If you're reading this list, you probably know that the Mac is one of the best machines around when it comes to keeping you secure on the Internet. But it's also been receiving more scrutiny from the press and security professionals recently, and no machine is 100% safe. As the Mac becomes more popular, and as more services become Internet-based and cross-platform, so do the associated risks.


You can help keep not only your Macintosh, but also the Macintosh community as whole secure on the Internet by taking a few simple steps beyond those many significant ones that Apple has built into Mac OS X. Here's our "top 10" list. We welcome any additions or alternatives you might have.


0. Understand Mountain Lion’s security ramifications before upgrading. Stay tuned to our Twitter stream, and elsewhere for details, and to see if any serious problems are uncovered.


  1. 1. Physical security first. Although not strictly an Internet security issue, the odds of something bad happening to your Mac due to a physical problem are much higher than something happening to it over the Internet. So take precautions appropriate to your situation, such as physical lock-down cables, surge protectors and proper care of data on portable machines (such as encryption of any important files). And be sure to keep good, up-to-date local and remote backups. Time Machine is a big help with local, but not remote backups.


  1. 2. "The only constant is change." Especially on the Internet. New security threats are discovered, temporary fixes and updates are issued, mistakes are sometimes made. It's important to keep up as best you can:


  1. Subscribe to Apple's Software Update and install security fixes soon after they're available, although not necessary immediately.

  2. Utilize online (for instance our blog isfym.com and Twitter stream) and offline (for instance users' groups) sources to keep up with new security issues, implement temporary protection as needed, and make sure updates appear good.

  3. Keep up on updates for any other popular applications you use, especially cross-platform ones like Microsoft products and security applications like your firewall and anti-virus applications.

  4. And of course stay knowledgeable about everything you can, for instance through our “Internet Security for Your Macintosh and iPhone” eBook.


  1. 3. Use a personal firewall. We sell one, so we're biased, but that doesn't mean we're wrong. You need a personal firewall on each of your machines, and the one Apple includes in Mac OS X is only sufficient for keeping you safe until you can get a better one. Be sure your firewall has logging fully enabled, and use a log analysis application to highlight issues that need to be addressed. And, no, the so-called firewall in any router you may have isn't good enough either (although it does help).


  1. 4. Use good passwords. Until the day we log into everything through retinal scans or other "biometric" means, passwords will be the main way we identify ourselves to Internet-based services. Use passwords appropriate to the importance of the service they're protecting, choosing longer, harder to guess (and more unique) passwords for the more critical services. Apple's password assistant, built into Keychain Access, can be a big help here.


  1. 5. Do not send confidential information by email, unless you know how to use encrypted email. Also treat all email messages received, even from people you know, as suspect. Same applies to IM (with certain exceptions like encrypted iChat). On the Web, be sure the Web page is a secure one (look for the lock icon) before entering confidential information.


  1. 6. Never open attachments in email messages, which are more often than not viruses. This advise may seem a bit over the top, but you should apply it as the general rule, with the only real exception being when you know the person who sent you the attachment and the context from the rest of the email makes it clear that that person really did intend to send you that attachment.


  1. 7. Never click on links sent in email messages. Again this is the general rule, with similar exceptions as with email attachments. These links are often to "phishing" Web sites that will attempt to steal personal information from you, or to "maliciously-crafted" Web sites that will attempt to do even worse things, like take over your machine (yes, even if you do use a Mac). Always type URLs directly into your Web browser, use known-good bookmarks, or click on links from reputable sites (including search engines) that you've gotten to through one of these methods. Do not assume any sort of “anti-phishing protection” built into your Web browser will help -- the newest threats always take some time to be covered.


  1. 8. Consider an anti-virus application. There are essentially no known Mac-specific viruses, and use of anti-virus applications can help keep it that way. Right now, anti-virus applications are essentially insurance policies, which you hope to never need to use, but are glad you have if you do. Also like insurance, you need to be sure to keep your anti-virus application, and its associated virus definitions, up to date.


  1. 9. If at all possible, do not provide any services from your Macintosh. In other words, all services in the Sharing pane of System Preferences should be off, along with other services like iTunes music sharing and iPhoto photo sharing. If you do need to offer services, use your personal firewall to restrict access to as few machines as possible (preferably just machines on your local network). And of course use good passwords for those services, in particular for the cross-platform Remote Login (ssh) service, which is often subject to dictionary attack.


  1. 10. Properly secure your wireless (AirPort) environment, both at home and on the road. At home the most important things are to change your wireless router's password and to use WPA encryption. Beyond that, don't allow your router to be administered over the Internet and add other security measures (like creating a closed network and limiting access by ID) if you feel comfortable configuring them. On the road, be sure to turn off or block any services your Mac is providing through your firewall, be cognizant of who's looking over your shoulder, use a VPN if you're talking back to your home or work network and watch our for rogue access points.


Special bonus item (for advanced users): Consider running your Mac as a non-administrative user most of the time. This is an advanced technique that provides few immediate benefits, but, similar to anti-virus applications, acts as "insurance" by limiting any damage that could result from a security breach. Someone gaining access to your machine would still have access to many of your files, but not to most of the underlying machine and OS itself. The easiest way to run as a non-admin user is to create a new, administrative account and then change your normally used account to a non-administrative one.


General security note: You should always have as many levels of defense as you can, just like in the physical world. Think of the crown jewels in a locked box in a secret, guarded room in a guarded castle with high walls, a draw-bridge and a crocodile-infected moat. From an Internet security point of view, think of good physical security (castle optional), a router-based firewall, personal firewalls, all services off by default, good passwords for any services you do offer and encryption of critical data.

The top 10 things you can do to keep your Macintosh safe on the Internet

Internet Security for Your Macintosh:

The Top 10