Security setup on OS X device?

[ohboy]

What is your setup? What is a sufficient security setup for an OS X device? What is overkill?

I am running Yosemite and have Sophos and Malwarebytes Ant-Malware installed. I just received the computer I'm using and plan to run those programs a few times a month. I also have a VPN installed, but rarely use it. My Firewall is of course on, have sharing preferences turned off, Java uninstalled, and several security extensions running in my browser. I only connect to trusted Wi-Fi networks and will be using a separate computer for any use of torrent clients.

Am I missing anything? Is anything I'm doing unnecessary?

 

[Mcmeowmers]

I would say overkill but it all depends on your use and if the extra measures interfere with your tasks.

The most personal information I have on my computer is my browsing history which I am not overly concerned with. I use Ghostery and AdBlock on Safari as well as making sure I log out of Facebook when I am finished looking at what ever it is you're supposed to look at. Pretty silly now that I think about it!

I use the firewall too of course!

 

[BLUEDOG314]

You will not get a virus in the true sense of the word. Whenever Mac users think they have a virus, it is adware in a web browser that they got from being on weak sauce torrent sites or watching too much porn. For this AdwareMedic is good. It will still leave stragglers but this can be mopped up with the find command in terminal and adding delete onto the end.

Sophos is a system hog and for the most part useless.

A VPN is great for privacy as long as the company is reputable.

Java isn't the worst, but stay away from flash.

The only extension I use is https everywhere.

Only other thing I'd do if you are concerned with an actual virus is put Gatekeeper on App Store only. Again, this does not prevent pop ups in sketchy sites.

 

[ScoobyMcDoo]

Since you asked about security instead of just malware, I'll throw in disk encryption. I have my disk encrypted just in case the thing gets stolen.

 

[ohboy]

Since you asked about security instead of just malware, I'll throw in disk encryption. I have my disk encrypted just in case the thing gets stolen.

By disk encryption, do you just mean FileVault? I would use it if it didn't take up a ridiculous amount of space. Any alternatives?

 

[Weaselboy]

By disk encryption, do you just mean FileVault? I would use it if it didn't take up a ridiculous amount of space. Any alternatives?

You might be confusing FileVault encryption with something else, because FileVault uses no space at all. It just encrypts the drive.

 

[Mcmeowmers]

I forgot the most important thing. Make sure you set a firmware password.

About not getting viruses on a Mac. You are right but I think that mentality is damaging to users that don't know much about computers and technology. I think it gives a false sense of security. The effects of a browser hijack is essentially the same to a user that doesn't know better. Semantics are not important to your grandma who just had her computer exploited by a Flash or Java vulnerability.

So I think by us that know better that keep saying "there are no viruses on macs" gives a poor additude for those that don't know.
[doublepost=1458143413][/doublepost]

You might be confusing FileVault encryption with something else, because FileVault uses no space at all. It just encrypts the drive.

Maybe they meant performance?

 

[Michael A Ralph]

Filevault that baby, the entire disk. Minimum 16 character unused password.

Open Keychain Access preferences, Certificates tab, and set the OCSP and CRL settings to "Require If Certificate Indicates", and the priority to OCSP You can even strengthen it further by holding down option while selecting the drop down menus. This will break some sites and apps with sloppy SSL connections.

Firefox > Safari. NoScript, HTTPS Everywhere, Adblock Plus are the best addons, after that, Web Of Trust, QuickJava, Ghostery, and ssleuth.

Use either Murus Pro or Icefloor to configure the hidden UNIX pf firewall to protect against incoming attacks, and Little Snitch to stop unwanted outgoing traffic.

No Flash, no Java. Disable RTC in any browser you use.

also: filevault didn't slow down my OWC SSD more than ~1%.

 

[Tonsko]

Principle of least privilege! Worth setting the user you use day to day as not admin and creating a specific admin user that does have rights. It's a bit annoying at first, but you soon get used to it.