If you do a lot of banking and have highly sensitive financial information on your Mac, you would want to make sure that your computer is 100% virus/spyware/malware/all-other-threats free. I heard people saying that Macs don't need anti-virus and stuff because they don't get viruses. But researching on Google, I found that it's not true. And I am concerned now. What protection apps should I use? What should I do to keep my computer 100% safe?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
How to make your MBP 100% virus/spyware/malware free?
- Thread starter jas5279
- Start date
- Sort by reaction score
You just really need to keep the os up to date then practice smart browsing. No more than that. If you ant to add protection then a reputable brand would be advised.
MWB for Mac will pick up the common nasties: https://www.malwarebytes.com/mac-download/
But as Gav said, the best AV is the squishy thing using the computer. If you want to stay safe, best to avoid seedy videos, keep the OS up to date, and politely decline any Russian bride requests.
But as Gav said, the best AV is the squishy thing using the computer. If you want to stay safe, best to avoid seedy videos, keep the OS up to date, and politely decline any Russian bride requests.
Even with my very limited understanding of security, I don't agree with the assessment of "Macs don't get viruses" - I do agree with the assessment of "Most of the Mac-based malware in the wild is mainly adware that is more of an annoyance and some are phishing attempts that an aware User can probably spot. Macs being compromised by more serious forms of malware are still relatively rare, although vulnerabilities to firmware and ransomware attacks have been established and demonstrated in lab settings. For most Users right now, they can safely use a Mac without massive concerns if practicing good security habits."
For me, when working with the PII of others, it is:
One limitation I have observed with banking is the deployment of new cryptography among financial institutions. One would think they would be fast to adopt the latest standards. However, that appears to be often untrue. Addressing vulnerabilities to downgrade attacks and other man-in-the-middle attacks were slow, at best, and TLS 1.2 adoption was anything but fast, and the GCM cipher adoption was, in some cases, disturbingly slow. Presumably, TLS 1.3 adoption will not be quick either. Unfortunately, the implication here is that you could do everything right on your end, and still have your data being vulnerable depending on what a company is doing on their end. Again my understanding here is very primitive.
MacRumors
Bank of America
My knowledge on security is very limited, but why on Earth would they set this order?!?!
For me, when working with the PII of others, it is:
- Use FileVault 2 with a very strong password and disable the iCloud reset feature (so if my AppleID is compromised, it will NOT allow access to my local machine) - I think someone is insane to use any computer without whole disk encryption enabled if using it for any sensitive information at all!
- Use Little Snitch so I know exactly what connections are incoming and outgoing
- Use a strong iCloud/Apple ID password that is unique only to iCloud
- Use a secure password manager App so all of my passwords look like TskTnM3DYs83WNdd6U864QsXVL33hvuF and are unique to that specific login
- Use an open-source encryption program like Veracrypt with sensitive files I work with in my Windows VMs
- Run a solid AV program on my Windows VMs (currently using ESET and Emsisoft)
- When entering sensitive information to be sent over the internet, ensure the cryptography is modern with a TLS check - https://www.ssllabs.com/ssltest/
- Use a browser add-on like HTTPS Everywhere to force all connections to use encryption
- Periodically check the System Preferences --> Security & Privacy --> Privacy tab to see which Apps are granted control of my system (doing this led me to abandon Dropbox completely, because of some the App's behavior wasn't unlike that of malware.)
- Periodically check the launchd folders for any processes starting at startup or login that I do not recognize or want starting.
- Periodically scan with Malwarebytes
- Staying mindful of devices on the wifi network that are vulnerable to attack (e.g., webcams)
- Any higher risk activities (e.g., torrents) are done in a Mac VM that lives on its own SSD, has snapshots enabled, has the firewall enabled, and has a Mac antivirus installed
One limitation I have observed with banking is the deployment of new cryptography among financial institutions. One would think they would be fast to adopt the latest standards. However, that appears to be often untrue. Addressing vulnerabilities to downgrade attacks and other man-in-the-middle attacks were slow, at best, and TLS 1.2 adoption was anything but fast, and the GCM cipher adoption was, in some cases, disturbingly slow. Presumably, TLS 1.3 adoption will not be quick either. Unfortunately, the implication here is that you could do everything right on your end, and still have your data being vulnerable depending on what a company is doing on their end. Again my understanding here is very primitive.
MacRumors
Bank of America
My knowledge on security is very limited, but why on Earth would they set this order?!?!
Last edited:
The question:
"What protection apps should I use? What should I do to keep my computer 100% safe?"
The answer:
Take it out of the box and never never NEVER connect it to the internet.
And even then, you may still have paranoid doubts!
"What protection apps should I use? What should I do to keep my computer 100% safe?"
The answer:
Take it out of the box and never never NEVER connect it to the internet.
And even then, you may still have paranoid doubts!
My knowledge in this sector is very limited, too. I can imagine that The Bank of America prefers to use the Galois/Counter Mode (GCM) because of the better performance compared to Cipher Block Chaining (CBC) to serve such many clients with an optimal speed of service. The bigger problem your screenshots are showing is probably that their server doesn't support Forward Secrecy (FS) to prevent compromising past session keys, but maybe past sessions will get deleted immediately by them so that there is no real risk with that.
To the OP: IMO, the human factor is the most critical security factor in computing. Responsible usage of the internet will prevent you from getting most, but not every virus and malware. MacOS comes with many built-in security features. To use them correctly, e.g. the Firewall settings is not always easy for new users (always decline an app to phone home first). Then there is XProtect that is a silently updated list of known malware that won't be able to harm your Mac. The problems arise from unknown exploits and there is no heuristics based analysis built into Macs, yet. Some AV software tries to protect you from unknown risks, but again, it just tries and won't be able to catch everything or will report false positives. @ZapNZs and the other posters said everything else, although there is to mention the small drawback of using encryption like FileVault, if you don't make frequently backups and need to recover your data, that's going to be a real pain. Always make backups, if you like your data, there will never be 100% security.
Last edited: