Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Maximum security tricks for your Mac

Keir Thomas | July 11, 2016
We tend to frown upon those who take computer extremely seriously but there’s a lot we can learn from them too.

The only people out there likely to take advantage of this are government agencies that employ extraordinarily clever people and have unlimited budgets. It's certainly too difficult for a burglar who steals your Mac to exploit, or a nosey colleague.

However, if you're truly security paranoid then here's how to stop the FileVault key being stored in memory. The only actual difference this will make in everyday use of the Mac is that sometimes you'll be prompted to type your login password twice when waking your Mac, and your Mac will be a little slower when waking from sleep mode.

We need to do two things. First we need to switch the Mac to enter standby mode, rather than sleep mode, whenever you do something like close the lid of a MacBook Pro. In Standby mode the contents of memory are saved to disk and the computer put into a deep sleep mode that uses only a trickle of power.

Secondly, we need to tell the computer to not hold the FileVault key in memory while in Standby mode.

Both these two steps can be achieved by opening a Terminal window (you'll find it in Utilities folder of the Applications listing in Finder) and then pasting in the following:

sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25

To turn off this feature, and renable the security "hole", again open Terminal and type the following:

sudo pmset -a destroyfvkeyonstandby 0 hibernatemode 3

Then reboot.

Check for persistent apps

Some apps on your Mac are designed to start invisibly each time you boot, and remain invisible while you're using the computer. These are called persistent apps, and examples include the update checker apps that Google and Microsoft install to ensure Google Chrome and Microsoft Office are always up to date. Adobe installs a handful of persistent apps too as part of the Creative Cloud package.

However, malware also uses persistent apps to do their nastiness without you noticing and, to make matters worse, there are many locations in the file system where malware can hide in order to have itself started at each boot-up. We could advise you to keep an eye on each and every location, but it's a mammoth task.

Luckily, there are two free apps that'll do a lot of the hard work for you. KnockKnock scans these locations and will tell you what's there. It's not a malware scanner, so won't tell you if what you find is dangerous or not. That's between you and a search engine, although a helping of common sense will do no harm - for example, the aforementioned apps for Microsoft, Google and Adobe apps are easy to spot (although as a caveat we suppose we ought to point out that it's possible some malware might masquerade as an app from one of these companies).

 

Previous Page  1  2  3  4  5  6  7  8  Next Page 

Sign up for CIO Asia eNewsletters.