Security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud and new services. And we continue to make improvements.” ― Tim Cook, Apple CEO
These years, Apple has been committed to tightening security in OS X. Though there are relatively minor new features, security seems the biggest change Apple made this time. Let's go through the main security and privacy features on Mac firstly. Then we talk about more Mac security tips for better protecting your device.
Security Integrity Protection: Root Has No Power Here
It's true that Apple has made improvement by the new feature - Security Integrity Protection (SIP), also called rootless. It is claimed to be a necessary step to ensure a high level of security. Security Integrity Protection aims to protect users from malicious code infecting the operating system by preventing the modification or removal of certain system files even by administrative overrides. By locking down the main system Apple will scupper the attempts of any malware to gain access to files, folders, running processes and system apps. To put it in brief, you can't modify these core files, neither can malware or hackers.
To summarize, SIP means that:
For most Mac users who don't customize anything or even use basic OS functions like tags in Finder, it is of course excellent to have a feature preventing malicious software. However, to those who want intense customization for their work environment, it is a little bit annoying. It will no longer be the case that administrators no longer have the root access, and change anything in the root System folder, or in a few hidden folders, such as /bin, /sbin, and /usr.
On the other hand, this feature is undoubtedly a big headache to Mac app developers like SuperDuper. Since they're blocked from editing or writing to certain protected files and folders within OS X, they have to try hard to adapt to the new way of working.
Mac OS X El Capitan's rootless "feature" is your parents trying to ground you when you're 30 and own your own house. - - User from Twitter
Two-Factor Authentication: Additional Layer of Security for Apple ID
Two-factor Annunciation in El Capitan is regarded as an optional additional layer of security for your Apple ID that is designed to prevent unauthorized access to your account. Once users enable this feature, they can then set up at least one OS X device as“trusted devices”. These devices appear in a list in your Apple ID account and can be removed from there. Whenever users sign in with Apple ID on a new device or browser, they will need to also verify by entering password and a six-digit verification code displayed on devices that have already signed in. That's to say, your password alone is not enough; you need to have information that is sent to you or generated on a trusted device. And if both should be lost, such as when a trusted device is stolen, an Apple ID is irretrievable.
If you enable two-factor authentication, iTunes purchases on Mac and Windows will require you to append a 6-digit code to the end of your password on every purchase. The 6-digit code will automatically be sent to your iOS 9 or OS X El Capitan devices.
It's a good idea have the two-factor authentication turned on, especially now that the process is a bit simpler. Note that you should be running OS X El Capitan and iOS 9 on all your devices.
App Transport Security: Secure Network Connections
App Transport Security (ATS), in both iOS 9 and El Capitan, requires an app add a declaration to its Info.plist file that specifies the domains with which it needs secure communication. If your application attempts to connect to any HTTP server that doesn't support the latest SSL technology , your connections will fail. This will help prevent accidental disclosure and provides secure default behavior.
App Transport Security enforces best practices for secure network connections and is enabled by default when using NSURLSession, NSURLConnection, or CFURL. It is great thing to have App Transport Security on so that it can protect personal data from being compromised over insecure wireless connections.
The firewall in OS X is a network filter that allows you to control which programs and services can accept incoming connections. It is a good option to enable if you’re connected to a public Wi-Fi network, such as one at a cafe, library, or other hotspot. But did you know inbound firewalls only protect against certain kinds of attacks?
With the increasing frequency of new malware and various of targeted attacks, the best defense is to implement multiple layers of protection. The function of the inbound firewall is obviously not enough. You're recommended to make use of outbound firewall applications to alert you about a piece of software that you know full well you downloaded, but didn't think would be connecting to the Internet.
An admin account can be used to change or delete files and also install any software. It is useful, and also risky, if the software is malicious. It is therefore necessary for Mac users to create a non-admin account for everyday activities in order to protect from some types of malware and prevent you from blundering by deleting files that you didn't mean to erase.
You'd better also disable automatic login for this account. Try to go to the Users and Groups pane of System Preferences, and click on Login Options; you'll then see a menu that lets you choose which user logs in automatically at startup, or you can choose Off from this menu.
Apple comes with FileVault for users of OS X 10.7 (Lion) or later, allowing them to have their data made irrecoverable in an event of theft, loss, physical compromise. To enable FileVault, first make sure you have logged into OS X with an administrator's account, and go to System Preferences > Security & Privacy > FileVault. Once there, press Turn on FileVault.
However, there's no built-in ability to lock individual apps. Try to use a third-party app encryption software mac. Cisdem AppCrypt is a preferable choice to safely encrypt Mail, Safari, Evernote, your favorite photo applications, iTunes, YouTube, Mac App Store and any other applications.
There is a built-in tool in OS X called“Software Update” to help keep everything updated. Try to access it by clicking on the Apple menu in the menu bar. For the updates themselves, it is always recommended to show details and review the items prompting to be installed; for the most part the user is safe but it can never be assumed.
Mac OS X has a built-in software update tool, called Software Update. You can access this by clicking on the Apple menu in the menu bar. When you launch this program, it will check Apple's servers to see if any Apple software updates are available. It's a good idea to to run "Software Update" and patch your Mac promptly when security updates are available.
There is no doubt that downloading files and exchanging files with others is fraught with risks. Though it seems that OS X does its best to protect the data, a good Mac anti-virus program is still necessary to help effectively prevent malware from loading, whether you make a bad choice of software to install, or visit a booby trapped website by mistake. It's also a good idea to keep your virus definitions up-to-date.
Besides, if you absolutely must go shopping online and only have access to public Wi-Fi, such an at an airport, a coffee shop, or some other location on a free, public Wi-Fi network, consider making use of a VPN software to ensure your data privacy.
Data security is an important issue. Apple makes hard backups incredibly easy with Time Machine, a built-in feature that regularly backs up your entire system onto an external hard drive. It enables you to recover lost files on Mac easily. Be sure to keep good, up-to-date local and remote backups. Time Machine is a big help with local, but not remote backups.
Besides, you can also synchronize files between two Macs, so that each machine has the latest, most updated files, as well as create a bootable backup in case you're having system problems and can't access your files.
Peter has always had great enthusiasm for writing, programming and web development. He likes writing about software and technology, his works are featured on some tech blogs or forums like Tom's Hardware, CNET, etc.
Though Mac spend much to protect Mac, it seems that the attacks never stop.
It must be a welcome improvement to have Two-factor Annunciation in os x 10.11...Anyway, thanks for sharing these useful tools.