Mac Security Article #2 - Software

Article ID = 82
Article Title = Mac Security Article #2 - Software
Article Author(s) = Graham Needham (BH)
Article Created On = 25th May 2012
Article Last Updated = 26th July 2016
Article URL = https://www.macstrategy.com/article.php?82

Article Brief Description:
Software security recommendations for your Mac computer

Security - Software

This article has the following sections:

Software Installation
Apple Software
Third Party Software
Internet Software
Media Players
Anti-Virus Software

It is number two in a series of MacStrategy security articles.

Software Installation

Software can be installed in three different ways on a Mac computer:

Running an installer
Dragging and dropping the application
Silently, in the background with no visual indication

The important thing to know is that any of these can happen without you invoking the action. However, with macOS / OS X / Mac OS X it is very difficult for any software to be installed into the "system" without the need for an administrator's user name and password. However, software/files can easily be installed into your user area (home directory) e.g. the "Library". So what can you do to secure software installations? Here is a handy list of tips:

Take heed of all MacStrategy's security recommendations.
Be aware of why your computer is asking for an administrator's user name and password - if you're not sure click "Cancel".
Read stuff that appears on screen, don't ever blindly click "OK", "Install" or "I Accept", etc.
Be aware of what you are installing - always try to get software installers from the official developer's company web/support site. Only use reputable web sites that link to official company web sites like us (MacStrategy). Do not use download aggregation sites like CNET, Downloads.com, MacUpdate, etc as they often bundle adware/malware as an unofficial installer!
Get important software (security) updates by using the official developer's company web/support site.
Don't install (pirated) software from the internet/torrent sites - apart from it being illegal it usually has malware included in the installer!
Don't download software using peer-to-peer (P2P) networks e.g. torrents (e.g. BitTorrent, Vuze, Azereus, Transmission) or Limewire/Gnutella (e.g. Acquisition, Acqlite, Cabos).
Think before you install and pay attention to what is happening on screen.
If you run Mac OS X 10.6.6 or later consider buying software only from the Mac App Store.
Turn on the file extension display - click on the desktop / go to Finder menu > Preferences > Advanced tab > tick "Show all filename extensions".
Consider what you are double clicking - if you are double clicking what is supposed to be a "picture" and it is asking for your user name and password then clearly something is wrong - cancel and delete the file.
When you download an application from the internet and try to open it for the first time macOS / OS X / Mac OS X will warn you that it was downloaded and you must confirm whether you want to open it.
Run Anti-Virus Software.

Gatekeeper in OS X 10.8 Mountain Lion or later

OS X 10.8 and later includes a software checking technology called Gatekeeper. There's a good article about identified developers and signing apps on Panic's web site.

System Integrity Protection (SIP) in OS X 10.11 El Capitan or later

OS X 10.11 and later includes a security technology called System Integrity Protection (SIP) that prevents installers installing items into important areas of the system.

Use A Non-Administrator User Account For Day To Day Activities

By using a standard user account for most of your work if your Mac is attacked the attack or attacker will only have access to the standard user account areas (which is not much). All other areas will be off limits without requesting an administrator user name and password which, when the request pops up will be a clear warning something is wrong so you can cancel, log out and troubleshoot what happened. To create a standard user account:

Go to Apple Menu > System Preferences > Accounts or Users & Groups
If the padlock icon in the bottom left is locked click on it to unlock it (enter your administrator user name and password)
Click the "+" button in the bottom left corner
Select "Administrator" from the 'New Account' pop-up menu
Enter the details as required setting a strong password for "New password" (remember you can use the Password Assistant here by clicking on the key icon)
Click the "Create User" button
Select your current account on the left (which should currently be set as an Administrator) and untick the "Allow user to administer this computer" option on the right.
Make sure your current account has a strong password
Go to Apple menu > Log Out
Log in as a standard user

Apple Software

As Apple creates the operating system for your Macintosh computer it is vitally important to keep you operating system up to date. Apple also includes software products and components that are common attack vectors e.g. Safari web browser, QuickTime and iTunes. We have written an article about keeping your Apple software up-to-date.

Third Party Software

A lot of malicious attacks will attempt to compromise your computer by way of (common) third party software usually by utilising a specially created bad file or document. Therefore common document formats that are known to be used as attack vectors are:

Adobe PDF (.pdf)
Word (.doc / .docx)
Excel (.xls / .xlsx)
PowerPoint (.ppt / .pptx)
JPEG pictures (.jpg / .jpeg)
MPEG audio/video files (.mp3 / .mpg / .mpeg / .mp4 / .m4a / .m4v)

This is why you should always be very wary of receiving any documents or files (especially as email attachements/internet downloads) where you do not know the source of the documents. You should always try and keep your third party software up to date. Unfortunately there is an increasingly disturbing trend to obsolete/not update older versions of software that are not actually that old (less than two years) and this is even for very expensive software - one such naughty company is Adobe. Even Apple has started doing this with OS X 10.8 Mountain Lion in 2012. We have written articles on keeping some common third party software products up-to-date:

Internet Software

Please see our separate Networking/Internet security article

Media Players

A common attack vector is malicious media files for media players. Always use reputable media players (like those listed below) and keep them up-to-date:

QuickTime Player (in Macintosh HD > Applications) [part of the macOS / OS X / Mac OS X operating system]

As of 10th December 2015 the QuickTime internet plug-in is no longer supported/updated. The latest security updates for OS X 10.9 or later should automatically disable the plugin. If you are running OS X 10.8 or earlier or you want to manually disable the plug-in go to Macintosh HD > Library > Internet Plug-Ins and disable/move/delete "nsIQTScriptablePlugin.xpt" and "QuickTime Plugin.plugin".

Up to date QuickTime is no longer supported on Apple PowerPC computers or any Mac with OS X 10.9.5 or earlier. If you still use a PowerPC computer/OS X 10.9.5 or earlier go to Macintosh HD > Library > Internet Plug-Ins and disable/move/delete "nsIQTScriptablePlugin.xpt", "QuickTime Plugin.plugin" and "QuickTime Plugin.webplugin". Don't use, archive or delete the QuickTime Player application and use an alternative media player.

Check for an update now: Go to Apple menu > App Store… > click the "Updates" icon in the top right
Turn on Automatic Updates: Go to Apple menu > System Preferences > App Store > tick "Automatically check for Updates" and tick all the boxes underneath that heading.
~~Download updates manually from the Apple QuickTime download page.~~ - updates can no longer be downloaded manually

VLC - the best universal media player
Telestream Flip4Mac WMV Player
RealPlayer

Anti-Virus Software For Macintosh Computers

Bitdefender Virus Scanner for Mac
Bitdefender Virus Scanner Plus
AntiVirus by Max Secure
Max Total Security with Anti-Virus
PocketBits BitMedic AntiVirus - Malware & Adware Security
AntiVirus Sentinel Pro - Adware & Virus Scanner - Network Monitor & Protection
Globalus AntiVirus Security Scanner - Privacy Protection, Network Safety, Virus Detection
Trend Micro Antivirus (aka Dr. Safety)
AVG AntiVirus for Mac
Avast! Antivirus for Mac
Intego VirusBarrier X
Sophos Anti-Virus for Mac Home Edition
Kaspersky Virus Scanner for Mac
ClamXav (no longer free + not available in the UK Mac App Store)
Avira Free Mac Security
Intego VirusBarrier Express for Mac (not available in the UK Mac App Store)
Intego VirusBarrier Plus for Mac (not available in the UK Mac App Store)
Symantec Norton iAntivirus for Mac (not available in the UK Mac App Store)
BitdefenderAntivirus for Mac
BitdefenderAntivirus for Mac & PC
Comodo Antivirus for Mac
Symantec Norton AntiVirus for Mac
Symantec Norton Internet Security for Mac
Symantec Norton One (protect five devices of your choice)
Kaspersky Antivirus for Mac (you probably want to avoid this software)

NOTE: A lot of anti-virus software is free for "home" or "non-commercial" use, otherwise there is an upfront license cost to pay plus possibly a monthly/yearly subscription - please check your licensing requirements and the possible ongoing costs before making any purchases.

Article Keywords: Mac OS X OSX 106 107 108 109 1010 1011 macOS 1012 1013 Snow Leopard Lion Mountain Lion Mavericks Yosemite El Capitan Sierra High Sierra Macintosh Security applications apps browers email

This article is © MacStrategy » a trading name of Burning Helix. Apple, the Apple logo, and Mac are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.

If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.

If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.

Go to this
web page
to donate to us.