use a recommended web browser.
  • Set your browser's security settings
  • Keep your web browser up-to-date.
  • Be careful when you give your credit or debit card details on the Internet - make sure the connection is secure.
  • The trader must give their name and a geographical address, not just a PO Box number, and not just their e-mail address. They must also fully describe the goods for sale and orders must be confirmed in writing (usually via email).
  • As with any other type of purchase, shop around for the best deals and prices. In most cases, you are entitled to a seven working day cancellation period where you can change your mind (the Distance Selling Regulations), but this usually does not apply to 'auction' sites. You should always read the terms and conditions carefully before buying.
  • Watch out for high postage rates and for other hidden costs, such as VAT and other duty payable, particularly if goods are being sent from abroad.
  • Try to get personal recommendations for companies you have not done business with before. Alternatively, you can get help and advice from specialist organisations, such as Trust UK. Trust UK is an organisation endorsed by the UK government which enables consumers to buy online with confidence.
  • Remember, goods being sent from abroad may take some time to be delivered. Check with the trader how long this will take, and set a delivery date that you must have them by, if that is important. Where no delivery date has been agreed, delivery must be within thirty days. Goods and services ordered from UK and European Countries will be covered by the Distance Selling Regulations.
  • Check what the company's policy is on returning goods that you don't like or have changed your mind about, and find out who pays for the return postage. If they have come from abroad, you may be faced with a hefty postage bill to return them. Refunds must be made within thirty days.
  • On the subject of buying from abroad, remember that if you have problems such as faulty goods or non-delivery, it might be very difficult to get your complaint dealt with. Although your contract will probably be covered by UK law - allowing you to sue in your local court - getting money out of a company based abroad may be impractical. If possible, pay by credit card as this may give you additional protection in some circumstances.
  • For that reason, be wary of buying very expensive items from companies outside the UK or Europe unless you know them well - that way, if things do go wrong, you limit the risk.
  • Most importantly, print out the order, and keep any terms and conditions that appear on the web site, just in case of any disputes or problems later on.

Web Technologies To Be Aware Of

JavaScript

JavaScript (not to be confused with Java) is a scripting language that can automate tasks for your web browser, you or more importantly for the web site you are visiting. However, it is very powerful and it has the power to be very malicious. Unfortunately lots of web sites require it to be turned on. It is possible to turn this technology off but some web sites may not work properly if you do:
Controlling JavaScript In Your Web Browsers
  • Apple Safari - open Safari > go to Safari menu > Preferences… > Security tab > tick/untick "Enable JavaScript"
  • Camino - open Camino > go to Camino menu > Preferences… > Security tab > tick/untick "Enable JavaScript" [WARNING: browser discontinued 31/05/2013]
  • Google Chrome - open Google Chrome > go to Chrome menu > Preferences… > click "+ Show Advanced Settings" > click the "Content settings" button under the 'Privacy heading' > under the 'JavaScript' heading choose either "Allow all sites to run JavaScript (recommended)", "Do not allow any site to run JavaScript" or click the "Manage exceptions" button and configure as required
  • Chromium - open Chromium > go to Chromium menu > Preferences… > click "+ Show Advanced Settings" > click the "Content settings" button under the 'Privacy heading' > under the 'JavaScript' heading choose either "Allow all sites to run JavaScript (recommended)", "Do not allow any site to run JavaScript" or click the "Manage exceptions" button and configure as required
  • Mozilla Firefox - open Firefox > go to Firefox menu > Preferences… > Content > tick/untick "Enable JavaScript" [WARNING: the ability to easily switch off JavaScript was removed in Firefox 23 and later from August 2013 - it can still be toggled using the about:config facility]
  • iCab - open iCab > go to iCab menu > Preferences… > JavaScript icon > tick/untick "Enable JavaScript"
  • Omniweb - open Omniweb > go to Omniweb menu > Preferences… > Security icon > tick/untick "Enable JavaScript"
  • Opera - open Opera > go to Opera menu > Preferences… > Advanced tab > select "Content" on the left > tick/untick "Enable JavaScript"
  • Seamonkey - open Seamonkey > go to Seamonkey menu > Preferences… > select "Scripts & Plugins" on the left under the 'Advanced' heading > tick/untick "Enable JavaScript for Browser"
  • Stainless - open Stainless > go to Stainless menu > Preferences… > Security tab > tick/untick "Enable JavaScript"
  • Sunrise - open Sunrise > go to Sunrise menu > Preferences… > tick/untick "Enable JavaScript" under the 'Security' heading
  • TenFourFox - open TenFourFox > go to TenFourFox menu > Preferences… > Security tab > tick/untick "Enable JavaScript"

Java

Java (not to be confused with JavaScript) is a programming language which can run software on your computer directly in your browser simply by visiting a web site. It has recently been targeted for attack on the Mac platform. Once a Java "applet" is running it is extremely powerful and it has the power to be very malicious. Thankfully lots of web sites don't use it and it is possible to turn this technology off:

Java Security for Mac Users > How To Disable/Secure Java

Java RE v6 and earlier are end of life and are no longer supported/updated. If you are running Mac OS X 10.6 or earlier you are recommended to disable Java and read up on securing older operating systems.
Q. How can I tell which version of macOS / OS X / Mac OS X I am running?
A. Go to Apple menu (top left) > About This Mac > check the version reported for macOS / OS X / Mac OS X.
Securing/Disabling Java RE in OS X 10.7 or later
  1. Go to Apple menu > System Preferences > Java > (the Java Control Panel will open separately) > Security tab
    • If the Java preference pane does not exist you do not have Java RE v7 or later installed. Go to the disabling Java RE v6 instructions below.
    • If you have a Java preference pane and the Java Control Panel opens separately go to the "Security" tab in the control panel. If there is no Security tab you have an old version of Java RE v7 installed - update Java RE v7 first, then come back to these instructions.
  2. Set the 'Security Level' slider to "Very High".
  3. If you don't use Java untick "Enable Java content in the Browser".
  4. If you do use Java click "Advanced Security Settings" and configure as required for your Java usage.
  5. Now go to the 'Update' tab and tick "Check for Updates Automatically".
  6. Now go to the 'General' tab, click "Settings…" under 'Temporary Internet Files' and untick "Keep temporary files on my computer" and click "Delete Files…". Click "OK".
  7. You are now also recommended to switch off Java in your web browsers.
Disabling Java RE v6 in OS X 10.7 or later
  1. Go to Macintosh HD > Applications > Utilities > Java Preferences > General tab.
  2. NOTE: If you get a message stating 'To open "Java Preferences," you need a Java SE 6 runtime. Would you like to install one now?' click "Not Now" (you do not have Java RE v6 installed - go to disabling the Java plug-in in your web browsers).
  3. Make sure no Java versions are ticked under "On".
  4. Then go to the 'Network' tab and untick "Keep temporary files for fast access" and click "Delete Files…". Click "OK".
  5. You are now also recommended to switch off Java in your web browsers.
NOTE: If you need Java and have installed Java Update 2012-006 or later from Apple you will have no Java Preferences in Applications > Utilities or a Java plug-in so you are recommended to install Java RE v7 to give you the most up to date Java RE, a Java plug-in and a Java Preferences pane in System Preferences.
Disabling Java RE v5/v6 in Mac OS X 10.5 or 10.6
NOTE: Java will not work at all including locally installed applications that may require it.
  1. Go to Macintosh HD > Applications > Utilities > Java Preferences > General tab.
  2. Make sure no Java versions are ticked under "On".
  3. Then go to the 'Network' tab and untick "Keep temporary files for fast access" and click "Delete Files…". Click "OK".
  4. You are now also recommended to switch off Java in your web browsers.
Disabling Java RE in Mac OS X 10.4 or earlier
You cannot switch off Java in Mac OS X 10.4 or earlier and there is no Java Preferences so make sure you delete any (Java plug-ins and also switch off Java in your web browsers.

Disabling the Java plug-in In Your Web Browsers

NOTE: Java applets will not work in your web browser but locally installed Java applications may still work (see disabling the Java RE for your OS).
NOTE: You need to disable the Java plug-in for each and every web browser that you use/have installed.
  • Apple Safari - open Safari > go to Safari menu > Preferences… > Security tab > untick "Enable Java"
  • Apple Safari 5.1.9 (for Mac OS X 10.6) / 6.0.4 (for OS X 10.7/10.8) or later - open Safari > go to Safari menu > Preferences… > Security tab > untick "Allow Java" or you can tick it to enable it and you now have control of the Java plug-in for individual websites by clicking the "Manage Website Settings…" button
  • Camino - open Camino > go to Camino menu > Preferences… > Security tab > untick "Enable Java" [WARNING: discontinued 31/05/2013]
  • Google Chrome - open Google Chrome > go to Google Chrome menu > Preferences… > click "+ Show Advanced Settings" > click the "Content settings" button under the 'Privacy heading' > under the 'Plug-ins' heading click "Disable individual plug-ins…" > click "Disable" for 'Java'
  • Chromium - open Chromium > go to Chromium menu > Preferences… > click "+ Show Advanced Settings" > click the "Content settings" button under the 'Privacy heading' > under the 'Plug-ins' heading click "Disable individual plug-ins…" > click "Disable" for 'Java'
  • Mozilla Firefox - open Firefox > go to Tools menu > Add-ons > click "Plugins" on the left > click "Disable" for 'Java Applet Plug-in'
  • iCab - open iCab > go to iCab menu > Preferences… > Java icon > untick "Execute Java applets"
  • Omniweb - open Omniweb > go to Omniweb menu > Preferences… > Security icon > untick "Enable Java"
  • Opera - open Opera > go to Tools menu > Advanced > Plug-Ins > click "Disable" for 'Java Applet Plug-in'
  • Seamonkey - open Seamonkey > go to Seamonkey menu > Preferences… > select "Scripts & Plugins" on the left under the 'Advanced' heading > untick "Enable Plugins for Suite"
  • Stainless - open Stainless > go to Stainless menu > Preferences… > Security tab > untick "Enable Java"
  • Sunrise - open Sunrise > go to Sunrise menu > Preferences… > untick "Enable Java" under the 'Security' heading
  • TenFourFox - Java is not supported (because plug-ins are not supported)
REMOVING THE JAVA PLUG-IN FROM YOUR OS
NOTE: Java applets will not work in your web browser and they never will until you reinstall Java. Only follow these instructions if you will never use Java on the internet. If you are unsure simply switch off Java in all your web browsers.
  1. Go to Macintosh HD > Library > Internet Plug-Ins folder and remove/delete any of following items if they are present:
    • JavaAppletPlugin.plugin (alias/shortcut)
    • JavaAppletPlugin.plugin
    • JavaPluginCocoa.bundle
  2. Go to Macintosh HD > Users > your home directory > Library > Internet Plug-Ins folder too and remove/delete any of the above items if they are present.
NOTE: If there are multiple users on your computer you should remove the plug-in from each user account's Library.
NOTE: If you have OS X 10.7 or later your user Library folder is hidden. It can be accessed by going to the Go menu > Library while holding down the alt (option) key.

Internet Plug-Ins / Video Codecs

There are many internet plug-ins/video codecs available with some of the most popular being:
  • Adobe Flash
  • Adobe Shockwave
  • Adobe PDF viewer
  • Perian - Discontinued in 2012
  • Flip4Mac WMV components
  • iPhoto Photocast
  • Microsoft Silverlight
  • Microsoft Sharepoint
  • Microsoft Office Live
  • Apple QuickTime (part of the OS X operating system) - as of 10th December 2015 the QuickTime internet plug-in is no longer supported/updated. The latest security updates for OS X 10.9 or later should automatically disable the plugin. If you are running OS X 10.8 or earlier or you want to manually disable the plug-in go to Macintosh HD > Library > Internet Plug-Ins and disable/move/delete "nsIQTScriptablePlugin.xpt" and "QuickTime Plugin.plugin"
  • Real Player
  • Java - see our separate article on Java
However they are a very common attack vector/huge security risk so: You can also check most plug-in versions using the Mozilla plug-in check web site:
We can check your plugins and stuff
Controlling Plug-Ins In Your Web Browsers
  • Apple Safari - open Safari > go to Safari menu > Preferences… > Security tab > tick/untick "Enable plug-ins"
  • Camino - hidden preferences [WARNING: discontinued 31/05/2013]
  • Google Chrome - open Google Chrome > go to Chrome menu > Preferences… > click "+ Show Advanced Settings" > click the "Content settings" button under the 'Privacy heading' > under the 'Plug-ins' heading choose either "Run automatically (recommended)", "Click to play", "Block All" or click the "Manage exceptions" button or the "Disable individual plug-ins" and configure as required (the latter is also used for enabling individual plug-ins)
  • Chromium - open Chromium > go to Chromium menu > Preferences… > click "+ Show Advanced Settings" > click the "Content settings" button under the 'Privacy heading' > under the 'Plug-ins' heading choose either "Run automatically (recommended)", "Click to play", "Block All" or click the "Manage exceptions" button or the "Disable individual plug-ins" and configure as required (the latter is also used for enabling individual plug-ins)
  • Mozilla Firefox - open Firefox > go to Tools menu > Add-ons > click "Plugins" on the left > click "Enable" or "Disable" for plug-ins as required
  • iCab - open iCab > go to iCab menu > Preferences… > Plug-ins icon > tick/untick "Use Plug-ins for embedded data (Flash, Quicktime, …)" or tick/untick plug-ins as required
  • Omniweb - open Omniweb > go to Omniweb menu > Preferences… > Plug-ins icon > tick/untick plug-ins as required
  • Opera - open Opera > go to Tools menu > Advanced > Plug-Ins > tick/untick "Enable plug-ins" or click "Enable" or "Disable" for plug-ins as required
  • Seamonkey - open Seamonkey > go to Seamonkey menu > Preferences… > select "Scripts & Plugins" on the left under the 'Advanced' heading > tick/untick "Enable Plugins for Suite"
  • Stainless - open Stainless > go to Stainless menu > Preferences… > Security tab > tick/untick "Enable plug-ins"
  • Sunrise - open Sunrise > go to Sunrise menu > Preferences… > tick/untick "Enable plug-ins" under the 'Security' heading
  • TenFourFox - plug-ins are not supported

Email

Email is a direct attack vector so should always be used with caution especially when receiving emails from unknown senders or emails with attachments.
Spam
Consider using a spam blocker in your email client: Some email clients include Anti-Spam filtering:
  • Apple Mail - go to Mail menu > Preferences > Junk Mail
  • Microsoft Entourage for Mac - go to Tools menu > Junk E-Mail Protection…
  • Microsoft Outlook for Mac - go to Tools menu > Junk E-Mail Protection…
  • Mozilla Thunderbird - go to Thunderbird menu > Preferences > Security > Junk tab
NOTE: Some email servers/providers offer spam filtering at the server level.
Confidential Information
Don't send confidential information e.g. personal or financial information via email unless you are using encrypted (SSL) email. Email is normally sent between your computer and the email server using clear text which means it can be intercepted and used (against you).
Don't send confidential information e.g. personal or financial information via attachments unless you encrypt the files first.
Attachments and links in emails
See our separate article on Malware, Social Engineering and Scams.

Instant Messaging

Instant messaging software such as iChat/Messages, AIM, Yahoo Messenger, MSN/Microsoft Messenger and Skype are common attack vectors. Make sure you are running the most up to date version of the software and be very wary of clicking on accepting messages from unknown users, clicking on any links or pictures in the message window.
NOTE: As of July 2014 all prior versions to Skype 6.15 no longer work and are not supported. Skype 6.15 or later requires OS X 10.9 Mavericks or later.

Virtual Private Network (VPN)

Virtual Private Networks are a way of connecting directly to a computer or network of your choice securely. You set up a VPN server on the computer or network and then create a VPN connection on your computer to that computer or network. They can also be used when connecting to the internet via a free/public/unsecured wireless / Wi-Fi network. You can pay for a VPN service but note that these services only protect your network traffic from your computer to their server (wherever it is located) and after that the network traffic may be insecure - however, this is usually better than nothing/not using such a service on a free/public/unsecured wireless / Wi-Fi network!
VPN Servers
Some high end hardware routers/ADSL modems e.g. DrayTek feature VPN servers otherwise software based VPN servers are available:
VPN Clients
OS X has powerful VPN client functionality built-in. Otherwise third parties offer their own VPN client solutions:
VPN Services
Ideal when using a free/public/unsecured wireless / Wi-Fi network: --> Below is a small list of VPN providers - they are listed as is with no specific recommendation or ranking: If you want a more complete list along with dedicated information to enable you to make a choice/decision on which VPN provider to use we recommend consulting the That One Privacy Guy's VPN Comparison Chart.

Article Keywords: Macintosh Mac OS X OSX macOS Security

This article is © MacStrategy » a trading name of Burning Helix. Apple, the Apple logo, and Mac are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.


If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.

Go to this
web page
to donate to us.