Maybe there should be a required IQ test to purchase a computer?
That should come only after the parenting IQ test.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Can a MAC be hacked? How do I know if it happens? Security advise welcome.
- Thread starter 4lisawriter
- Start date
- Sort by reaction score
That should come only after the parenting IQ test.
Mac Security Suggestions
1) OS X Mountain Lion: Understand passwords
Make sure to use strong passwords that use a combination of characters from both the upper and lower case alphabet, numbers, and symbols. Do not reuse passwords for security sensitive logins; specifically, do not use the same password for banking credentials and logins to websites, such as Facebook or Twitter.
Secure passwords contain at least 8 characters with at least one character from each of the following: upper case alphabet, lower case alphabet, numbers, and symbols.
Go@wow76 is an example of a password that meets the minimum requirement of a secure password.
Some online accounts will place limits on the length and type of characters that can be used to create passwords. If the limits negate the ability to meet the requirements of a secure password presented above, make a password as close to those requirements as possible given the imposed limitations.
2) OS X Mountain Lion: About your keychain password
OS X Mountain Lion: Lock or unlock your keychain
OS X Mountain Lion: Allow apps to access your keychain
Create a separate keychain in "Keychain Access" from the login keychain to store secure notes and login credentials, such as internet passwords, that do not need to stay unlocked while the user is logged in. Label that separate keychain with the username of the computer user account but give it a different password than the user account password because the login keychain uses that password.
Make sure to keep items that require extra security in that separate keychain and make sure to keep that keychain locked as much as possible. Setting the keychain to lock after 5 minutes of inactivity and to remain locked while sleeping is most secure. Secondary click the keychain from the list of keychains in "Keychain Access" to modify these settings.
3)Set up firmware password protection in Mac OS X.
Mountain Lion and Lion users have to boot into the Recovery HD to set up firmware password protection.
Setting up firmware protection reduces the need to use FileVault given that it causes target disk mode to require a password to initiate. Also, there is an alternative solution to storing security sensitive files that does not impose the limitations of FileVault (log out to backup with Time Machine) and provides encryption while you are logged in (see #18 - sparse bundle disk images).
FileVault does not protect user data from being accessed via remote exploitation when the user is logged in. Sparse bundle disk images do not secure every possible point of potential data leakage via hacking that occurs with physical access. Use both to achieve optimal security if that level of security is required.
4) Security & Privacy preferences, make sure to turn ON the following:
"General"
- require password at most 5 seconds after sleep or screen saver begins
- disable automatic login
- allow applications downloaded from: Mac App Store -> Mountain Lion: About Gatekeeper
"General -> Advanced"
- require an administrator password to access locked preferences
- automatically update safe downloads list
- pair or disable remote control receiver
"Privacy"
- disable location services (disable unneeded location services on a per app basis if using "Find My Mac")
Note: use secure virtual memory (prior to Lion)
5) Using Mission Control (Expose - prior to Lion), set up a hot corner to "Start screen saver" and make sure to initiate the screen saver whenever the Mac is left unattended.
6) Mac OS X has three types of firewalls. The application firewall is turned off by default. The packet filter, PF, is running but with the most open ruleset. The TrustedBSD MAC framework (sandboxing) is enabled by default. Set up the application firewall and/or PF to supplement the TrustedBSD MAC framework.
Application firewalls, such as the one found in the "Security & Privacy" pane, typically only understand the protocols for sharing services (VNC, FTP, SSH, etc) if used on the standard port for the service and provide only basic filtering for non-standard protocols or services using non-standard ports.
Stateful firewalls are better in general as provide the benefits of both packet filters and application firewalls. PF, the packet filter in Mac OS X, can be set up as a stateful firewall. The easiest way to do so is to download an PF GUI called Icefloor.
- Turn ON the application firewall or provide a stricter ruleset for PF. Using both at the same time creates a multi-layer protection scheme that is even more secure.
7) If other unknown users are going to use the Mac, enable the "Guest" account and log out when finished using the Mac so other users can log in using the Guest account.
If another user is going to use the Mac repeatedly over an extended period of time, create a standard account for that user.
8) Understand the purpose of the administrator password authentication prompt. This prompt appears and asks the user for the credentials (username and password) of an administrator user whenever a process tries to access an area of the system that is restricted. Requiring administrator authentication provides important protection against modification of more security sensitive areas of the system by malware or malicious users.
- Do not provide administrator account credentials to any authentication prompt that has not been explicitly initiated by a user and/or the purpose of authentication is not reliably known.
9) Avoid malware. Typically Mac OS X malware comes from four sources: video codecs, pirated software, spoofed Flash updates, and rogue antivirus software.
- Install Perian, Flip4Mac, and XiphQT. Then, deny any authentication prompts to install video codecs; specifically, in relation to video sources from the web.
- Do not pirate software.
- Do not install any antivirus software that has been automatically downloaded from the internet.
- Do not install Flash downloaded from any source other than http://get.adobe.com/flashplayer/.
- Do not install software from sources that do not have a trustworthy reputation.
- Do not open any files with non-executable file formats that are reported as being executable via File Quarantine.
Most importantly, understand the purpose of the administrator password authentication prompt.
10) Mac OS X SL, Lion, and Mountain Lion include basic anti-malware protection by default. This is adequate protection when used in conjunction with safe computing practices (see #8, #9, & #14) but it does lack on-demand scanning and cross platform malware detection capabilities. Install ClamXav if these capabilities are required.
Perform periodic (weekly or monthly) on-demand scans with antivirus software, such as ClamXav, to ensure that your system does not contain any Windows malware, such as Java downloader based trojans, that could possibly become cross platform. ClamXav also detects many Mac OS X specific threats.
ClamXav does not run with elevated privileges and does not have mandatory on-access scanning. Client-side software that runs with elevated privileges is less secure. Mandatory on-access scanning chronically uses system resources. On-demand scans only use resources when performing a scan.
ClamXav does include a Sentry feature that provides user defined on-access scanning if this is required. This feature does chronically use system resources if enabled.
The information provided below is important for users of unsupported versions of OS X:
Set the Sentry feature to scan common locations where external files enter the system, such as download and email folders (for example: ~/Downloads, ~/Library/Mail, and ~/Library/Mail/Downloads), and set up weekly scans to scan the entire system for any threats.
Unsupported versions of OS X no longer receive security patches from Apple. This leaves these versions of OS X unprotected from any security vulnerabilities that are found subsequent to support being dropped for those versions of OS X.
This is a relevant security risk due to vulnerabilities found in still supported versions often being applicable to unsupported versions of OS X.
11) Harden Safari.
Turn OFF the following features in Safari:
- Open "safe" files after downloading.
- AutoFill web forms: Using info from my Contacts card & User names and passwords.
- Enable Java.
Install a Safari extension, such as Plugin Customs (also in Safari Extensions Gallery), to get greater control of browser plugins. This is particularly helpful if you need to keep Java enabled for a specific purpose. (Not all such extensions manage every plugin; Plugin Customs provides control over every Safari plugin.) Non Safari users should be able to find alternatives.
Optional: An ad-blocker, such as GlimmerBlocker, provides some protection as well.
12) Set "Software Update" to check for updates daily. It is ok if the updates do not download automatically given that this can be intrusive if it occurs during heavy network activity.
Make sure to keep third party software on the Mac up to date. This includes client side software such as an office suite, instant messenger client, and more.
13) Turn OFF any "Sharing" services that are not being used. Make sure any sharing services that are turned on have a secure password (see #1) if the service allows a password to be set.
Turn OFF "Bluetooth" if not being used. In the Bluetooth settings, make sure to turn OFF "Discoverable" after setting up Bluetooth devices.
14) Network traffic encryption.
- Only use email services with full session encryption such as gmail.
- Only use encrypted file transfer services, such as SFTP or FTPS.
- Use an encrypted search engine such as https://duckduckgo.com/ that automatically redirects to the encrypted logins of many popular websites, such as Facebook and Twitter.
- Check the digital certificate of websites, such as banks and paypal, by clicking the lock icon to see if the certificate belongs to the right organization. This prevents login credentials from being stolen via sophisticated MITM attacks. ARP poisoning/MITM attacks can be detected using a utility such as Mocha.
- Always manually navigate to the logins of encrypted security sensitive websites and never login to these websites from links in emails, email attachments, instant messages, & etc even if the certificate appears to be legitimate. This prevents login credentials from being stolen via advanced phishing techniques that use cross-site scripting.
- Enable Mac OS X to use the CRL and OCSP to provide protection from invalidated digital certificates. The settings to enable system-wide use of the CRL and OCSP are accessible via Keychain Access. On the "Certificates" pane in the Preferences of Keychain Access, set the following:
Online Certificate Status Protocol (OCSP): Best Attempt
Certificate Revocation List (CRL): Best Attempt
Priority: OCSP
15) Under "Network," click on the advanced tab for "Airport" wireless connections and turn ON the following settings:
Require administrator password to:
- Create computer-to-computer networks
- Change networks
16) For wireless networks, use WPA2 encryption. WEP encryption is easily defeated and is no longer secure. Make sure to use a secure password (see #1) for the network password and the router admin password. Using default router admin passwords leaves the router vulnerable to exploitation.
Use a wireless router that supports network address translation (NAT) with an integrated firewall. NAT builds a table of network connections that inherently provides the same type of firewall as a packet filter with basic stateful packet inspection (SPI). Only connections that do not satisfy the NAT table are sent to the router's packet filter. NAT greatly reduces the number of ports that need to be port forwarded.
Also, use a router that supports NAT-PMP or UPnP. This also reduces the number of ports that need to be port forwarded if the software supports the feature as well. There is a utility called Port Map that can provide this function for software that does not support it by default. Port Map is basically a GUI for the packet filter in your router if the router supports NAT-PMP or UPnP.
17) For those needing extra email security (worried about emails being accessed while logged in):
- Do NOT keep copies of emails for offline viewing and move the keychain entries for the email accounts from the login keychain to a keychain that does not remain unlocked. This is easy to set up if using IMAP email accounts with Mail.app.
a) In the "Advanced" setting for the email account in Mail.app preferences, set "Keep copies of messages for offline viewing:" to "Don't keep copies of any messages."
b) And, in the "Mailbox Behaviors" setting for the email account in Mail.app preferences, enable "Move deleted messages to the Trash mailbox," set "Permanently erase deleted messages when: Quitting Mail," and do not enable "Store deleted messages on the server."
c) Also, do not enable "Store sent messages on the server" but set "Delete sent messages when: Quitting mail." Note: make sure to manually save all emails as drafts before being sent or the autosaved drafts will not be deleted once the email is sent; this is a glitch in Mail.app.
Storing the "~/Library/Mail" folder in an encrypted disk image (see #18) and using an alias in the folder's place is effective in securing your emails if you need to keep local copies for offline viewing.
18) For those needing extra data security (worried about user files being accessed while logged in):
- Use password protected encrypted sparse bundle disk images to store sensitive files and keep those disk images unmounted as much as possible. The easiest way to keep them unmounted as much as possible is to store the password in "Keychain Access." Make sure to move the keychain entry from the login keychain to a separate keychain that does not remain unlocked if you save the disk image password in Keychain Access; otherwise, the security benefits are lessened because the disk image remains unlocked while you are logged in.
The settings in the attachment below when using "Disk Utility" to make password protected encrypted disk images work well. Either encryption (128 bit or 256 bit) is cryptographically secure at this point in time. Sparse bundle disk images dynamically expand and are designed to work efficiently with Time Machine. It is ok if the label given in "Save As" is the same as "Name."
1) OS X Mountain Lion: Understand passwords
Make sure to use strong passwords that use a combination of characters from both the upper and lower case alphabet, numbers, and symbols. Do not reuse passwords for security sensitive logins; specifically, do not use the same password for banking credentials and logins to websites, such as Facebook or Twitter.
Secure passwords contain at least 8 characters with at least one character from each of the following: upper case alphabet, lower case alphabet, numbers, and symbols.
Go@wow76 is an example of a password that meets the minimum requirement of a secure password.
Some online accounts will place limits on the length and type of characters that can be used to create passwords. If the limits negate the ability to meet the requirements of a secure password presented above, make a password as close to those requirements as possible given the imposed limitations.
2) OS X Mountain Lion: About your keychain password
OS X Mountain Lion: Lock or unlock your keychain
OS X Mountain Lion: Allow apps to access your keychain
Create a separate keychain in "Keychain Access" from the login keychain to store secure notes and login credentials, such as internet passwords, that do not need to stay unlocked while the user is logged in. Label that separate keychain with the username of the computer user account but give it a different password than the user account password because the login keychain uses that password.
Make sure to keep items that require extra security in that separate keychain and make sure to keep that keychain locked as much as possible. Setting the keychain to lock after 5 minutes of inactivity and to remain locked while sleeping is most secure. Secondary click the keychain from the list of keychains in "Keychain Access" to modify these settings.
3)Set up firmware password protection in Mac OS X.
Mountain Lion and Lion users have to boot into the Recovery HD to set up firmware password protection.
Setting up firmware protection reduces the need to use FileVault given that it causes target disk mode to require a password to initiate. Also, there is an alternative solution to storing security sensitive files that does not impose the limitations of FileVault (log out to backup with Time Machine) and provides encryption while you are logged in (see #18 - sparse bundle disk images).
FileVault does not protect user data from being accessed via remote exploitation when the user is logged in. Sparse bundle disk images do not secure every possible point of potential data leakage via hacking that occurs with physical access. Use both to achieve optimal security if that level of security is required.
4) Security & Privacy preferences, make sure to turn ON the following:
"General"
- require password at most 5 seconds after sleep or screen saver begins
- disable automatic login
- allow applications downloaded from: Mac App Store -> Mountain Lion: About Gatekeeper
"General -> Advanced"
- require an administrator password to access locked preferences
- automatically update safe downloads list
- pair or disable remote control receiver
"Privacy"
- disable location services (disable unneeded location services on a per app basis if using "Find My Mac")
Note: use secure virtual memory (prior to Lion)
5) Using Mission Control (Expose - prior to Lion), set up a hot corner to "Start screen saver" and make sure to initiate the screen saver whenever the Mac is left unattended.
6) Mac OS X has three types of firewalls. The application firewall is turned off by default. The packet filter, PF, is running but with the most open ruleset. The TrustedBSD MAC framework (sandboxing) is enabled by default. Set up the application firewall and/or PF to supplement the TrustedBSD MAC framework.
Application firewalls, such as the one found in the "Security & Privacy" pane, typically only understand the protocols for sharing services (VNC, FTP, SSH, etc) if used on the standard port for the service and provide only basic filtering for non-standard protocols or services using non-standard ports.
Stateful firewalls are better in general as provide the benefits of both packet filters and application firewalls. PF, the packet filter in Mac OS X, can be set up as a stateful firewall. The easiest way to do so is to download an PF GUI called Icefloor.
- Turn ON the application firewall or provide a stricter ruleset for PF. Using both at the same time creates a multi-layer protection scheme that is even more secure.
7) If other unknown users are going to use the Mac, enable the "Guest" account and log out when finished using the Mac so other users can log in using the Guest account.
If another user is going to use the Mac repeatedly over an extended period of time, create a standard account for that user.
8) Understand the purpose of the administrator password authentication prompt. This prompt appears and asks the user for the credentials (username and password) of an administrator user whenever a process tries to access an area of the system that is restricted. Requiring administrator authentication provides important protection against modification of more security sensitive areas of the system by malware or malicious users.
- Do not provide administrator account credentials to any authentication prompt that has not been explicitly initiated by a user and/or the purpose of authentication is not reliably known.
9) Avoid malware. Typically Mac OS X malware comes from four sources: video codecs, pirated software, spoofed Flash updates, and rogue antivirus software.
- Install Perian, Flip4Mac, and XiphQT. Then, deny any authentication prompts to install video codecs; specifically, in relation to video sources from the web.
- Do not pirate software.
- Do not install any antivirus software that has been automatically downloaded from the internet.
- Do not install Flash downloaded from any source other than http://get.adobe.com/flashplayer/.
- Do not install software from sources that do not have a trustworthy reputation.
- Do not open any files with non-executable file formats that are reported as being executable via File Quarantine.
Most importantly, understand the purpose of the administrator password authentication prompt.
10) Mac OS X SL, Lion, and Mountain Lion include basic anti-malware protection by default. This is adequate protection when used in conjunction with safe computing practices (see #8, #9, & #14) but it does lack on-demand scanning and cross platform malware detection capabilities. Install ClamXav if these capabilities are required.
Perform periodic (weekly or monthly) on-demand scans with antivirus software, such as ClamXav, to ensure that your system does not contain any Windows malware, such as Java downloader based trojans, that could possibly become cross platform. ClamXav also detects many Mac OS X specific threats.
ClamXav does not run with elevated privileges and does not have mandatory on-access scanning. Client-side software that runs with elevated privileges is less secure. Mandatory on-access scanning chronically uses system resources. On-demand scans only use resources when performing a scan.
ClamXav does include a Sentry feature that provides user defined on-access scanning if this is required. This feature does chronically use system resources if enabled.
The information provided below is important for users of unsupported versions of OS X:
Set the Sentry feature to scan common locations where external files enter the system, such as download and email folders (for example: ~/Downloads, ~/Library/Mail, and ~/Library/Mail/Downloads), and set up weekly scans to scan the entire system for any threats.
Unsupported versions of OS X no longer receive security patches from Apple. This leaves these versions of OS X unprotected from any security vulnerabilities that are found subsequent to support being dropped for those versions of OS X.
This is a relevant security risk due to vulnerabilities found in still supported versions often being applicable to unsupported versions of OS X.
11) Harden Safari.
Turn OFF the following features in Safari:
- Open "safe" files after downloading.
- AutoFill web forms: Using info from my Contacts card & User names and passwords.
- Enable Java.
Install a Safari extension, such as Plugin Customs (also in Safari Extensions Gallery), to get greater control of browser plugins. This is particularly helpful if you need to keep Java enabled for a specific purpose. (Not all such extensions manage every plugin; Plugin Customs provides control over every Safari plugin.) Non Safari users should be able to find alternatives.
Optional: An ad-blocker, such as GlimmerBlocker, provides some protection as well.
12) Set "Software Update" to check for updates daily. It is ok if the updates do not download automatically given that this can be intrusive if it occurs during heavy network activity.
Make sure to keep third party software on the Mac up to date. This includes client side software such as an office suite, instant messenger client, and more.
13) Turn OFF any "Sharing" services that are not being used. Make sure any sharing services that are turned on have a secure password (see #1) if the service allows a password to be set.
Turn OFF "Bluetooth" if not being used. In the Bluetooth settings, make sure to turn OFF "Discoverable" after setting up Bluetooth devices.
14) Network traffic encryption.
- Only use email services with full session encryption such as gmail.
- Only use encrypted file transfer services, such as SFTP or FTPS.
- Use an encrypted search engine such as https://duckduckgo.com/ that automatically redirects to the encrypted logins of many popular websites, such as Facebook and Twitter.
- Check the digital certificate of websites, such as banks and paypal, by clicking the lock icon to see if the certificate belongs to the right organization. This prevents login credentials from being stolen via sophisticated MITM attacks. ARP poisoning/MITM attacks can be detected using a utility such as Mocha.
- Always manually navigate to the logins of encrypted security sensitive websites and never login to these websites from links in emails, email attachments, instant messages, & etc even if the certificate appears to be legitimate. This prevents login credentials from being stolen via advanced phishing techniques that use cross-site scripting.
- Enable Mac OS X to use the CRL and OCSP to provide protection from invalidated digital certificates. The settings to enable system-wide use of the CRL and OCSP are accessible via Keychain Access. On the "Certificates" pane in the Preferences of Keychain Access, set the following:
Online Certificate Status Protocol (OCSP): Best Attempt
Certificate Revocation List (CRL): Best Attempt
Priority: OCSP
15) Under "Network," click on the advanced tab for "Airport" wireless connections and turn ON the following settings:
Require administrator password to:
- Create computer-to-computer networks
- Change networks
16) For wireless networks, use WPA2 encryption. WEP encryption is easily defeated and is no longer secure. Make sure to use a secure password (see #1) for the network password and the router admin password. Using default router admin passwords leaves the router vulnerable to exploitation.
Use a wireless router that supports network address translation (NAT) with an integrated firewall. NAT builds a table of network connections that inherently provides the same type of firewall as a packet filter with basic stateful packet inspection (SPI). Only connections that do not satisfy the NAT table are sent to the router's packet filter. NAT greatly reduces the number of ports that need to be port forwarded.
Also, use a router that supports NAT-PMP or UPnP. This also reduces the number of ports that need to be port forwarded if the software supports the feature as well. There is a utility called Port Map that can provide this function for software that does not support it by default. Port Map is basically a GUI for the packet filter in your router if the router supports NAT-PMP or UPnP.
17) For those needing extra email security (worried about emails being accessed while logged in):
- Do NOT keep copies of emails for offline viewing and move the keychain entries for the email accounts from the login keychain to a keychain that does not remain unlocked. This is easy to set up if using IMAP email accounts with Mail.app.
a) In the "Advanced" setting for the email account in Mail.app preferences, set "Keep copies of messages for offline viewing:" to "Don't keep copies of any messages."
b) And, in the "Mailbox Behaviors" setting for the email account in Mail.app preferences, enable "Move deleted messages to the Trash mailbox," set "Permanently erase deleted messages when: Quitting Mail," and do not enable "Store deleted messages on the server."
c) Also, do not enable "Store sent messages on the server" but set "Delete sent messages when: Quitting mail." Note: make sure to manually save all emails as drafts before being sent or the autosaved drafts will not be deleted once the email is sent; this is a glitch in Mail.app.
Storing the "~/Library/Mail" folder in an encrypted disk image (see #18) and using an alias in the folder's place is effective in securing your emails if you need to keep local copies for offline viewing.
18) For those needing extra data security (worried about user files being accessed while logged in):
- Use password protected encrypted sparse bundle disk images to store sensitive files and keep those disk images unmounted as much as possible. The easiest way to keep them unmounted as much as possible is to store the password in "Keychain Access." Make sure to move the keychain entry from the login keychain to a separate keychain that does not remain unlocked if you save the disk image password in Keychain Access; otherwise, the security benefits are lessened because the disk image remains unlocked while you are logged in.
The settings in the attachment below when using "Disk Utility" to make password protected encrypted disk images work well. Either encryption (128 bit or 256 bit) is cryptographically secure at this point in time. Sparse bundle disk images dynamically expand and are designed to work efficiently with Time Machine. It is ok if the label given in "Save As" is the same as "Name."
Last edited:
Great post! The volume of information might be intimidating to some, but very helpful! I added a link to it in the Mac Virus/Malware Info
Thank you very much!
I just started to notice a trend in posts wanting information related to the content of that post so I thought I would make one post and link to it whenever it seems applicable. Thanks for helping out!
That's exactly what I've done with the posts I created on malware, batteries, drive formatting, etc. It saves re-typing it hundreds of times.
[doublepost=1455896557][/doublepost]I can tell you this about macs... I use to be a all windows guy. I would scoff and chuckle at mac users thinking they were on an inferior system. Meanwhile, I'm reinstalling Windows every 6 months to remove all the spyware and crap that gets loaded on my windows machine for being connected to the internet. Even though, I had the top of the line anti-virus and anti-malware software I could find. I just came to think "This is Normal", you just have reinstall sometimes. The funny thing about that is that I had taken Microsoft Server class as a service engineer, and the number one fix for any issue with Microsoft was to "Reinstall". That's what Microsoft engineers tell their service teams...anyway, I digress.Let's count all the false statements in this post:
False. They don't get viruses, either. Because there ARE no viruses that run on current Mac OS X.
The market share myth is exactly that. Macs have a much greater market share than ever before, and growing at over a million Macs per month, yet the number of viruses has gone from a few back in the days of OS 8 and 9, to...... zero. Market share grew, viruses available went down. So much for the market share theory.
False. If that were the case, there would be no firewall or built-in malware protection in Mac OS X, which there is.
No, you can't. It IS possible to hack into a Mac, and you have absolutely no basis on which to guarantee that any particular user has or hasn't been hacked.
That's why they should read this: Mac Virus/Malware Info
Macs are not, and have never been immune to any particular form of malware, including viruses. No OS is immune. There simply are no viruses in the wild that run on current Mac OS X. That doesn't mean it can't be done.
No OS is immune to the biggest threat: users!
Quite true!
I moved to an iMac in 2009 as I began to code iOS and I needed a Apple computer to do so. After using my mac for a year, I realized that I did not have to reinstall anything, in fact I hadn't had ANY problems- NONE! And I don't have ANY anti-virus software on my mac. Now, multiple macs later, Still NO ISSUES- 7 years running. I suppose a really foolish person could install something on their computer that is malware, by entering their Admin password, but that is about the only way you could infect a mac. Clicking a link won't do it- Mac OS X doesn't allow that. With Windows on the other hand- all the doors are wide open. Windows computers will ALWAYS have issues because of TWO main reasons: it's poor OS design AND more importantly the fact that they allow multiple companies to build their hardware. It is, as Agent Smith from "The Matrix" would say, Inevitable!
You do know this thread is 5 years old and that the OP has not signed on in the last 3 years, right?
even though it's old, it doesn't hurt to have some threads bumped sometimes and get them back in ones mind...
Lately I read this:
(attack via MITM)
https://vulnsec.com/2016/osx-apps-vulnerabilities/
and https://vulnsec.com/2016/detecting-osx-apps-rce/
Lately I read this:
(attack via MITM)
https://vulnsec.com/2016/osx-apps-vulnerabilities/
and https://vulnsec.com/2016/detecting-osx-apps-rce/
This is excellent advice, and something that in my opinion, every computer user in this day and age should have. Not only does this provide another layer of protection against potential malware and hackers, but it will also familiarize you with (and give you an element of control over) all the data that the OS / your legitimate applications collect (which I believe most people would find a bit unsettling, if only they were aware of the extent to which this occurs).
Little Snitch can be a bit overwhelming when it's first installed, but just spend a few hours setting it up, familiarizing yourself with the different options, and reading up on / asking questions about stuff you aren't familiar with. It will quickly become a tool you can't live without.
I know it's an old thread, but you can enable the firewall in your router, if it wasn't done for you already. You should also get a software firewall program, for your mac laptop. It just means also that you may have a hard time file sharing etc because all your ports are locked down, but with patience and experience it gets easier.