Mac Tips: Security Applications

I know there is a deluge of applications out there offering improved security, but not all applications are created equal. As a bit of a security zealot I want to share some of the simplest, most effective programs I use to help bolster my security. No security is 100% impenetrable but these applications will certainly boost your armour rating.

Little Snitch

Program Type: Firewall
Developer: Objective Development

Most firewalls focus on what comes into your system. Little Snitch does that plus gives you refined control over what’s going out. It lets you control what programs are allowed to connect to the internet and who they are allowed to talk to. For example, if you accidentally download a program that has built-in tracking and analytics, Little Snitch will let you know when and where it’s trying to ‘phone home’ and ask you to approve it. More importantly, if you have accidentally installed a virus, Little Snitch will let you know when and where it’s trying to connect online giving you the option to deny its communication. Little Snitch adds a little bit of complexity initially as it learns what’s ok and what’s not, but this is invaluable for defending your system.

Microsnitch and Oversight

Program Type: Microphone and Camera Monitor
Developers: Objective Development and Objective-See respectively

You can use tape to completely protect you from the camera, but what about the microphone? Both these programs flag when microphones or cameras are active with a notification and overlay on your screen as well as producing a log of activities that you can audit after the fact. Oversight is a bit more finicky and will flag external devices as active even if they aren’t which could make things complicated for audiophiles. Microsnitch though is more user oriented. Malicious software is often designed specifically to covertly activate your computer’s recording devices. Both applications attempt to make sure you know when you are being recorded. A recent flaw discovered in the Chrome web browser allowed websites to silently turn on your microphone and camera; Microsnitch and Oversight would ensure you were still alerted.

RansomWhere?

Program Type: Activity Monitor
Developer: Objective-See

RansomWhere? watches for programs engaging in suspicious activity and stops them until you certify that it is deliberate. For example, ransomware usually opens and overwrites hundreds of files in a short period of time. When RansomWhere? detects this activity it stops the process and waits for approval, thereby limiting the amount of damage ransomware can do if it gets into your system.

BlockBlock

Program Type: Anti-persistence Monitor
Developer: Objective-See

Persistent applications can stay running or relaunch after updates, restarts, and other system events. Few programs require persistence but a lot of malware needs it in order to operate every time your computer starts up. BlockBlock monitors the installation of persistent programs as they hook into the operating system and requests your approval before they are allowed to continue. Most programs you install do not require persistence and when they do they are named and signed appropriately - making them easy to identify and approve.

The value of a program like BlockBlock can be seen in the recent security breach caused by a virus called Proton.C. The virus was snuck into a version of Handbrake (a popular open source video encoder) and infected numerous computers. This infection cost companies and individuals time as well as loss of private information. Using BlockBlock could have prevented such difficulties by presenting the name and signature of the program - the user would then be able to see the signature was missing and the name didn’t make sense and then deny the application from running.