Your computer comes pre-configured in a generic and accessible way so that it works right out of the box, but these settings often leave you vulnerable. There are a number of settings that can improve your computer’s defences just by being turned on. One way to improve the security of your Mac is to start tailoring the plug-in permissions on your browser.

The most effective strategy is to disable as many plug-ins as you can and have any necessary ones (commonly Flash) ask if they can start. There are so many vulnerabilities found in Flash (over 50 CVE’s, with a 10/10 severity in the first half of 2017 alone) that you don’t want it running on every website. Remote code executions hidden in Flash can allow malicious code to run and can potentially take over your device. Last year Forbes, MSN, Yahoo and others displayed compromised flash ads with malware baked into them and inadvertently infected visitors to their sites.

Instead of enabling flash on all sites, have your browser ask permission and give it to only the handful of websites that actually need it. You only need to give permission once for your browser to remember. This advice goes for Mac and Windows computers alike. Sure, Mac computers weren’t targeted with the particular example above but the same type of thing can happen to a Mac. Security is about protecting from the future, not the past. You don’t know what they are going to do next, so close and lock as many unnecessary doors as possible.

To turn on and tailor plug-in permissions, open Safari and go to:

Preferences > Security > Plug-in Settings

and switch each plugin to “Ask”, “Off”, or outright disable it.

Another important element for best practices is password quality and that will be getting its own dedicated post very soon. In the meantime, let us know if you have any questions on other default software settings that may be leaving you vulnerable.

Advanced

If you’re familiar with the command line and are comfortable with using some python you can use this script: osx-config-check. It goes through a list of changes to similar default security settings as the one above and allows you to pick and choose. It does a lot of the heavy lifting for you, but not every ‘check’ is right for everyone so I don’t recommend aiming for 100% compliance. Your machine still has to be useable afterwards

As always, you should be critical of code before running it on your computer. In the case of Open Source code on GitHub you can often get a good idea of its legitimacy by looking at the changes that have been made and how popular it is.