Setting up a new Mac computer can be labeled as the easiest task one can ever come across. But things can get a little challenging while optimizing Mac security settings according to your requirements. The large amount of data that is transferred, downloaded and exchanged by Mac users over a network increases the risks of specially crafted attacks on these systems. Nevertheless, security is not an illusion but a necessity these days and as far as Mac OS X is concerned there are numerous settings that can be fine tuned to ensure safety.
There is a popular saying that you can secure your Mac OS X to the extent you are capable of making it secure. The process is indeed a complex one as there is not just one golden rule that one can apply to gain maximum security from malicious attacks. So in order to secure a Mac OS X in this highly complex situation one has to understand that it’s a combination of various security and privacy settings that could make a difference.
In light of malware and other attacks affecting Mac OS X recently we here at Red Piranha have put together a string of security measures that can be applied to secure Mac OS X.
- Disable Bonjour
- Disable Spotlight localization & Suggestions
- Disable Results from Bing
- Disable Guest User
- Allow Only Signed Apps
- Disable Creation of Metadata Files
- Disable Password Hints
- Set an Administration Password
- Set a Firmware Password
- Enable Firewall
Disable Bonjour:
Bonjour is Apple’s zero configurations networking protocol that allows Mac users to connect to the local area network. The application’s of Bonjour includes enabling Mac systems to perform activities such as sharing devices and files over a computer network based on TCP/IP.
In order to perform the tasks Bonjour is designed to perform it automatically shares the Mac system related information on the designated network. In the case the network is not trusted one might want to reconsider using Bonjour and disable it.
The following command line can be used in a terminal to disable Bonjour:
sudo defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array-add "-NoMulticastAdvertisements"
Likewise, the following command can be used to enable Bonjour:
sudo defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array "/usr/sbin/mDNSResponder" "-launchd"
Disable Spotlight localization & Suggestions:
Spotlight is one of the most useful features integrated in Mac OS X that allows users to find an array of elements stored locally in the hard drive. It also helps to find the desired information on the web. But in due course it also makes use of localization services to offer web results based on your location.
Disabling Spotlight Localization:
In order to perform the task of providing localized results spotlight requires your location and sends this information to a remote service which could be manipulated. Therefore it is highly recommended to disable spotlight localization.
The following settings can be implemented to disable spotlight localization.
Step 1: Go to System Preferences ⇒ Security & Privacy ⇒ Privacy ⇒ Location Services
Step 2: Select ‘Security & Privacy’ and click ‘Details’
Step 3: Uncheck ‘Safari & Spotlight Suggestions’.
Disabling Spotlight Suggestions:
Mac OS X relays the searches made through spotlight to Apple services and displays results accordingly. In order to restrict spotlight from sharing the search details with apple services it is suggested to disable Spotlight Suggestions.
The following settings can be implemented to disable Spotlight Suggestions.
Step 1: Go to System Preferences => Spotlight
Step 2: Uncheck ‘Allow Spotlight Suggestions in Spotlight and Look Up’.
Disable Results from Bing
In order to restrict sharing spotlight search details with Bing one must consider disabling results from Bing. In order to do so, implement the following settings.
Step 1: Go to System Preferences => Spotlight
Step 2: Un-check “Bing Web Searches” from the list of results categories.
Disable Guest User
Guest user allows others to use your Mac OS X system with restricted access. However, it is recommended to disable Guest User which would further help in securing files and data saved in the system.
In order to disable Guest User implement the following settings:
Step 1: Go to System Preferences => Users & Groups => Guest User
Step 2: Un-check ‘Allow guests to log in to this computer’.
Allow Only Signed Apps:
In order to make sure that MacOSX is not infected with malicious applications one must install apps which are signed by an authorized developer and the ones which are only available in the Mac app store.
To allow only signed apps optimize Mac OS X by implementing the following settings:
Step 1: Go to System Preferences => Security & Privacy => General
Step 2: Select the radio button against Mac App Store and identified developers under the section Allow apps downloaded from
Note: The security levels can also be raised by setting it to Mac App Store under the section Allow apps downloaded from
Disable Creation of Metadata Files:
Mac OS X creates metadata files as and when files are saved to the hard drive. These metadata files can also be viewed further giving malicious actors the extra edge. It is recommended that Mac OS X users disable creation of Metadata Files to further boost the privacy levels.
The following commands can be inserted in a terminal to disable creation of metadata files:
Command to disable metadata files on Network Volumes:
defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true
Command to disable metadata files on USB Volumes:
defaults write com.apple.desktopservices DSDontWriteUSBStores -bool true
Disable Password Hints:
Password hints is a helpful feature that gives away hints regarding the existing password just in case the user forgets it. Irrespective of the fact that this feature is helpful, it can also be exploited by malicious attackers to guess the password further compromising the security of the Mac OS X.
Implement the following settings In order to disable password hints:
Step 1: Go to System Preferences => Users & Groups => Login Options
Step 2: Uncheck the tick box against Show Password Hints
Require an Administration Password:
It is recommended to have an administration password for accessing system settings.
In order to set an administration password implement the following steps:
Step 1: Go to System Preferences => Security & Privacy => Advanced
Step 2: Check the tick box against “Require an administrator password to access system-wide preferences”.
Set a Firmware Password:
A firmware password provides an advanced level of security that prevents Mac from being booted from an external boot volume. It also creates a security perimeter that prevents the resetting of PRAM as well.
A firmware password can be set by implementing the following steps:
Step 1: Activate recovery mode when the Mac computer is turned on. (This can be done by holding down the command and R keys)
Step 2: Click on Utilities Menu from the menu bar and select Firmware Password Utility.
Step 3: Click on Turn on Firmware Password and follow the wizard. When done, restart your Mac.
Enable Firewall:
It is recommended to activate Firewall in Mac OS X. The firewall basically controls connections made to your computer from other computers on your network. Once the firewall is activated the connections on the network can be controlled on per application basis instead of per port basis.
To activate firewall follow the following steps:
Step 1: Go to System Preferences => Security & Privacy => Firewall
Step 2: Click on Turn on Firewall
