The digital world has never seemed more riddled with danger, even as Apple has done a fairly remarkable job across decades at keeping our Macs safe. But the best foot forward with security is staying abreast of past risks and anticipating future ones. Take Control of Securing Your Mac gives you all the insight and directions you need to ensure your Mac is safe from external intrusion and thieves or other ne’er-do-wells with physical access.
Security and privacy are tightly related, and Take Control of Securing Your Mac helps you understand how macOS has increasingly compartmentalized and protected your personal data, and how to allow only the apps you want to access specific folders, your contacts, and other information.
Also available: You can save money by buying this book as part of a three-book bundle, which also includes Take Control of Wi-Fi Networking and Security and Take Control of iOS & iPadOS Privacy and Security. Buy all three books for $25.78, which is 40% off the combined cover prices of $42.97. Add 3-Book Bundle to Cart
Here’s what this book has to offer:
- Master a Mac’s privacy settings
- Calculate your level of risk and your tolerance for it
- Learn why you’re asked to give permission for apps to access folders and personal data
- Moderate access to your audio, video, and other hardware inputs and outputs
- Get to know the increasing layers of system security through Mojave, Catalina, and Big Sur
- Prepare against a failure or error that might lock you out of your Mac
- Share files and folders securely over a network and through cloud services
- Set a firmware password and control other low-level security options to reduce the risk of someone gaining physical access to your Mac
- Track and recover a Mac—or erase it remotely—if it’s lost or stolen
- Understand FileVault encryption and protection, and avoid getting locked out
- Investigate the security of a virtual private network (VPN) to see whether you should use one
- Learn how the Secure Enclave in Macs with a T2 chip or M-series Apple silicon affords hardware-level protections
- Dig into ransomware, the biggest potential threat to Mac users, but still a largely theoretical one
- Decide whether anti-malware software is right for you
What’s New in Version 1.1.1
This version adds a sidebar, “Which Apps Are Locked Down?,” that explains in Big Sur how to find which apps that are preinstalled with macOS are stored on the immutable system volume and which are installed on the user-modifiable Data volume.
What Was New in Version 1.1
Version 1.1 has several significant changes and improvements designed to help you better understand both some subtle and not-so-subtle points that weren’t as fully explored in previous ones, and to answer some reader questions.
This update adds information about how Apple limits the number of times the wrong password can be entered while starting up or restarting a Mac, or when switching accounts or logging in to additional accounts while macOS is active. See “Password Lockout Protections.”
Version 1.0 didn’t fully explain how FileVault starts up differently with an Intel-based Mac and an M-series Mac. That’s now fully clarified in “Protect at Boot.” Based on some people’s discomfort with using FileVault and keeping track of the associated Recovery Key, I added a discussion of reasons why you might not want to enable FileVault in “Decide on Using FileVault.”
If you want to enable encryption on a bootable clone, you can’t use the technique I describe to enable encryption on an external drive in “Encrypt External Drives.” Nor can you encrypt an external bootable volume with M-series Macs. Thus, I’ve added details on setting up FileVault for Intel Macs on an external volume in “Encrypt a Bootable Clone on an Intel Mac.”
M-series Macs no longer offer Target Disk Mode for mounting an internal volume as a drive on another Mac to which it’s directly connected. Instead, these Macs have Mac Sharing Mode, which presents a selected volume as if it were shared over a network. In the previous versions of this book, the differences were not explained as thoroughly as they should have been, and the final steps in mounting a drive in Mac Sharing Mode were not included. See “Share a Disk (M-Series Macs)” for those details.
If you restart from an external volume that’s a clone of your startup drive on a Mac with a Secure Enclave and Touch ID, and have activated Apple Pay, you will likely have to reset Apple Pay. This is also true if you set up Apple Pay on another macOS account than your primary one, and then want to use it again with your primary account. I explain the ins and outs in “Apple Pay Valid Only for a Single User.”
I’ve also further clarified why you might disable SIP on an M-series Mac: it’s the only way to engage Permissive Mode, a security option that allows non-Apple operating systems of a certain kind to be bootable under Apple silicon. See “System Integrity Protection (SIP) and Startup Options with an M-Series Mac.”
What Was New in Versions 1.0.1 and 1.0.2
The 1.0.1 update corrected a handful of typos, clarified some text that may have been difficult to understand, and added a few small but useful details. The Introduction was rewritten for improved clarity and readability in version 1.0.2.