Mac Security Article #6 - Networking/Internet/Online Shopping
Article ID = 86Article Title = Mac Security Article #6 - Networking/Internet/Online Shopping
Article Author(s) = Graham Needham (BH)
Article Created On = 11th July 2012
Article Last Updated = 8th March 2021
Article URL = https://www.macstrategy.com/article.php?86
Article Brief Description:
Recommendations for staying secure when using a network/the internet/online shopping.
Networking/Internet/Online Shopping Security
This article has the following sections:- Mac Networking
- Wireless / Wi-Fi Networking
- Browsing The Web
- Online Shopping
- Web Technologies To Be Aware Of
- Internet Plug-Ins and Video Codecs
- Instant Messaging
- Virtual Private Network (VPN)
Mac Networking
We recommend the following:- Where possible turn off (untick) and do not use any of the macOS sharing features (Apple menu > System Preferences > Sharing):
- DVD or CD Sharing
- Screen sharing
- File Sharing
- Printer Sharing/li>
- Scanner Sharing
- Web Sharing
- Remote Login
- Remote Management
- Remote Apple Events
- Xgrid Sharing
- Internet Sharing
- Bluetooth Sharing
- Turn on and configure the macOS Firewall (Apple menu > System Preferences > Security > Firewall tab)
- Turn off iTunes sharing (iTunes Preferences > Sharing tab > untick "Share my library on my local network")
- Turn off iTunes Home Sharing
- Turn off iPhoto sharing (iPhoto Preferences > Sharing tab > untick "Share my photos")
- Turn off Photos sharing (Photos Preferences > iCloud > untick features not needed)
- Where possible only connect your Mac to the local network using a physical ethernet cable
- Turn off unused networking services - in Mac OS X 10.5 or later go to Apple menu > System Preferences > Network > select the service on the left that you don't use and click the "-" button in the bottom left e.g.
- Wi-Fi
- FireWire
- Bluetooth DUN
- Internal Modem
- IrDA
- Network > optional DNS settings - for each required network port on the left:
- Select the network port on the left
- Click the "Advanced…" button the right
- Click the "DNS" tab
- Under 'DNS Servers' click the "+" button at the bottom
- If not already in the list, add the DNS servers "1.1.1.1" and "1.0.0.1"
- If necessary click and drag "1.1.1.1" and "1.0.0.1" to first and second in the list
- See Announcing 1.1.1.1: the fastest, privacy-first consumer DNS service for more information about DNS privacy
Wireless / Wi-Fi Networking
If you don't use wireless / Wi-Fi Networking turn off Wi-Fi - either:- go to Apple menu > System Preferences > Network > select Wi-Fi on the left and click the "Turn Wi-Fi Off" button on the right (this also helps with battery life)
- or, in Mac OS X 10.5 or later go to Apple menu > System Preferences > Network > select Wi-Fi on the left and click the "-" button in the bottom left
- WPA-2 (WPA2-PSK with AES encryption)
- WPA-2 (Enterprise)
- RADIUS
Do not use the following security protocols as they are all broken:
- WEP
- WPA-1 (TKIP)
- WPA-1/WPA-2 mixed mode
Browsing The Web
Follow our recommendations listed here:- Only use a recommended web browser.
- Be very careful when browsing web sites that you are not familiar with.
- Always read carefully any messages the web browser may give you.
- Set your browser's security settings
- Only download items from "trusted" web sites.
- Keep your web browser up-to-date.
- Read our article about storing user names and passwords with a web browser.
- If you use Apple's Safari go to Safari menu > Preferences… > General tab > untick 'Open "safe" files after downloading'
- Mac OS X 10.5 and later uses file quarantining technology when downloading files from the internet using Apple applications e.g. Safari, iChat/Messages and Mail - read up on what it does and how it works.
Recommended Web Browsers
If you are not running the latest versions of macOS please also see our article on running an older operating system.
Q. What are the current, supported versions of macOS?
A. macOS 15 (Sequoia), macOS 14 (Sonoma), and macOS 13 (Ventura) are supported by Apple. The latest security updates are:
- macOS 15.0 - included in the macOS 15.0 Installer (or go to Apple menu > System Settings > General > Software Update and install the 14.7 update)
- macOS 14.7 - included in the macOS 14.7 Installer (or go to Apple menu > System Settings > General > Software Update and install the 13.7 update + latest Safari update - scroll to the very bottom of Software Update and click the blue "More info" link under "Other updates are available" or "Another update is available")
- macOS 13.7 - included in the macOS 13.7 Installer (or go to Apple menu > System Preferences > Software Update and install the 12.7.6 update + latest Safari update - click the blue "More info" link under "Other updates are available" or "Another update is available")
- SECURITY WARNING: macOS 12 and earlier are no longer supported with security updates - see our securing older operating systems article.
Q. How can I tell which version of macOS / OS X / Mac OS X I am running?
A. Go to Apple menu (top left) > About This Mac > check the version reported for macOS / OS X / Mac OS X.Web Browsers For The Current Versions Of macOS
- Apple Safari (included with macOS)
- Mozilla Firefox
- Chromium
- Google Chrome
- Microsoft Edge
--------
- Opera
- Brave
- Vivaldi
- Yandex
- iCab
- Seamonkey (does not have an Apple signed developer certificate)
- Omniweb (Version 6 in beta testing)
--------
tenFOUR Fox (for older PowerPC based computers) - end of life on 7th September 2021
Citrio - no updates since 2015
Camino - development discontinued on 31/05/2013
Sunrise - no updates since 2012
Stainless - no updates since 2011
Microsoft Internet Explorer - no longer supported on/updated for Apple Macintosh computers
The following browsers are highly recommended for use due to their regular updates and focus on security:
- Mozilla Firefox
- Apple Safari (but there are potential privacy issues with this browser)
- Chromium (but make sure you install and use a Chromium Updater)
- Google Chrome (but there are potential privacy issues with this browser)
- Microsoft Edge
The following browsers are not recommended for use due to the security reasons given below:
- Vivaldi - cannot configure JavaScript
- Yandex - cannot configure JavaScript and poor plug-in preference handling
- iCab - poor security features
- Omniweb - awkward plug-in handling / beta software
Web Browser Security Options/Settings
Click on the browser name to see its security options/settings:
- Apple Safari
- Mozilla Firefox
- Chromium
- Google Chrome
- Microsoft Edge
- Opera
- Vivaldi
- Brave
- Yandex
- iCab
- Seamonkey
- Omniweb
Apple Safari
- Go to Safari menu > Preferences… > General tab > UNTICK 'Open "safe" files after downloading'
- Go to Safari menu > Preferences… > Security tab > TICK "Warn when visiting a fraudulent website"
- Go to Safari menu > Preferences… > Security tab > TICK "Block pop-up windows"
- Go to Safari menu > Preferences… > Privacy tab > configure cookies and location services as required
- Go to Safari menu > Preferences… > Extensions tab > switch "OFF" or configure as required
- Go to Safari menu > Preferences… > Advanced tab > for 'Smart Search Field:' TICK "Show full website address"
Google Chrome
- Go to Chrome menu > Preferences… > click "Advanced ↓" > configure the settings under 'Privacy and Security' as required e.g. switch ON "Protect you and your device from dangerous sites"
Chromium
- Go to Chromium menu > Preferences… > click "Advanced ↓" > configure the settings under 'Privacy and Security' as required e.g. switch ON "Protect you and your device from dangerous sites"
Mozilla Firefox v57 or later
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Permissions' heading > set Location, Camera, Microphone and Notifications settings as required
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Permissions' heading > TICK "Block pop-up windows"
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Permissions' heading > TICK "Warn you when web sites try to install add-ons"
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Permissions' heading > TICK "Prevent accessibility services from accessing your browser" if accessibility services are not needed (browser restsart required)
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Security' heading > set 'When a server requests your personal certificate' to "Ask you every time"
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Security' heading > TICK "Query OCSP responder servers to confirm the current validity of certificates"
Mozilla Firefox v56.0.2 or earlier
- Go to Firefox menu > Preferences… > Content > TICK "Block popup windows"
- Go to Firefox menu > Preferences… > Security > TICK "Warn you when sites try to install add-ons"
- Go to Firefox menu > Preferences… > Security > TICK "Block dangerous and deceptive content" with both "Block dangerous downloads" and "Warn you about unwanted and uncommon software" TICKED
iCab
- Go to iCab menu > Preferences… > Security icon > set 'International Domain Names (IDN)' to "Show IDNs with secure letters and from the list"
Omniweb
- Go to Omniweb menu > Preferences… > Download icon > UNTICK 'Open files in "safe" applications'
- Go to Omniweb menu > Preferences… > Ad Blocking icon > select "Always" from the 'Block pop-up windows' pop-up menu
Opera
- Go to Opera menu > Preferences… > TICK "Show advanced settings" in the bottom left > select "Privacy and security" on the left > configure the settings as required e.g. TICK "Protect me from malicious sties" under the 'Privacy' heading
Seamonkey
- Go to Seamonkey menu > Preferences… > select 'Privacy & Security' on the left > TICK "Block reported attack sites (malware, viruses)"
- Go to Seamonkey menu > Preferences… > select 'Privacy & Security' on the left > TICK "Block reported web forgeries (phishing)"
- Go to Seamonkey menu > Preferences… > under 'Privacy & Security' on the left select "Popup windows" > TICK "Block unrequested popup windows"
Maxthon
- TO BE CONFIRMED
Yandex
- Go to Yandex menu > Preferences > Settings tab > click "Show advanced settings" > go to "Network" heading > TICK "Secure your network connection when connecting to public Wi-Fi networks"
- Go to Yandex menu > Preferences > Settings tab > click "Show advanced settings" > go to "Network" heading > TICK "Use a DNS server with DNSCrypt encryption"
- Go to Yandex menu > Preferences > Protect tab > TICK "Enable protection from malicious websites and programs"
- Go to Yandex menu > Preferences > Protect tab > TICK "Enable phishing protection"
- Go to Yandex menu > Preferences > Protect tab > TICK "Protect bank cards from phishing"
- Go to Yandex menu > Preferences > Protect tab > TICK "Open online banking and payment system pages in Protected mode"
Brave
- Go to Brave menu > Preferences… > select 'Shields' on the left > set 'Ad Control' to "Block Ads"
- Go to Brave menu > Preferences… > select 'Shields' on the left > switch ON "HTTPS Everywhere"
- Go to Brave menu > Preferences… > select 'Shields' on the left > switch ON "Block Phishing/Malware"
Vivaldi
- Go to Brave menu > Preferences… > select 'Privacy' on the left > Third Party Services > TICK "Google Phishing and Malware Protection"
tenFOUR Fox
- Go to TenFourFox menu > Preferences… > Content tab > TICK "Block popup windows"
- Go to TenFourFox menu > Preferences… > Security tab > TICK "Warn me when sites try to install add-ons"
- Go to TenFourFox menu > Preferences… > Security tab > TICK "Block reported attack sites"
- Go to TenFourFox menu > Preferences… > Security tab > TICK "Block reported web forgeries"
- Go to TenFourFox menu > Preferences… > Advanced tab > Encryption tab > TICK "Use SSL 3.0" and TICK "Use TLS 1.0"
Secure Web Sites (HTTPS)
Whenever you are transferring personal information especially financial transactions make sure your web browser is connected securely to the web site in question. If it isn't don't enter personal/financial details.
How To Tell if Your Web Browser Is Connected Securely
- Apple Safari - URL text (to the left) coloured green + closed/locked padlock icon to the left of the URL area
- Google Chrome - URL text to the left coloured green + closed/locked padlock icon to the left of the URL area
- Chromium - URL text to the left coloured green + closed/locked padlock icon to the left of the URL area
- Mozilla Firefox - URL text to the left coloured green + closed/locked padlock icon to the left of the URL area
- iCab - background colour of URL area turns green
- Omniweb - closed/locked padlock icon in the bottom right of the window
- Opera - URL text to the left coloured green + closed/locked padlock icon to the left of the URL area
- Seamonkey - background colour of URL area turns yellow
- Maxthon - TO BE CONFIRMED
- Yandex - URL text to the left coloured green + closed/locked padlock icon to the right of the URL area
- Brave - closed/locked padlock icon to the left of the URL area
- Vivaldi - URL text to the left coloured green + background area to the left coloured green + closed/locked padlock icon to the left of the URL area
- tenFOUR Fox - address to the left coloured (green or blue)
NOTE: If you get a warning that a security "certificate" is not right or out of date do not use the web site! - if you need to use the site urgently contact them (preferably by phone) to let them know there is a problem with their security certificate.
Online Shopping (from the UK)
Follow these recommendations from official UK government web sites:
- Only use a recommended web browser.
- Set your browser's security settings
- Keep your web browser up-to-date.
- Be careful when you give your credit or debit card details on the Internet - make sure the connection is secure.
- The trader must give their name and a geographical address, not just a PO Box number, and not
just their e-mail address. They must also fully describe the goods for sale and orders must be
confirmed in writing (usually via email).
- As with any other type of purchase, shop around for the best deals and prices. In most cases,
you are entitled to a seven working day cancellation period where you can change your mind (the
Distance Selling Regulations), but this usually does not apply to 'auction' sites. You should always
read the terms and conditions carefully before buying.
- Watch out for high postage rates and for other hidden costs, such as VAT and other duty payable,
particularly if goods are being sent from abroad.
- Try to get personal recommendations for companies you have not done business with before.
Alternatively, you can get help and advice from specialist organisations, such as Trust UK. Trust UK
is an organisation endorsed by the UK government which enables consumers to buy online with
confidence.
- Remember, goods being sent from abroad may take some time to be delivered. Check with the trader
how long this will take, and set a delivery date that you must have them by, if that is important.
Where no delivery date has been agreed, delivery must be within thirty days. Goods and services
ordered from UK and European Countries will be covered by the Distance Selling Regulations.
- Check what the company's policy is on returning goods that you don't like or have changed your
mind about, and find out who pays for the return postage. If they have come from abroad, you may be
faced with a hefty postage bill to return them. Refunds must be made within thirty days.
- On the subject of buying from abroad, remember that if you have problems such as faulty goods or
non-delivery, it might be very difficult to get your complaint dealt with. Although your contract
will probably be covered by UK law - allowing you to sue in your local court - getting money out of
a company based abroad may be impractical. If possible, pay by credit card as this may give you
additional protection in some circumstances.
- For that reason, be wary of buying very expensive items from companies outside the UK or Europe
unless you know them well - that way, if things do go wrong, you limit the risk.
- Most importantly, print out the order, and keep any terms and conditions that appear on the web site, just in case of any disputes or problems later on.
Web Technologies To Be Aware Of
- JavaScript (see below)
- Java (see below)
- Internet Plug-Ins and Video Codecs
JavaScript
JavaScript (not to be confused with Java) is a scripting language that can automate tasks for your web browser, you or more importantly for the web site you are visiting. However, it is very powerful and it has the power to be very malicious. Unfortunately lots of web sites require it to be turned on. It is possible to turn this technology off but some web sites may not work properly if you do:
Controlling JavaScript In Your Web Browsers
- Apple Safari - open Safari > go to Safari menu > Preferences… > Security tab > for 'Web content:' tick/untick "Enable JavaScript"
- Google Chrome - open Google Chrome > go to Chrome menu > Preferences… > click "Advanced ↓"" > click "Content settings" under the 'Privacy and security' heading > click 'JavaScript' > configure as required
- Chromium - open Chromium > go to Chromium menu > Preferences… > click "Advanced ↓"" > click "Content settings" under the 'Privacy and security' heading > click 'JavaScript' > configure as required
- Mozilla Firefox - can only be configured/switched off manually
- iCab - open iCab > go to iCab menu > Preferences… > JavaScript icon > tick/untick "Enable JavaScript"
- Omniweb - open Omniweb > go to Omniweb menu > Preferences… > Security icon > tick/untick "Enable JavaScript"
- Opera - open Opera > go to Opera menu > Preferences… > select "Websites" on the left > under the 'JavaScript' heading tick/untick "Allow all sites to run JavaScript (recommended)"
- Seamonkey - open Seamonkey > go to Seamonkey menu > Preferences… > select "Scripts & Plugins" on the left under the 'Advanced' heading > tick/untick "Enable JavaScript for" 'Browser'
- Maxthon - TO BE CONFIRMED
- Yandex - cannot be configured
- Brave - open Brave > go to Brave menu > Preferences… > select 'Shields' on the left > switch ON "Block Scripts (will break many sites)"
- Vivaldi - cannot be configured
- tenFOUR Fox - open TenFourFox > go to TenFourFox menu > Preferences… > Security tab > tick/untick "Enable JavaScript"
Java
Java (not to be confused with JavaScript) is a programming language which can run software on your computer directly in your browser simply by visiting a web site. It has recently been targeted for attack on the Mac platform. Once a Java "applet" is running it is extremely powerful and it has the power to be very malicious. Thankfully lots of web sites don't use it and it is possible to turn this technology off:
Java Security for Mac Users > How To Disable/Secure Java
Java SE v6 and earlier are end of life and are no longer supported/updated. If you are running Mac OS X 10.6 or earlier you are recommended to disable Java and read up on securing older operating systems.
Q. How can I tell which version of macOS / OS X / Mac OS X I am running?
A. Go to Apple menu (top left) > About This Mac > check the version reported for macOS / OS X / Mac OS X.
Securing/Disabling Java SE in OS X 10.7 or later
- Go to Apple menu > System Preferences > Java > (the Java Control Panel will open separately) > Security tab
- If the Java preference pane does not exist you do not have Java SE v7 or later installed. Go to the disabling Java SE v6 instructions below.
- If you have a Java preference pane and the Java Control Panel opens separately go to the "Security" tab in the control panel. If there is no Security tab you have an old version of Java SE v7 installed - update Java SE v7 first, then come back to these instructions.
- Set the 'Security Level' slider to "Very High".
- If you don't use Java untick "Enable Java content in the Browser".
- If you do use Java click "Advanced Security Settings" and configure as required for your Java usage.
- Now go to the 'Update' tab and tick "Check for Updates Automatically".
- Now go to the 'General' tab, click "Settings…" under 'Temporary Internet Files' and untick "Keep temporary files on my computer" and click "Delete Files…". Click "OK".
- You are now also recommended to switch off Java in your web browsers.
Disabling Java SE v6 in OS X 10.7 or later
- Go to Macintosh HD > Applications > Utilities > Java Preferences > General tab.
NOTE: If you get a message stating 'To open "Java Preferences," you need a Java SE 6 runtime. Would you like to install one now?' click "Not Now" (you do not have Java SE v6 installed - go to disabling the Java plug-in in your web browsers).
- Make sure no Java versions are ticked under "On".
- Then go to the 'Network' tab and untick "Keep temporary files for fast access" and click "Delete Files…". Click "OK".
- You are now also recommended to switch off Java in your web browsers.
NOTE: If you need Java and have installed Java Update 2012-006 or later from Apple you will have no Java Preferences in Applications > Utilities or a Java plug-in so you are recommended to install Java SE v7 to give you the most up to date Java RE, a Java plug-in and a Java Preferences pane in System Preferences.
Disabling Java SE v5/v6 in Mac OS X 10.5 or 10.6
NOTE: Java will not work at all including locally installed applications that may require it.
- Go to Macintosh HD > Applications > Utilities > Java Preferences > General tab.
- Make sure no Java versions are ticked under "On".
- Then go to the 'Network' tab and untick "Keep temporary files for fast access" and click "Delete Files…". Click "OK".
- You are now also recommended to switch off Java in your web browsers.
Disabling Java SE in Mac OS X 10.4 or earlier
You cannot switch off Java in Mac OS X 10.4 or earlier and there is no Java Preferences so make sure you delete any (Java plug-ins and also switch off Java in your web browsers.
Disabling the Java plug-in In Your Web Browsers
NOTE: Java applets will not work in your web browser but locally installed Java applications may still work (see disabling the Java Runtime Environment for your OS).
NOTE: You need to disable the Java plug-in for each and every web browser that you use/have installed.
- Apple Safari 12 or later (for macOS 10.12 or later) - Java is not supported (because NPAPI plug-ins are not supported)
- Apple Safari up to version 11 - open Safari > go to Safari menu > Preferences… > Security tab > click "Plug-in Settings…" > untick "Java" in the list on the left
- Apple Safari 5.1.9 (for Mac OS X 10.6) / 6.0.4 (for OS X 10.7/10.8) or later - open Safari > go to Safari menu > Preferences… > Security tab > untick "Allow Java" or you can tick it to enable it and you now have control of the Java plug-in for individual websites by clicking the "Manage Website Settings…" button
- Google Chrome - Java is not supported (because NPAPI plug-ins are not supported)
- Chromium - Java is not supported (because NPAPI plug-ins are not supported)
- Mozilla Firefox - Java is not supported (because NPAPI plug-ins are not supported)
- iCab - open iCab > go to iCab menu > Preferences… > Java icon > untick "Execute Java applets"
- Omniweb - open Omniweb > go to Omniweb menu > Preferences… > Security icon > untick "Enable Java"
- Opera - Java 7 or later is not supported - plug-ins cannot be disabled
- Seamonkey - open Seamonkey > go to Seamonkey menu > Preferences… > select "Scripts & Plugins" on the left under the 'Advanced' heading > untick "Enable Plugins for Suite"
- Maxthon - TO BE CONFIRMED
- Yandex - Java is not supported (because NPAPI plug-ins are not supported)
- Brave - Java is not supported (because NPAPI plug-ins are not supported)
- Vivaldi - Java is not supported (because NPAPI plug-ins are not supported)
- tenFOUR Fox - Java is not supported (because plug-ins are not supported)
REMOVING THE JAVA PLUG-IN FROM YOUR OS
NOTE: Java applets will not work in your web browser and they never will until you reinstall Java. Only follow these instructions if you will never use Java on the internet. If you are unsure simply switch off Java in all your web browsers.
- Go to Macintosh HD > Library > Internet Plug-Ins folder and remove/delete any of following items if they are present:
- JavaAppletPlugin.plugin (alias/shortcut)
- JavaAppletPlugin.plugin
- JavaPluginCocoa.bundle
- Go to Macintosh HD > Users > your home directory > Library > Internet Plug-Ins folder too and remove/delete any of the above items if they are present.
NOTE: If there are multiple users on your computer you should remove the plug-in from each user account's Library.
NOTE: If you have OS X 10.7 or later your user Library folder is hidden. It can be accessed by going to the Go menu > Library while holding down the alt (option) key.
Internet Plug-Ins / Video Codecs
There are many internet plug-ins/video codecs available with some of the most popular being:
- Adobe Flash
- Adobe Shockwave
- Adobe PDF viewer
- Perian - Discontinued in 2012
- Flip4Mac WMV components
- iPhoto Photocast
- Microsoft Silverlight
- Microsoft Sharepoint
- Microsoft Office Live
- Apple QuickTime (part of the macOS operating system) - as of 10th December 2015 the QuickTime internet plug-in is no longer supported/updated. The latest security updates for OS X 10.9 or later should automatically disable the plugin. If you are running OS X 10.8 or earlier or you want to manually disable the plug-in go to Macintosh HD > Library > Internet Plug-Ins and disable/move/delete "nsIQTScriptablePlugin.xpt" and "QuickTime Plugin.plugin"
- Real Player
- Java - see our separate article on Java
However they are a very common attack vector/huge security risk so:
- Keep your plug-ins up-to-date
- Consider removing or disabling plug-ins you don't use
- Consider using plug-in blockers like:
- ClickToPlugin (Flash blocker for Safari)
- FlashBlock (Flash blocker for Firefox)
- FlashBlock (Flash blocker for Chrome)
Controlling Plug-Ins In Your Web Browsers
- Apple Safari - open Safari > go to Safari menu > Preferences… > Security tab > tick/untick "Allow Plug-ins" or click "Plug-in settings…" and configure accordingly
- Google Chrome - [only the Flash plug-in is supported] open Google Chrome > go to Chrome menu > Preferences… > click "Advanced ↓"" > click "Content settings" under the 'Privacy and security' heading > click 'Flash' > configure as required
- Google Chrome - [only the Flash plug-in is supported] open Chromium > go to Chromium menu > Preferences… > click "Advanced ↓"" > click "Content settings" under the 'Privacy and security' heading > click 'Flash' > configure as required
- Mozilla Firefox - open Firefox > go to Tools menu > Add-ons > click "Plugins" on the left > configure plug-ins listed on the right as required
- iCab - open iCab > go to iCab menu > Preferences… > Plug-ins icon > tick/untick "Use Plug-ins for embedded data (Flash, Quicktime, …)" or configure listed plug-ins as required
- Omniweb - open Omniweb > go to Omniweb menu > Preferences… > Plug-ins icon > tick/untick plug-ins as required
- Opera - [only the Flash plug-in is supported] open Opera > go to Opera menu > Preferences… > select "Websites" on the left > under the 'Flash' configure as required
- Seamonkey - open Seamonkey > go to Seamonkey menu > Preferences… > select "Scripts & Plugins" on the left under the 'Advanced' heading > tick/untick "Enable Plugins for" 'Suite'
- Maxthon - TO BE CONFIRMED
- Yandex - can only be configured/switched off manually
- Brave - [only the Flash plug-in is supported] open Brave > go to Brave menu > Preferences… > select 'Plugins' on the left > switch ON/OFF "Enable Adobe Flash Support"
- Vivaldi - [only the Flash plug-in is supported] open Vivaldi > go to Vivaldi menu > Preferences… > select 'Webpages' on the left > configure Flash accordingly under the "Flash Plugin" heading
- tenFOUR Fox - plug-ins are not supported
Email
Email is a direct attack vector so should always be used with caution especially when receiving emails from unknown senders or emails with attachments.
Spam
Consider using a spam blocker in your email client:
Some email clients include Anti-Spam filtering:
- Apple Mail - go to Mail menu > Preferences > Junk Mail
- Microsoft Entourage for Mac - go to Tools menu > Junk E-Mail Protection…
- Microsoft Outlook for Mac - go to Tools menu > Junk E-Mail Protection/Preferences…
- Mozilla Thunderbird - go to Thunderbird menu > Preferences > Security > Junk tab
NOTE: Some email servers/providers offer spam filtering at the server level before it even reaches your inbox/email client software.
Confidential Information
Don't send confidential information e.g. personal or financial information via email unless you are using encrypted (SSL) email. Email is normally sent between your computer and the email server using clear text which means it can be intercepted and used (against you).
Don't send confidential information e.g. personal or financial information via attachments unless you encrypt the files first.
Attachments and links in emails
See our separate article on Malware, Social Engineering and Scams.
Instant Messaging
Instant messaging software such as iChat/Messages, AIM, Yahoo Messenger, MSN/Microsoft Messenger and Skype are common attack vectors. Make sure you are running the most up to date version of the software and be very wary of clicking on accepting messages from unknown users, clicking on any links or pictures in the message window.
NOTE: As of 6th July 2017 Skype requires OS X 10.9 Mavericks or later.
NOTE: Yahoo Messenger discontinued on 17th July 2018
NOTE: AIM discontinued on 17th December 2017
NOTE: MSN/Microsoft Messenger shut down October 2014
Virtual Private Network (VPN)
Virtual Private Networks are a way of connecting directly to a computer or network of your choice securely. You set up a VPN server on the computer or network and then create a VPN connection on your computer to that computer or network. They can also be used when connecting to the internet via a free/public/unsecured wireless / Wi-Fi network. You can pay for a VPN service but note that these services only protect your network traffic from your computer to their server (wherever it is located) and after that the network traffic may be insecure - however, this is usually better than nothing/not using such a service on a free/public/unsecured wireless / Wi-Fi network!
VPN Services
Ideal when using a free/public/unsecured wireless / Wi-Fi network:
--> Below is a list of recommended VPN providers in no particular order:
- CyberGhost - Super-fast, zero logs, 6100+ servers, easy to use apps and friendly 24/7 customer support
- SurfShark - Protect unlimited devices with one account, military grade IP encryption, super cheap VPN
- NordVPN - Outstanding speeds, zero logs, unblock Netflix, custom VPN app for macOS, 24/7 support
- Ivacy - Great pick for streaming and P2P file sharing, superb VPN speeds and user friendly
- Private VPN - Superb privacy features, exceptional speeds and no usage logs, a truly Private VPN
- ZenMate VPN - Excellent VPN app for streaming and P2P file sharing, 100% private, cheap VPN
- ExpressVPN - The biggest name in the VPN industry, huge server base, blazing fast speeds, no logs
- HMA - Exceptional VPN speeds, impressive server network, unblock geo-restricted content
- Private Internet Access - Highly secure VPN with huge server network, protect 10 devices, advanced privacy
- Hotspot Shield - Fast and large server network, unblock your favourite content, complete IP encryption
- IPVanish - Hide your IP address, unblock restricted content, one of the fastest VPNs available
- Hide.Me - A great pick for advanced security, zero logs and great speeds, Hide your IP address
- Norton Secure VPN - Biggest name in cyber security, ideal for protecting yourself on public Wi-Fi
- Fastest VPN - Very fast VPN speeds, unblock all popular streaming, great server network
- PureVPN - Unblocks Netflix, BBC iPlayer etc, multiple VPN protocols, 2000+ VPN servers
- SaferVPN - Ideal for privacy conscious users, unblock geo-restricted content, zero usage logs
- StrongVPN - Bypass government censorship, protect 12 devices, 24/7 customer support
- Avast SecureLine VPN - Trustworthy VPN supplier, you can try for free for 30 days, unblocks Netflix
- Trust.Zone - Free 3 day VPN trial, unblocks Netflix and other popular content, zero logs
- ibVPN - Lots of security features, choice of VPN protocols, works on all popular devices
Some VPN service comparison sites include:
- CompareMyVPN
- That One Privacy Guy's VPN Comparison Chart
- thebestvpn.com - this comparison primarily relies on upload/download speeds plus logging policy
VPN Servers
Some high end hardware routers/ADSL modems e.g. DrayTek feature VPN servers otherwise software based VPN servers are available macOS:
- VPN Enabler
- VPN Server Configurator
- VPN-X Server
- iVPN
- EasyVPN
- TunnelBlick (open source Mac version of OpenVPN)
VPN Clients
macOS has powerful VPN client functionality built-in. Otherwise third parties offer their own VPN client solutions:
- Cisco VPN Client
- TunnelBlick (open source Mac version of OpenVPN)
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
Go to this
web page
to donate to us.
- Apple Safari
- Mozilla Firefox
- Chromium
- Google Chrome
- Microsoft Edge
- Opera
- Vivaldi
- Brave
- Yandex
- iCab
- Seamonkey
- Omniweb
Apple Safari
- Go to Safari menu > Preferences… > General tab > UNTICK 'Open "safe" files after downloading'
- Go to Safari menu > Preferences… > Security tab > TICK "Warn when visiting a fraudulent website"
- Go to Safari menu > Preferences… > Security tab > TICK "Block pop-up windows"
- Go to Safari menu > Preferences… > Privacy tab > configure cookies and location services as required
- Go to Safari menu > Preferences… > Extensions tab > switch "OFF" or configure as required
- Go to Safari menu > Preferences… > Advanced tab > for 'Smart Search Field:' TICK "Show full website address"
Google Chrome
- Go to Chrome menu > Preferences… > click "Advanced ↓" > configure the settings under 'Privacy and Security' as required e.g. switch ON "Protect you and your device from dangerous sites"
Chromium
- Go to Chromium menu > Preferences… > click "Advanced ↓" > configure the settings under 'Privacy and Security' as required e.g. switch ON "Protect you and your device from dangerous sites"
Mozilla Firefox v57 or later
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Permissions' heading > set Location, Camera, Microphone and Notifications settings as required
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Permissions' heading > TICK "Block pop-up windows"
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Permissions' heading > TICK "Warn you when web sites try to install add-ons"
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Permissions' heading > TICK "Prevent accessibility services from accessing your browser" if accessibility services are not needed (browser restsart required)
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Security' heading > set 'When a server requests your personal certificate' to "Ask you every time"
- Go to Firefox menu > Preferences… > click Privacy & Security on the left > under the 'Security' heading > TICK "Query OCSP responder servers to confirm the current validity of certificates"
Mozilla Firefox v56.0.2 or earlier
- Go to Firefox menu > Preferences… > Content > TICK "Block popup windows"
- Go to Firefox menu > Preferences… > Security > TICK "Warn you when sites try to install add-ons"
- Go to Firefox menu > Preferences… > Security > TICK "Block dangerous and deceptive content" with both "Block dangerous downloads" and "Warn you about unwanted and uncommon software" TICKED
iCab
- Go to iCab menu > Preferences… > Security icon > set 'International Domain Names (IDN)' to "Show IDNs with secure letters and from the list"
Omniweb
- Go to Omniweb menu > Preferences… > Download icon > UNTICK 'Open files in "safe" applications'
- Go to Omniweb menu > Preferences… > Ad Blocking icon > select "Always" from the 'Block pop-up windows' pop-up menu
Opera
- Go to Opera menu > Preferences… > TICK "Show advanced settings" in the bottom left > select "Privacy and security" on the left > configure the settings as required e.g. TICK "Protect me from malicious sties" under the 'Privacy' heading
Seamonkey
- Go to Seamonkey menu > Preferences… > select 'Privacy & Security' on the left > TICK "Block reported attack sites (malware, viruses)"
- Go to Seamonkey menu > Preferences… > select 'Privacy & Security' on the left > TICK "Block reported web forgeries (phishing)"
- Go to Seamonkey menu > Preferences… > under 'Privacy & Security' on the left select "Popup windows" > TICK "Block unrequested popup windows"
Maxthon
- TO BE CONFIRMED
Yandex
- Go to Yandex menu > Preferences > Settings tab > click "Show advanced settings" > go to "Network" heading > TICK "Secure your network connection when connecting to public Wi-Fi networks"
- Go to Yandex menu > Preferences > Settings tab > click "Show advanced settings" > go to "Network" heading > TICK "Use a DNS server with DNSCrypt encryption"
- Go to Yandex menu > Preferences > Protect tab > TICK "Enable protection from malicious websites and programs"
- Go to Yandex menu > Preferences > Protect tab > TICK "Enable phishing protection"
- Go to Yandex menu > Preferences > Protect tab > TICK "Protect bank cards from phishing"
- Go to Yandex menu > Preferences > Protect tab > TICK "Open online banking and payment system pages in Protected mode"
Brave
- Go to Brave menu > Preferences… > select 'Shields' on the left > set 'Ad Control' to "Block Ads"
- Go to Brave menu > Preferences… > select 'Shields' on the left > switch ON "HTTPS Everywhere"
- Go to Brave menu > Preferences… > select 'Shields' on the left > switch ON "Block Phishing/Malware"
Vivaldi
- Go to Brave menu > Preferences… > select 'Privacy' on the left > Third Party Services > TICK "Google Phishing and Malware Protection"
tenFOUR Fox
- Go to TenFourFox menu > Preferences… > Content tab > TICK "Block popup windows"
- Go to TenFourFox menu > Preferences… > Security tab > TICK "Warn me when sites try to install add-ons"
- Go to TenFourFox menu > Preferences… > Security tab > TICK "Block reported attack sites"
- Go to TenFourFox menu > Preferences… > Security tab > TICK "Block reported web forgeries"
- Go to TenFourFox menu > Preferences… > Advanced tab > Encryption tab > TICK "Use SSL 3.0" and TICK "Use TLS 1.0"
Secure Web Sites (HTTPS)
Whenever you are transferring personal information especially financial transactions make sure your web browser is connected securely to the web site in question. If it isn't don't enter personal/financial details.How To Tell if Your Web Browser Is Connected Securely
- Apple Safari - URL text (to the left) coloured green + closed/locked padlock icon to the left of the URL area
- Google Chrome - URL text to the left coloured green + closed/locked padlock icon to the left of the URL area
- Chromium - URL text to the left coloured green + closed/locked padlock icon to the left of the URL area
- Mozilla Firefox - URL text to the left coloured green + closed/locked padlock icon to the left of the URL area
- iCab - background colour of URL area turns green
- Omniweb - closed/locked padlock icon in the bottom right of the window
- Opera - URL text to the left coloured green + closed/locked padlock icon to the left of the URL area
- Seamonkey - background colour of URL area turns yellow
- Maxthon - TO BE CONFIRMED
- Yandex - URL text to the left coloured green + closed/locked padlock icon to the right of the URL area
- Brave - closed/locked padlock icon to the left of the URL area
- Vivaldi - URL text to the left coloured green + background area to the left coloured green + closed/locked padlock icon to the left of the URL area
- tenFOUR Fox - address to the left coloured (green or blue)
Online Shopping (from the UK)
Follow these recommendations from official UK government web sites:- Only use a recommended web browser.
- Set your browser's security settings
- Keep your web browser up-to-date.
- Be careful when you give your credit or debit card details on the Internet - make sure the connection is secure.
- The trader must give their name and a geographical address, not just a PO Box number, and not just their e-mail address. They must also fully describe the goods for sale and orders must be confirmed in writing (usually via email).
- As with any other type of purchase, shop around for the best deals and prices. In most cases, you are entitled to a seven working day cancellation period where you can change your mind (the Distance Selling Regulations), but this usually does not apply to 'auction' sites. You should always read the terms and conditions carefully before buying.
- Watch out for high postage rates and for other hidden costs, such as VAT and other duty payable, particularly if goods are being sent from abroad.
- Try to get personal recommendations for companies you have not done business with before. Alternatively, you can get help and advice from specialist organisations, such as Trust UK. Trust UK is an organisation endorsed by the UK government which enables consumers to buy online with confidence.
- Remember, goods being sent from abroad may take some time to be delivered. Check with the trader how long this will take, and set a delivery date that you must have them by, if that is important. Where no delivery date has been agreed, delivery must be within thirty days. Goods and services ordered from UK and European Countries will be covered by the Distance Selling Regulations.
- Check what the company's policy is on returning goods that you don't like or have changed your mind about, and find out who pays for the return postage. If they have come from abroad, you may be faced with a hefty postage bill to return them. Refunds must be made within thirty days.
- On the subject of buying from abroad, remember that if you have problems such as faulty goods or non-delivery, it might be very difficult to get your complaint dealt with. Although your contract will probably be covered by UK law - allowing you to sue in your local court - getting money out of a company based abroad may be impractical. If possible, pay by credit card as this may give you additional protection in some circumstances.
- For that reason, be wary of buying very expensive items from companies outside the UK or Europe unless you know them well - that way, if things do go wrong, you limit the risk.
- Most importantly, print out the order, and keep any terms and conditions that appear on the web site, just in case of any disputes or problems later on.
Web Technologies To Be Aware Of
- JavaScript (see below)
- Java (see below)
- Internet Plug-Ins and Video Codecs
JavaScript
JavaScript (not to be confused with Java) is a scripting language that can automate tasks for your web browser, you or more importantly for the web site you are visiting. However, it is very powerful and it has the power to be very malicious. Unfortunately lots of web sites require it to be turned on. It is possible to turn this technology off but some web sites may not work properly if you do:Controlling JavaScript In Your Web Browsers
- Apple Safari - open Safari > go to Safari menu > Preferences… > Security tab > for 'Web content:' tick/untick "Enable JavaScript"
- Google Chrome - open Google Chrome > go to Chrome menu > Preferences… > click "Advanced ↓"" > click "Content settings" under the 'Privacy and security' heading > click 'JavaScript' > configure as required
- Chromium - open Chromium > go to Chromium menu > Preferences… > click "Advanced ↓"" > click "Content settings" under the 'Privacy and security' heading > click 'JavaScript' > configure as required
- Mozilla Firefox - can only be configured/switched off manually
- iCab - open iCab > go to iCab menu > Preferences… > JavaScript icon > tick/untick "Enable JavaScript"
- Omniweb - open Omniweb > go to Omniweb menu > Preferences… > Security icon > tick/untick "Enable JavaScript"
- Opera - open Opera > go to Opera menu > Preferences… > select "Websites" on the left > under the 'JavaScript' heading tick/untick "Allow all sites to run JavaScript (recommended)"
- Seamonkey - open Seamonkey > go to Seamonkey menu > Preferences… > select "Scripts & Plugins" on the left under the 'Advanced' heading > tick/untick "Enable JavaScript for" 'Browser'
- Maxthon - TO BE CONFIRMED
- Yandex - cannot be configured
- Brave - open Brave > go to Brave menu > Preferences… > select 'Shields' on the left > switch ON "Block Scripts (will break many sites)"
- Vivaldi - cannot be configured
- tenFOUR Fox - open TenFourFox > go to TenFourFox menu > Preferences… > Security tab > tick/untick "Enable JavaScript"
Java
Java (not to be confused with JavaScript) is a programming language which can run software on your computer directly in your browser simply by visiting a web site. It has recently been targeted for attack on the Mac platform. Once a Java "applet" is running it is extremely powerful and it has the power to be very malicious. Thankfully lots of web sites don't use it and it is possible to turn this technology off:Java Security for Mac Users > How To Disable/Secure Java
Java SE v6 and earlier are end of life and are no longer supported/updated. If you are running Mac OS X 10.6 or earlier you are recommended to disable Java and read up on securing older operating systems.Q. How can I tell which version of macOS / OS X / Mac OS X I am running?
A. Go to Apple menu (top left) > About This Mac > check the version reported for macOS / OS X / Mac OS X.Securing/Disabling Java SE in OS X 10.7 or later
- Go to Apple menu > System Preferences > Java > (the Java Control Panel will open separately) > Security tab
- If the Java preference pane does not exist you do not have Java SE v7 or later installed. Go to the disabling Java SE v6 instructions below.
- If you have a Java preference pane and the Java Control Panel opens separately go to the "Security" tab in the control panel. If there is no Security tab you have an old version of Java SE v7 installed - update Java SE v7 first, then come back to these instructions.
- Set the 'Security Level' slider to "Very High".
- If you don't use Java untick "Enable Java content in the Browser".
- If you do use Java click "Advanced Security Settings" and configure as required for your Java usage.
- Now go to the 'Update' tab and tick "Check for Updates Automatically".
- Now go to the 'General' tab, click "Settings…" under 'Temporary Internet Files' and untick "Keep temporary files on my computer" and click "Delete Files…". Click "OK".
- You are now also recommended to switch off Java in your web browsers.
Disabling Java SE v6 in OS X 10.7 or later
- Go to Macintosh HD > Applications > Utilities > Java Preferences > General tab. NOTE: If you get a message stating 'To open "Java Preferences," you need a Java SE 6 runtime. Would you like to install one now?' click "Not Now" (you do not have Java SE v6 installed - go to disabling the Java plug-in in your web browsers).
- Make sure no Java versions are ticked under "On".
- Then go to the 'Network' tab and untick "Keep temporary files for fast access" and click "Delete Files…". Click "OK".
- You are now also recommended to switch off Java in your web browsers.
Disabling Java SE v5/v6 in Mac OS X 10.5 or 10.6
NOTE: Java will not work at all including locally installed applications that may require it.- Go to Macintosh HD > Applications > Utilities > Java Preferences > General tab.
- Make sure no Java versions are ticked under "On".
- Then go to the 'Network' tab and untick "Keep temporary files for fast access" and click "Delete Files…". Click "OK".
- You are now also recommended to switch off Java in your web browsers.
Disabling Java SE in Mac OS X 10.4 or earlier
You cannot switch off Java in Mac OS X 10.4 or earlier and there is no Java Preferences so make sure you delete any (Java plug-ins and also switch off Java in your web browsers.Disabling the Java plug-in In Your Web Browsers
NOTE: Java applets will not work in your web browser but locally installed Java applications may still work (see disabling the Java Runtime Environment for your OS).NOTE: You need to disable the Java plug-in for each and every web browser that you use/have installed.
- Apple Safari 12 or later (for macOS 10.12 or later) - Java is not supported (because NPAPI plug-ins are not supported)
- Apple Safari up to version 11 - open Safari > go to Safari menu > Preferences… > Security tab > click "Plug-in Settings…" > untick "Java" in the list on the left
- Apple Safari 5.1.9 (for Mac OS X 10.6) / 6.0.4 (for OS X 10.7/10.8) or later - open Safari > go to Safari menu > Preferences… > Security tab > untick "Allow Java" or you can tick it to enable it and you now have control of the Java plug-in for individual websites by clicking the "Manage Website Settings…" button
- Google Chrome - Java is not supported (because NPAPI plug-ins are not supported)
- Chromium - Java is not supported (because NPAPI plug-ins are not supported)
- Mozilla Firefox - Java is not supported (because NPAPI plug-ins are not supported)
- iCab - open iCab > go to iCab menu > Preferences… > Java icon > untick "Execute Java applets"
- Omniweb - open Omniweb > go to Omniweb menu > Preferences… > Security icon > untick "Enable Java"
- Opera - Java 7 or later is not supported - plug-ins cannot be disabled
- Seamonkey - open Seamonkey > go to Seamonkey menu > Preferences… > select "Scripts & Plugins" on the left under the 'Advanced' heading > untick "Enable Plugins for Suite"
- Maxthon - TO BE CONFIRMED
- Yandex - Java is not supported (because NPAPI plug-ins are not supported)
- Brave - Java is not supported (because NPAPI plug-ins are not supported)
- Vivaldi - Java is not supported (because NPAPI plug-ins are not supported)
- tenFOUR Fox - Java is not supported (because plug-ins are not supported)
REMOVING THE JAVA PLUG-IN FROM YOUR OS
NOTE: Java applets will not work in your web browser and they never will until you reinstall Java. Only follow these instructions if you will never use Java on the internet. If you are unsure simply switch off Java in all your web browsers.- Go to Macintosh HD > Library > Internet Plug-Ins folder and remove/delete any of following items if they are present:
- JavaAppletPlugin.plugin (alias/shortcut)
- JavaAppletPlugin.plugin
- JavaPluginCocoa.bundle
- Go to Macintosh HD > Users > your home directory > Library > Internet Plug-Ins folder too and remove/delete any of the above items if they are present.
NOTE: If you have OS X 10.7 or later your user Library folder is hidden. It can be accessed by going to the Go menu > Library while holding down the alt (option) key.
Internet Plug-Ins / Video Codecs
There are many internet plug-ins/video codecs available with some of the most popular being:- Adobe Flash
- Adobe Shockwave
- Adobe PDF viewer
- Perian - Discontinued in 2012
- Flip4Mac WMV components
- iPhoto Photocast
- Microsoft Silverlight
- Microsoft Sharepoint
- Microsoft Office Live
- Apple QuickTime (part of the macOS operating system) - as of 10th December 2015 the QuickTime internet plug-in is no longer supported/updated. The latest security updates for OS X 10.9 or later should automatically disable the plugin. If you are running OS X 10.8 or earlier or you want to manually disable the plug-in go to Macintosh HD > Library > Internet Plug-Ins and disable/move/delete "nsIQTScriptablePlugin.xpt" and "QuickTime Plugin.plugin"
- Real Player
- Java - see our separate article on Java
- Keep your plug-ins up-to-date
- Consider removing or disabling plug-ins you don't use
- Consider using plug-in blockers like:
- ClickToPlugin (Flash blocker for Safari)
- FlashBlock (Flash blocker for Firefox)
- FlashBlock (Flash blocker for Chrome)
Controlling Plug-Ins In Your Web Browsers
- Apple Safari - open Safari > go to Safari menu > Preferences… > Security tab > tick/untick "Allow Plug-ins" or click "Plug-in settings…" and configure accordingly
- Google Chrome - [only the Flash plug-in is supported] open Google Chrome > go to Chrome menu > Preferences… > click "Advanced ↓"" > click "Content settings" under the 'Privacy and security' heading > click 'Flash' > configure as required
- Google Chrome - [only the Flash plug-in is supported] open Chromium > go to Chromium menu > Preferences… > click "Advanced ↓"" > click "Content settings" under the 'Privacy and security' heading > click 'Flash' > configure as required
- Mozilla Firefox - open Firefox > go to Tools menu > Add-ons > click "Plugins" on the left > configure plug-ins listed on the right as required
- iCab - open iCab > go to iCab menu > Preferences… > Plug-ins icon > tick/untick "Use Plug-ins for embedded data (Flash, Quicktime, …)" or configure listed plug-ins as required
- Omniweb - open Omniweb > go to Omniweb menu > Preferences… > Plug-ins icon > tick/untick plug-ins as required
- Opera - [only the Flash plug-in is supported] open Opera > go to Opera menu > Preferences… > select "Websites" on the left > under the 'Flash' configure as required
- Seamonkey - open Seamonkey > go to Seamonkey menu > Preferences… > select "Scripts & Plugins" on the left under the 'Advanced' heading > tick/untick "Enable Plugins for" 'Suite'
- Maxthon - TO BE CONFIRMED
- Yandex - can only be configured/switched off manually
- Brave - [only the Flash plug-in is supported] open Brave > go to Brave menu > Preferences… > select 'Plugins' on the left > switch ON/OFF "Enable Adobe Flash Support"
- Vivaldi - [only the Flash plug-in is supported] open Vivaldi > go to Vivaldi menu > Preferences… > select 'Webpages' on the left > configure Flash accordingly under the "Flash Plugin" heading
- tenFOUR Fox - plug-ins are not supported
Spam
Consider using a spam blocker in your email client: Some email clients include Anti-Spam filtering:- Apple Mail - go to Mail menu > Preferences > Junk Mail
- Microsoft Entourage for Mac - go to Tools menu > Junk E-Mail Protection…
- Microsoft Outlook for Mac - go to Tools menu > Junk E-Mail Protection/Preferences…
- Mozilla Thunderbird - go to Thunderbird menu > Preferences > Security > Junk tab
Confidential Information
Don't send confidential information e.g. personal or financial information via email unless you are using encrypted (SSL) email. Email is normally sent between your computer and the email server using clear text which means it can be intercepted and used (against you).Don't send confidential information e.g. personal or financial information via attachments unless you encrypt the files first.
Attachments and links in emails
See our separate article on Malware, Social Engineering and Scams.Instant Messaging
Instant messaging software such as iChat/Messages, AIM, Yahoo Messenger, MSN/Microsoft Messenger and Skype are common attack vectors. Make sure you are running the most up to date version of the software and be very wary of clicking on accepting messages from unknown users, clicking on any links or pictures in the message window.NOTE: As of 6th July 2017 Skype requires OS X 10.9 Mavericks or later.
NOTE: Yahoo Messenger discontinued on 17th July 2018
NOTE: AIM discontinued on 17th December 2017
NOTE: MSN/Microsoft Messenger shut down October 2014
Virtual Private Network (VPN)
Virtual Private Networks are a way of connecting directly to a computer or network of your choice securely. You set up a VPN server on the computer or network and then create a VPN connection on your computer to that computer or network. They can also be used when connecting to the internet via a free/public/unsecured wireless / Wi-Fi network. You can pay for a VPN service but note that these services only protect your network traffic from your computer to their server (wherever it is located) and after that the network traffic may be insecure - however, this is usually better than nothing/not using such a service on a free/public/unsecured wireless / Wi-Fi network!VPN Services
Ideal when using a free/public/unsecured wireless / Wi-Fi network: --> Below is a list of recommended VPN providers in no particular order:- CyberGhost - Super-fast, zero logs, 6100+ servers, easy to use apps and friendly 24/7 customer support
- SurfShark - Protect unlimited devices with one account, military grade IP encryption, super cheap VPN
- NordVPN - Outstanding speeds, zero logs, unblock Netflix, custom VPN app for macOS, 24/7 support
- Ivacy - Great pick for streaming and P2P file sharing, superb VPN speeds and user friendly
- Private VPN - Superb privacy features, exceptional speeds and no usage logs, a truly Private VPN
- ZenMate VPN - Excellent VPN app for streaming and P2P file sharing, 100% private, cheap VPN
- ExpressVPN - The biggest name in the VPN industry, huge server base, blazing fast speeds, no logs
- HMA - Exceptional VPN speeds, impressive server network, unblock geo-restricted content
- Private Internet Access - Highly secure VPN with huge server network, protect 10 devices, advanced privacy
- Hotspot Shield - Fast and large server network, unblock your favourite content, complete IP encryption
- IPVanish - Hide your IP address, unblock restricted content, one of the fastest VPNs available
- Hide.Me - A great pick for advanced security, zero logs and great speeds, Hide your IP address
- Norton Secure VPN - Biggest name in cyber security, ideal for protecting yourself on public Wi-Fi
- Fastest VPN - Very fast VPN speeds, unblock all popular streaming, great server network
- PureVPN - Unblocks Netflix, BBC iPlayer etc, multiple VPN protocols, 2000+ VPN servers
- SaferVPN - Ideal for privacy conscious users, unblock geo-restricted content, zero usage logs
- StrongVPN - Bypass government censorship, protect 12 devices, 24/7 customer support
- Avast SecureLine VPN - Trustworthy VPN supplier, you can try for free for 30 days, unblocks Netflix
- Trust.Zone - Free 3 day VPN trial, unblocks Netflix and other popular content, zero logs
- ibVPN - Lots of security features, choice of VPN protocols, works on all popular devices
Some VPN service comparison sites include:
- CompareMyVPN
- That One Privacy Guy's VPN Comparison Chart
- thebestvpn.com - this comparison primarily relies on upload/download speeds plus logging policy
VPN Servers
Some high end hardware routers/ADSL modems e.g. DrayTek feature VPN servers otherwise software based VPN servers are available macOS:- VPN Enabler
- VPN Server Configurator
- VPN-X Server
- iVPN
- EasyVPN
- TunnelBlick (open source Mac version of OpenVPN)
VPN Clients
macOS has powerful VPN client functionality built-in. Otherwise third parties offer their own VPN client solutions:- Cisco VPN Client
- TunnelBlick (open source Mac version of OpenVPN)
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
Go to this
web page
to donate to us.
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
Go to this
web page
to donate to us.