Keep your Mac safe from intruders, malware, and more!

Take Control of
Securing Your Mac

Second Edition

Glenn Fleishman

Secure your Mac against attacks from the internet and physical intrusion with the greatest of ease. Glenn Fleishman guides you through configuring your Mac to protect against phishing, malware, network intrusion, social engineering, and invaders who might tap physically into your computer. Glenn teaches how to secure your data at rest and in motion. Learn about built-in privacy settings, the Secure Enclave, FileVault, sandboxing, VPNs, recovering a missing Mac, and much more. Covers Ventura and Monterey.

All Take Control books are delivered in three ebook formats—PDF, EPUB, and Mobipocket (Kindle)—and can be read on nearly any device.

Download Free Sample

The digital world has never seemed more riddled with danger, even as Apple has done a fairly remarkable job across decades at keeping our Macs safe. But the best foot forward with security is staying abreast of past risks and anticipating future ones. Take Control of Securing Your Mac gives you all the insight and directions you need to ensure your Mac is safe from external intrusion and thieves or other ne’er-do-wells with physical access.

Security and privacy are tightly related, and Take Control of Securing Your Mac helps you understand how macOS has increasingly compartmentalized and protected your personal data, and how to allow only the apps you want to access specific folders, your contacts, and other information.

Also available: You can save money by buying this book as part of a three-book bundle, which also includes Take Control of Wi-Fi Networking and Security and Take Control of iOS & iPadOS Privacy and Security. Buy all three books for $25.78, which is 40% off the combined cover prices of $42.97. Add 3-Book Bundle to Cart

Here’s what this book has to offer:

Master a Mac’s privacy settings
Calculate your level of risk and your tolerance for it
Learn why you’re asked to give permission for apps to access folders and personal data
Moderate access to your audio, video, and other hardware inputs and outputs
Get to know the increasing layers of system security in Ventura and Monterey
Prepare against a failure or error that might lock you out of your Mac
Share files and folders securely over a network and through cloud services
Set a firmware password and control other low-level security options to reduce the risk of someone gaining physical access to your Mac
Understand FileVault encryption and protection, and avoid getting locked out
Investigate the security of a virtual private network (VPN) to see whether you should use one
Learn how the Secure Enclave in Macs with a T2 chip or M-series Apple silicon affords hardware-level protections
Dig into ransomware, the biggest potential threat to Mac users, but still a largely theoretical one
Decide whether anti-malware software is right for you
Discover new security and privacy technologies in Ventura, such as Lockdown Mode and passkeys

About Glenn Fleishman

Glenn Fleishman is a veteran technology writer who has contributed to dozens of publications across his career, including Macworld, Fast Company, and Increment. He has also written dozens of editions of books in the Take Control series. He spent 2019 and 2020 building 100 tiny type museums full of real printing artifacts. Glenn lives in Seattle with his wife and two children.

What’s New in Version 2.1

This update adds two sidebars about fixing Privacy permissions for apps in macOS when everything has gone wrong: the first requires the use of Terminal; the second, a super-strength method when the first fails, has you restart in Recovery mode. See “Fix Broken Accessibility and Similar Permissions” and “The Super-Strength Way To Fix Privacy Permissions.”

This version also checked in on the shipping release of macOS 13 Ventura in late October 2022. It contained no surprises as regards the contents of this book. But it did remove the “beta” label from iCloud+ Private Relay (a note removed from “Protect Anonymity via a Private Relay”) and fixed a bug in adding credit cards to System Settings > Wallet & Apple Pay (a warning removed from “Apple Pay Valid Only for a Single User”).

What Was New in Version 2.0.1

Apple used to offer relatively limited user controls over items that launched at startup. This led me to omit coverage in previous versions of this book. But I realized after the release of the second edition that macOS 13 Ventura was so much better at exposing login items and background items that they deserved their own section, added in this update. See “Launch Items.”

I missed describing one aspect of Lockdown Mode in the initial release of this edition: how the mode affects browsing in Safari and managing sites you choose to exclude from Lockdown Mode. See the updates in “Deploy Lockdown Mode.”

I also added a short explanation of some icons you may see in the menu bar when an app uses your location (see “Configure Your Mac’s Privacy Settings”) or the camera or microphone on your Mac (see “Control Center Display of Recent A/V Use”).

What Was New in the Second Edition

This edition of the book brings the title up to date for the upcoming release of macOS 13 Ventura, expected in fall 2022. Apple dramatically overhauled the organization of system-wide settings. First, they replaced System Preferences with System Settings. Second, they redesigned the general interface for each pane, often replacing checkboxes with switches. Third, they reorganized preferences: many settings are now in completely different places or new Settings panes from where they were found in Monterey and, in some cases, all the way back to macOS 10.0. Throughout the book, I include the necessary instructions for finding a setting for both Monterey and earlier releases and then separately for Ventura.

One important thing to look out for:

In Monterey and earlier within System Preferences, when a pane needs to be unlocked to make changes, you click the lock icon in the lower-left corner and then use Touch ID or enter an administrator password to modify privileged settings.
With Ventura’s System Settings, you now often click a button or icon first, and then receive a prompt to use Touch ID or enter a password. The lock icon has gone missing—it’s joined Clarus in the Icon Garden.

Ventura also added or updated these significant features for privacy, sharing, and security:

Sleeping and locking your Mac: Ventura distributes settings relating to screen locking, screen-saver activation, and password controls among three System Settings panes. See “How to Sleep or Lock Your Mac” for help understanding those new interactions.
Standard user is for other people: I’ve updated my advice about creating a standard user for your day-to-day Mac interactions as Apple has matured beyond that. You can safely use an administrator account, but see “Set Up a Standard Account for Others.”
Where to find network settings: The Network preference pane has a whole new look and top-level organization in its transformation to Network settings. See near the end of “What’s Your Risk of Internet Intrusion?” for how to find an IP address and other details.
iCloud Drive sharing: Ventura overhauls the frankly outdated and wonky approach to sharing files with others from iCloud Drive. The new look is streamlined, putting all the options in a single place. Apple also added support for third-party extensions. See “Share iCloud Drive Items in Ventura.”
Lockdown Mode: Added in iOS 16/iPadOS 16 and Ventura, Lockdown Mode is a new protective measure you can take if and when you’re concerned about being a focused target of criminals, a repressive government, or even a company attempting industrial espionage. See “Deploy Lockdown Mode” for details.
Passkeys: Apple also added support in updates to their operating systems for an industry-compatible way of logging in with a high degree of security that doesn’t involve typing in passwords or managing two-factor authentication codes. Passkeys use public-key cryptography to offer strongly encrypted, unique logins for every site you visit that supports them. See the updated section on passwords that now incorporates passkeys: “Protect Your Passwords and Passkeys.”
USB protection: Apple brought an enhanced USB authentication mode from iOS/iPadOS to macOS. Whenever you plug in a USB or Thunderbolt device in Ventura, you’re prompted by default to approve it the first time. You can set other behavior. See “Control Adding USB and Thunderbolt Devices.”

Finally, Howard Oakley at Eclectic Light discovered Apple had updated in the last six months how its silent XProtect anti-virus system works. Howard found that the introduction in macOS 12.3 of a new tool has led to frequent, active scanning to known malware. See “Apple’s Built-in Protections.”

Read Me First
- Updates and More
- What’s New in Version 2.1
- What Was New in Version 2.0.1
- What Was New in the Second Edition
Introduction
Quick Start to Securing Your Mac
Start with Security Basics
- Understand What Security Means
- Determine Your Risk Profile
Set Up Basic Security
- Keep Your Software Up to Date
- Manage Basic Security and Privacy Settings
- Configure Accounts & Groups Securely
- Control Adding USB and Thunderbolt Devices
- Enable Touch ID
Fortify Yourself and Your Mac
- Apple Protects with Gatekeeper
- Keep Malware off Your Mac
- Protect Anonymity via a Private Relay
- Umbrella Protection with a VPN
Share Resources Securely
- Allow Network Access to Services
- Share Carefully via Cloud Services
Learn macOS Startup and Disk Protections
- The Secure Enclave
- FileVault Protection
- System File Protections
- Startup Protections
- Password Lockout Protections
- Secure Deletion
- Apple Pay Valid Only for a Single User
Keep Personal Data Private
- Keep Your Data Safe from Other Local Users
- Deter Invasion via Sandboxing
- Configure Your Mac’s Privacy Settings
- Protect Your Passwords and Passkeys
- Deploy Lockdown Mode
Regain Access
- Prepare for a Future Lockout
- Recover Access to an Account
- Recover from a Lost Firmware Password
About This Book
- Ebook Extras
- About the Author
- About the Publisher
Copyright and Fine Print