What 9 macOS security features are unique to how Apple approaches security? The foundation of macOS is formed by integrated and secure software that protects critical system resources while sandboxing applications and other processes. As you read, be sure to check out the links to different Apple KBs to gain a deeper understanding of how these different macOS security features help keep your Mac, your privacy, and your data safe.
9 macOS security features include:
• FileVault is a layer of encryption built into macOS to protect user data if a device is lost or stolen. FileVault full-disk encryption uses XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk. In other words, having disk encryption keeps bad guys from accessing your data. This isn’t turned on by default in most versions of macOS, but it is really easy to set up. Find out more about FileVault including how to turn it on here: https://support.apple.com/en-us/HT204837
• Software updates come directly from and are digitally signed by Apple so organizations and IT know they can be trusted. In fact, the best way to make sure you have the latest patches and security updates is to regularly update macOS software. Software digital signing is critical these days as hackers often inject malicious code into existing software and post it on the web as a legitimate update. Always go directly to the source in order to verify that what you are installing is the real thing.
- Find out more about updating software on macOS here: https://support.apple.com/en-us/HT201541
- Learn how to verify the authenticity of downloaded third party apps here: https://support.apple.com/en-us/HT202369
- Developers can learn more about signing their own apps here: https://developer.apple.com/support/code-signing/
• System Integrity Protection (SIP) protects core operating system les that could otherwise be targets for exploits from user and application access. It’s like a protected bank vault for the heart of macOS. Find out more about SIP here: https://support.apple.com/en-us/HT204899
System Integrity Protection includes protection for these parts of the system:
- Apps that are pre-installed with OS X
• Gatekeeper lets IT designate where users can download their applications from, blocking potential harmful applications from accidentally being downloaded. Building off the digital signature features discussed above, it works to prevent unsigned apps (or malware) from running and therefore works together with XProtect to swiftly halt the spread of malware. For apps that are downloaded from places other than the Mac App Store, developers can get a unique Developer ID from Apple and use it to digitally sign their apps. The Developer ID allows Gatekeeper to block apps created by malware developers and verify that apps haven’t been tampered with since they were signed. If an app was developed by an unknown developer—one with no Developer ID—or tampered with, Gatekeeper can block the app from being installed. Find out more from Gatekeeper here: https://support.apple.com/en-us/HT202491
You can reduce this risk by using software only from reliable sources. The settings in Security & Privacy preferences allow you to specify the sources of software installed on your Mac.
- Choose Apple menu > System Preferences, click Security & Privacy, then click General.
- Select the sources from which you’ll allow software to be installed:
- App Store: Allows apps only from the Mac App Store. This is the most secure setting. All the developers of apps in the Mac App Store are identified by Apple, and each app is reviewed before it’s accepted. macOS checks the app before it opens the first time to be certain it hasn’t been modified since the developer shipped it. If there’s ever a problem with an app, Apple removes it from the Mac App Store.
- App Store and identified developers: Allows apps from the Mac App Store and apps from identified developers. Although apps from outside the Mac App Store are not reviewed, the identified developers are registered with Apple. If problems occur with an app, Apple can revoke its authorization. macOS checks the app before it opens the first time to be certain it hasn’t been modified since the developer shipped it.
• File Quarantine -aware applications that download files from the Internet, or receive files from external sources (such as email attachments), attach quarantine attributes.
- Quarantine-aware applications include Safari, Messages, iChat and Mail.
- These attributes include date, time, and a record of where the file was downloaded from.
When you open a file received through a quarantine-aware application, OS X warns you where the file came from. You receive an alert asking, “Are you sure you want to open it?” You should click Cancel if you have any doubts about its safety.
• XProtect is an automated anti-malware utility, kept up to date by Apple. This prevents malicious software and/or often outdated, vulnerable plug-ins like Java and Flash from running on a Mac. Those who are pedantically inclined can open the XProtect plist to view malware signatures by entering the following into the Safari browser URL. /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
You can also view a list of XProtect signatures (in XML format) here: http://edtechchris.com/2017/02/06/xprotect-plist-contents-macos-2-5-2017/
• App Store apps available in the App Store are always vetted by Apple and only Apple-approved resources are available. Apple reviews each app before it’s accepted by the store, and if there’s ever a problem with an app, Apple can quickly remove it from the store. Apple not only has the ability to remove
app availability, but can also revoke developer certificates instantly.
• App Sandboxing ensures that apps do not share (or steal) data from the system or one another. Sandboxing apps is a great way to protect systems and users by limiting the privileges of an app to its intended functionality, increasing the difficulty for malicious software to compromise your users’ systems. Recently, apple has added path randomization to app sandboxing, thus increasing malware protection. Find out more about app sandboxing here: https://developer.apple.com/app-sandboxing/
• Privacy controls are available for users and IT to designate – a transparent process, which lets users know when location services are used, which apps have access to contacts or calendars, and what information is being shared with Apple and/or app developers. Apple has been in the news lately validating the importance they place on protecting user data and user privacy. According to Apple, “privacy is a fundamental human right.”
Probably the best way to begin exploring all the new privacy features in macOS, iOS, tvOS, and watchOS is to check out the Privacy page at Apple.com: https://www.apple.com/privacy/
Check out Apple CEO, Tim Cook’s, comments about privacy here: https://www.cnbc.com/2018/04/10/apple-ceo-tim-cook-on-the-importance-of-consumer-privacy.html
macOS Security Features – Enterprise
As Mac become more and more prevalent in enterprise deployments, Apple continues working to make them both user friendly and secure. This growing trend provides a world class user experience with hardened security and protection. If you are new to using macOS security features to protect Macs in government, business or education deployments, I recommending starting with Charles Edge’s (Kryped.com) book on Enterprise Mac Security. Amazon link here: https://amzn.to/2JrrRV4
Security Focused MacAdmin Blogs
The following blogs are also good resources for exploring additional macOS security features and updates and more.
- Krypted.com http://krypted.com
- Duo Security’s Blog https://duo.com/blog
- Objective-See https://objective-see.com/index.html
- Rich Trouton’s blog, derflounder https://derflounder.wordpress.com
- Amsys’s blog https://www.amsys.co.uk/blog/
- Erik Gomez’s blog https://blog.eriknicolasgomez.com