Monday, January 18, 2021

How to keep your macOS safe

  1.  Systems Preferences > Software Update > Make sure it's up to date.
    1. Also, click "Advanced" button and, at a minimum, make sure that the check box for "Check for updates" and "Install system data files and security updates" are enabled.
  2. Anti-malware protection: At a minimum, install the free version of Malwarebytes: https://www.malwarebytes.com/mac-download/
    1. Set a weekly reminder to manually run a scan. The purchased version can automatically scan.
  3. To prevent Facebook from tracking you around the web. I recommend installing:
    1. Firefox: https://www.mozilla.org/en-US/firefox/mac/
    2. The Firefox Facebook Container browser extension: https://addons.mozilla.org/en-US/firefox/addon/facebook-container/
    3. Optionally, you may also wish to install other Firefox-created browser extensions from: https://addons.mozilla.org/en-US/firefox/user/4757633/
      1. Firefox Multi-Account Containers "lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously."
      2. Firefox Relay which "lets you generate email aliases that forward to your real inbox. Use it to hide your real email address and protect yourself from hackers and unwanted mail."
  4. To install an Ad-blocker, I recommend uBlock Origin. Install the browser extension in both
    1. Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
    2. Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
  5. Verify that all currently running processes are legit. Run Objective-See's Task Explorer: https://objective-see.com/products/taskexplorer.html
    1. Once running, use the top right corner filter "#nonapple" to remove Apple processes from the list.
    2. Scroll through the top list and ensure that the process and, more importantly, the full path look familiar to you. Also, make sure the "virustotal" value for each entry is 0 or low. For example:
      1. Chrome     0/75 virustotal
        /Applications/Google Chrome.app/...
      2. Chrome Helper     0/74 virustotal
        /Applications/Google Chrome.app/...
      3. Firefox     0/76 virustotal
        /Applications/Firefox.app/...
      4. FrontendAgent     0/76 virustotal
        /Library/Application Support/Malwarebytes/...
      5. plugin-container     0/76 virustotal
        /Applications/Firefox.app/...
      6. RTProtectionDaemon     0/75 virustotal
        /Library/Application Support/Malwarebytes/...
      7. SettingsDaemon     0/76 virustotal
        /Library/Application Support/Malwarebytes/...
    3. If you see a process that you are unfamiliar with, Google it and try to determine if it's a program that you installed.
    4. If you do not recall installing it, try to determine how to remove it.
  6. Verify that all currently running processes are legit. Run Objective-See's Netiquette: https://objective-see.com/products/netiquette.html
    1. Once running, scroll through the list and ensure that you are familiar with all of the processes.
    2. If you see a process that you are unfamiliar with, see step #5.3-4
  7. Verify that all currently running Kernel Extensions are legit. Run Objective-See's KextViewr: https://objective-see.com/products/kextviewr.html
    1.  Follow steps #5.1-4.
  8. Verify that all currently running Kernel Extensions are legit. Run Objective-See's KnockKnock: https://objective-see.com/products/knockknock.html
    1. Once running, press the "Start Scan" button at the top.
    2. Once finished scanning, click on the first section on the left sidebar.
      1. For each section, scroll through the list on the right side.
      2. Follow steps #5.2-4
      3. Repeat for each section on the left sidebar.
  9. If you know what to look for, some other Objective-See programs worth installing:
    1. Lulu: https://objective-see.com/products/lulu.html
    2. BlockBlock: https://objective-see.com/products/blockblock.html
    3. ReiKey: https://objective-see.com/products/reikey.html
    4. OverSight: https://objective-see.com/products/oversight.html
    5. RansomeWhere?: https://objective-see.com/products/ransomwhere.html
    6. Do Not Disturb: https://objective-see.com/products/dnd.html
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)